hxxps://email[.]delivery[.]shopagainmail[.]net/c/eJyM0DnO3DAMhuHT2J0MkdqsQkWAYMpcYUBJpEfBeIktBPjn9EHiC6R9yLf5amLMlTSPnCBoAO3Qz-MrcdEBiSMUG3OWarIJcfaafTTZEY4toUYDgAECWJwntl5MFi-OMwSrB6srv9tvPr-m67UftFDbVmrvaeM-vtOr9-MazLcBHwM-jvb50Fb2rZ9U-n5eU9nXvyfzkMrr8kuOAf1FT3q2OpjvxSORiKgYWJQNPKvonKhgxZmCVbTkOyh38GPf-IZ-AzgH-pb1Fl-1eICsGJxWVkJQszNeBYoVivYYI40rXxct_Gw1_df_mWrbt598nl_W4mD18m-Dsq9jT52v_icAAP__FFxznA

Analysis

max time kernel
47s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 19:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://email.delivery.shopagainmail.net/c/eJyM0DnO3DAMhuHT2J0MkdqsQkWAYMpcYUBJpEfBeIktBPjn9EHiC6R9yLf5amLMlTSPnCBoAO3Qz-MrcdEBiSMUG3OWarIJcfaafTTZEY4toUYDgAECWJwntl5MFi-OMwSrB6srv9tvPr-m67UftFDbVmrvaeM-vtOr9-MazLcBHwM-jvb50Fb2rZ9U-n5eU9nXvyfzkMrr8kuOAf1FT3q2OpjvxSORiKgYWJQNPKvonKhgxZmCVbTkOyh38GPf-IZ-AzgH-pb1Fl-1eICsGJxWVkJQszNeBYoVivYYI40rXxct_Gw1_df_mWrbt598nl_W4mD18m-Dsq9jT52v_icAAP__FFxznA

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133455870417094243"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 1540	4864	chrome.exe	21
PID 4864 wrote to memory of 1540	4864	chrome.exe	21
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 2476	4864	chrome.exe	86
PID 4864 wrote to memory of 1032	4864	chrome.exe	85
PID 4864 wrote to memory of 1032	4864	chrome.exe	85
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87
PID 4864 wrote to memory of 4528	4864	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://email.delivery.shopagainmail.net/c/eJyM0DnO3DAMhuHT2J0MkdqsQkWAYMpcYUBJpEfBeIktBPjn9EHiC6R9yLf5amLMlTSPnCBoAO3Qz-MrcdEBiSMUG3OWarIJcfaafTTZEY4toUYDgAECWJwntl5MFi-OMwSrB6srv9tvPr-m67UftFDbVmrvaeM-vtOr9-MazLcBHwM-jvb50Fb2rZ9U-n5eU9nXvyfzkMrr8kuOAf1FT3q2OpjvxSORiKgYWJQNPKvonKhgxZmCVbTkOyh38GPf-IZ-AzgH-pb1Fl-1eICsGJxWVkJQszNeBYoVivYYI40rXxct_Gw1_df_mWrbt598nl_W4mD18m-Dsq9jT52v_icAAP__FFxznA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff894c59758,0x7ff894c59768,0x7ff894c59778
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:2
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4704 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5012 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5860 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6024 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 --field-trial-handle=1896,i,9720829728482553795,3570863218024036055,131072 /prefetch:8
  2⤵
  PID:3756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e8a9cd1fa01a68c179bc34998d40f2f6

SHA1
c7af701b654dea4a9681d29763f992324a9237bd

SHA256
f3e36d0ea929c451030396cd9b27eeed0f046d7f3b17e64d88fa3104b16a0009

SHA512
c1048525a2652c20a6bfa9887562231b658e5d3a25a9b9368b145d48810835b34634613155400e40a60632bf99c5279ece1505f4109bf9c18db3e989f69d8776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ade89da0c16983c1f223359a01ec31de

SHA1
96042df69c10acd1d49aea32f35191d32ee599ba

SHA256
3552b2b87268a224d77c2e7a5a591bca76d1de9f7ae1c3a92126b18535faec30

SHA512
8066bdc8455ddb00a6c4134a5b8d95e60ba62944128dd19ae1d5e1f3aefaea5e9a13c1d9cccac4a7f7ad5e6a7a852a66211fcea98e45883b4109f9532969f4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17265ca1c0a09a47349864d789b5aeb4

SHA1
026b720518d017cb2be9e5f9cd74f9a1beb5d81d

SHA256
9ac1c11a86dba179a3134955b678575c7d00fc3124ce3daddc1315d270c70124

SHA512
6e4db4fb6be5f8dc1dc6b4c7c96e44b6791994589c01832cd0f87be70b6864118248f0affefdb6700b7fbddc2588dc8ef47c6db486668288aea2cdecd12ae990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
35b97d38f1470fde20f9fd9fb88b93cd

SHA1
8ae9318c86458789141829a23f5d7205aa961598

SHA256
5bc00bdcaf20a813ce12a6146e9b8b042081a52c0b455742cdcffd55893779a3

SHA512
dca71986c7f0325dc203b7748c928d816c724fb2c7748e96a9307efaa1319dc04e27eddecdd4fd0daccbc417ead9f608f47c92bce57f350d26f3b4b19833bf06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ec54a81866378965dbefa40df8393690

SHA1
7616db649e307a05496ebc23769b067cc0784140

SHA256
5ef3500d89805f296feded89e484a1d5df12d9cfa0fb1fb66f2b226925628a1f

SHA512
dc63c4e71039374fea8783a01d1cdcc9dbe88cd7281c2034e0c357285476772e7ec292a9f6299aeed7806b0b45ff5f64b22184c98abf12404b14535983049f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
6b56b90b9cc9d97a32691c97385dbb2c

SHA1
d9935d778022d42e3b2240dfe82efb224176b477

SHA256
35be7923b80f0728d14cf3f740fe0525b37bb4f72126f06a3af495cc0949e6f5

SHA512
55fcc46f5a93c88cbee6f0703f0f93604c3702c74151cbc7f8a315aa734e661acea7866fc944282d4b92049d010dc8daf0e1ed647e52bb1f201f52d5712e4aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
48b3e3301e80209274dcadad696d60b0

SHA1
7aee42d3fff4e8388ea016ed7dd0b6df817858d3

SHA256
f5a6a0fee46e2a27e9334690cc6a9cdf05e8be82bd589e132a1bed1b742ce226

SHA512
c280b258f088ee375f959d7eb74c25f05ba7d6f4b7352b2681cd06621d70f0a4e405d550699c2b45f3e74a2f3ceafba5004fc63e7a6b3439e45e821a16d9ef5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
dd1e33d16e061da93fa4a567498cb8dd

SHA1
d68d333e55fefc6363904cd2a22ce212877ecfe1

SHA256
b37fd49e62382f034807be91f6b6d5d016de40e824242e61d50c956593171b2d

SHA512
ac3659a4afda932c18dbda57df48c71e16e37a7ece0341f80e111d09fd27efc5f1d8d406e4619c92a9de88285d891473578546418a949a248b4720c7516c3acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit