hxxp://onx[.]la/2e27e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
12/12/2023, 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://onx.la/2e27e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133468761166193902"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3108	chrome.exe
3108	chrome.exe
364	chrome.exe
364	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe
Token: SeShutdownPrivilege	3108	chrome.exe
Token: SeCreatePagefilePrivilege	3108	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 5048	3108	chrome.exe	71
PID 3108 wrote to memory of 5048	3108	chrome.exe	71
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 4152	3108	chrome.exe	77
PID 3108 wrote to memory of 2356	3108	chrome.exe	73
PID 3108 wrote to memory of 2356	3108	chrome.exe	73
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74
PID 3108 wrote to memory of 4188	3108	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://onx.la/2e27e
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe82f9758,0x7fffe82f9768,0x7fffe82f9778
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2568 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2560 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:2
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4624 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5004 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3140 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3752 --field-trial-handle=1576,i,6765465314050717611,6432448316927305585,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:364

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9a77153f8ac94d26d55bd57586f4be2b

SHA1
da494240081975ed7a451f15a42ef6147b58c7f7

SHA256
c54d2685bba28c02d7804cdf80b80d8e04756d7d30e8df4dcdc037855874ebe6

SHA512
29a9012e54d97c2bee313d5d1cf5861ea680938efb801959223d91038c8867cf35ba65ac545edc6c119e6729bcc0d56150bcc88d4ff237bb03291aaad2335b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d88710965052e080207163fa5f0d3c51

SHA1
76a3ca3431c60a78d137f46cb9c7e707566fd0be

SHA256
f0f234309ac2420ce3948ede5372a1f6bce5fe59759e348010e18c22ac9855db

SHA512
4c2407c0de64e9d0ba8e4ba8973af2607af015a3c868152c263860badffdc19a80c5abd8670fe42bcf9295805bee5340df6299a3379df4bb10a35b4691dbf79e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
88583a8f92348e5943258b0dd2476d62

SHA1
848ccf018a83afd51d97e6a2e67b6fc2f0d15c5c

SHA256
2bf92d9e1a14e52638cf69f306258fb0c9cd4bf546a5d6dc0cd4d63330680e24

SHA512
830ca3be6363c8415e7794f8858f4e10e48ada21726cd76a44a6ed5243e2becb434a919f1274bfa3c0168df06a4a9654ffee80dbeacb2eb2ef26ef4b37184dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
16374ded87b49a91b560b1f66578c78f

SHA1
24245b6f72514b5bc641d7e28122d81b28a4a6db

SHA256
91d2526357b39d846f5d2158b11caf4c22fea6698ecafa701fcd0d690a9fe6b9

SHA512
aa2632e832a67dfcd5ce79402c690bb1c10deabba7fcb3d4bbd12e501b7b7aca69131c8856e0cd8311a55845431fcc7138d6873cad0ec4bd41903cc51eb5f442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6b061b97828ee1683813214ceffdade2

SHA1
eb0ff648bd0b5d11125ff98f4415b89139672dd0

SHA256
bafd3abdd16fde895e74b2719da1d1eabf30b50766789f88aa31a786ecfebe96

SHA512
3bc569960c5e5d3d7d80a04a3894329584b8429ded8ae9e2aa9794b136dea936e56c69a8477ec813fdef79922874fd0143afdd94b1add0fcc4ebf98322da74b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f999fc12fc582a283859addc9aa887dd

SHA1
80f75cd3800716d9c9a0ffd6a0433caa35218a2e

SHA256
04d16c87f70264a699a9235cc0629de4f191d2ff7ebd8011adaace3e63de7fb6

SHA512
d80b3804c4d144d27dd0d63ee217bc4288e89dfd9c7939d0bc4c566178920a9984aceb02e8ea2babcdf8604270ba0177707eaaadfd5b9fd3d065d6bbb946c933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9d1f309c373f1ddd5d3d790b170587cc

SHA1
a22a1b777e80a06643e7ed9ef969d76e2c49669d

SHA256
d145cac5a69727004846c3fd0bd30906f56c335a4e80449f383c4665af172b61

SHA512
26da73fc1682a87876e582bad2e4964fa512ba7208016083f0956983a33a04843a17d9e0b4b7cb796ac3faec9768c8f1da8e1b9963b2ed6b314933bd1ae511d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7a81a5606bce0fdfadfe64fb0692d2d7

SHA1
1b6c158db384cf58a3131301a0b961fde8cbbaac

SHA256
5e619d9e5ca0121fec7af6a0b8172eec35159a18e74f064e3f020ae44a8e22ba

SHA512
dfb11e16b4c05091c3efea3a38c47bc9ec9ca21155e9364df219de99bf152902cb18f5fad8f730ff62b0766e14a22025d10c272d77d055078f64627207ac7e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7dc1a1d5b268987db41c30464bfcb49c

SHA1
4d5f6520200e2bf87b5017521056331b90a0b25a

SHA256
2d5d6d514f0e15d28ae0269fcb739a7675f9366a73a05a95cdf757643b50ceba

SHA512
e2d7e1a8d48ed96a2d92c423448a280190b615865de6bbde44b583ecb11e6ee9cc6a302c7a6e77918e25b5abd571e3ea476dd3cfe28f7e82866c2b32b769f2df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
63efdb3c4eef6b6b745207161bc8277c

SHA1
f69341dff1c7a85f37da3cf02fce9ef42917a7f7

SHA256
cfbdbe37fec017e6a2911f6e61165fd5b6cf9d796ab7d016df62c3ebbaab96bd

SHA512
9a475c9eaa8d15c6d31bb1fa80ae35bccea69eb0b2436555171feed06785da4c107282b3468a356436332e9f493514618ededf486021026b4bf2476ac2184612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit