hxxps://xaerstsn[.]coffeecup[.]com/ICT_O365%20MIGRATION[.]html

Analysis

max time kernel
103s
max time network
107s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
23/01/2024, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://xaerstsn.coffeecup.com/ICT_O365%20MIGRATION.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133504528472507983"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1376	chrome.exe
1376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 8	1376	chrome.exe	57
PID 1376 wrote to memory of 8	1376	chrome.exe	57
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 652	1376	chrome.exe	77
PID 1376 wrote to memory of 4504	1376	chrome.exe	75
PID 1376 wrote to memory of 4504	1376	chrome.exe	75
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76
PID 1376 wrote to memory of 4472	1376	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://xaerstsn.coffeecup.com/ICT_O365%20MIGRATION.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff33a79758,0x7fff33a79768,0x7fff33a79778
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:2
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5032 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3748 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2452 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:1
  2⤵
  PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1816 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5032 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2992 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4752 --field-trial-handle=1800,i,5991453210979875325,13300976646069830226,131072 /prefetch:1
  2⤵
  PID:3184

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bf613bc0254a9cdd66bc00dbfb5ff332

SHA1
4cd7c24344a360ba80627c307e096cebfa8aa5ac

SHA256
fe3698ae79462d9d26ffbb2efc25c78bdea0c1d992e4c66535bc837f6c2a6328

SHA512
7dfe4f2b8fb120ac321ffda5a452e7d4a12d0fa3814a7adf91be7a4adf386ecec7b6ca09b64d6c7f7e272f3ad887f6e738f7d10f639ab557b451eebf7791fc90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6d6b4414bc568c3844d227ae091bcc35

SHA1
0c3cb941682e17834ed6be18fd20c0a5c67ab1ee

SHA256
abee2de87374b38216ce7c91969cf430631eba6c984ee4284a33523eedf48acf

SHA512
a21e67d5b903189c0c8d71c1b49ade6b15bb5878009ebbe780a00b6c86a8309b626b787fb0336339cc136f2eefe0120944b14c232e2e2bfb9e0b7ab3c8a106c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
51af9552970a6d21a5b9be07d6bafb38

SHA1
dee11db5814d65469cf64c8a1effbe4acfca5981

SHA256
4ed115dea7b742a54f6353b745ea05e2daac5168c7dc60c0d748284baea741cc

SHA512
20f49b39348717a5c25fcd103f20cf0f3a4de81e74a3f1b2d0b4a176d38378572f3ca931137b364765bf6484e1db71869cbe9a52c3b23c0e48d7b07075e03d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
91487484e6b3114fe1b394f6041f46db

SHA1
2ce313b7e661538dfe9897edc209bb1cd952d947

SHA256
ffbcff0b161ea2ea9e67c4c288458daa652fd5459769c7d63e2e921811330d6b

SHA512
4d848dfcdc781cf0801f02b55bc3253bfce4ec65b178f472fbbd9e7e8533ad0543f3a24e81559d39c67a98634b91e06428a4da35f7693844b55e737023f3369e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a587ce842873de2e0dc9a4b6b0eceb39

SHA1
ff1142e88a2c8e806bd3286e570a7ffd123e527a

SHA256
856df10fecdf3675e6ec762cd0e57c5439a5c4952c617baeba079169ec0c31da

SHA512
c94c469bc7794f40fbd2cac7742510870ac50db6d3666df22e6a922dfe7cb41b0ec03a68851af20ebcaa3b76be254d60634ff04e34902cd849eea85116f4fa07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
027e31ff987d8877ebd32f190003b70b

SHA1
41a83df8d6b01ffad1af63a67345249d8c9fcbf4

SHA256
a033241a656594f15f69fac882b8be71fe6c94f8a2eb31048ff912a017b0dcdb

SHA512
695a13621c134b72af642811fbca2498f758c9726506dda12a730dc4e102d8b7ec996fec1adf5a5176b586676b43adef5798a897b8c985ae6a2ad4317f270be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
aa9efed99e0b28ecb9c7482b47317319

SHA1
613e260856f408ccebfaad6d839a9b06476eca49

SHA256
0ffa2037dab82f0728f7090172a2edc6f23ce2074a58e7a85ce23a65f620ea32

SHA512
ac044d20c326e0c37c43e18611a3b5ca4794bfe058e070cb820592ca3ea491661dbfe13b10127884f4e0d242786ca43ecf5c57400ae94dca25fae3e8868e596d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f38a2b1d53a52b0726ed56a03b81e3a

SHA1
f23a132298c34486c3e4fcf978136c486a343bc7

SHA256
2736974dfd7daa98636b66adf32175563e750774c752d20da8f6d4a2647a59ac

SHA512
56b3a33af6027796024082d975b08e8b724b94af9889dbc4b00ddcf75089060f175c6610b24a6f5ab47cad37f86dd4a58a0d9ca42568c0c6582df4a99615f895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
026f0bf20b8370d3e576342a82597872

SHA1
dbb3a5f0c832ba78193428e0f48757a755ea256f

SHA256
40e960e1dc197e628e31ce499b5843d955641384ae8d50ded5c703652b4ebab7

SHA512
055f06ec8a5e3ff5fcc3ac1728461d0662d651599c05c7116d8b31ff5105801fddcf43ab4cf57151c893b872537e5847e445c6f30b0a908814b6954073e40365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
96f2f5a2910ac693e41cf0913e7e178c

SHA1
1801cf0ff8a0d1b3e5de112c64537babc52c8609

SHA256
609275a34d545f9f0b1b382a28c007b479a38cc8e3686adab13d458d0b442558

SHA512
9e739f087c40dc496a8e0ba9c7951ad73681a4132fac3ad620cd7d86695f39a66d948c80dd8e53ffbaafa7b3e72879ac9742708a6dacd63e998501ad16114bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582a95.TMP

Filesize
98KB

MD5
cffa4576692b1fbab9493875ae25e190

SHA1
ad1e4e546a9ed97b6a40f5b8815aee16f646bfb0

SHA256
c39c921e5ed54700b99fefa77bf09b8a00b8f54106631b81c7d30616692a1a28

SHA512
395b63fe3b1497a9cc83c815bee665e27e7188b0f8a8c74fe57f49e77db071a3de271d5d2a53602ed1b7a2b6ba437ac6e076e71adf4277f0cb63a70268e5cc2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit