hxxps://d5cb7204[.]na1[.]hs-sales-engage[.]com/Ctc/ZX+23284/d5cb7204/JkM2-6qcW6N1vHY6lZ3nSW6wZpYF4PG3pqW1jmMGR1hRK9cN5pdRvLKnxgcW5FygdV8s-XcNW6t4dYH5YZFqVN1cdQGw8fB1pN4qtBCq4783XW6cg1xF4GmmnYW5vF9xS66RrHpW7Dmx2b2DPvcdW15Q1wB2-Ss4hW509hg02-DgW5W7wmRTk97XrXbW1Q-7yx1ntT-9W3p1fl_6cYxWlW1ZYczb7zdJB0W62N5tk3BGjW9W4TKxG48ZZSBGW4Xb7BW60BzbdW91xds452vHDrVRMYzD9jFGFGW7WBPC21rd0Tzf6nr8yv04

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 09:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://d5cb7204.na1.hs-sales-engage.com/Ctc/ZX+23284/d5cb7204/JkM2-6qcW6N1vHY6lZ3nSW6wZpYF4PG3pqW1jmMGR1hRK9cN5pdRvLKnxgcW5FygdV8s-XcNW6t4dYH5YZFqVN1cdQGw8fB1pN4qtBCq4783XW6cg1xF4GmmnYW5vF9xS66RrHpW7Dmx2b2DPvcdW15Q1wB2-Ss4hW509hg02-DgW5W7wmRTk97XrXbW1Q-7yx1ntT-9W3p1fl_6cYxWlW1ZYczb7zdJB0W62N5tk3BGjW9W4TKxG48ZZSBGW4Xb7BW60BzbdW91xds452vHDrVRMYzD9jFGFGW7WBPC21rd0Tzf6nr8yv04

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506480309144943"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4412	chrome.exe
4412	chrome.exe
4792	chrome.exe
4792	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 2288	4412	chrome.exe	87
PID 4412 wrote to memory of 2288	4412	chrome.exe	87
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 4072	4412	chrome.exe	91
PID 4412 wrote to memory of 1560	4412	chrome.exe	92
PID 4412 wrote to memory of 1560	4412	chrome.exe	92
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93
PID 4412 wrote to memory of 4832	4412	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://d5cb7204.na1.hs-sales-engage.com/Ctc/ZX+23284/d5cb7204/JkM2-6qcW6N1vHY6lZ3nSW6wZpYF4PG3pqW1jmMGR1hRK9cN5pdRvLKnxgcW5FygdV8s-XcNW6t4dYH5YZFqVN1cdQGw8fB1pN4qtBCq4783XW6cg1xF4GmmnYW5vF9xS66RrHpW7Dmx2b2DPvcdW15Q1wB2-Ss4hW509hg02-DgW5W7wmRTk97XrXbW1Q-7yx1ntT-9W3p1fl_6cYxWlW1ZYczb7zdJB0W62N5tk3BGjW9W4TKxG48ZZSBGW4Xb7BW60BzbdW91xds452vHDrVRMYzD9jFGFGW7WBPC21rd0Tzf6nr8yv04
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff912ab9758,0x7ff912ab9768,0x7ff912ab9778
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1872,i,8009181121617096130,6780429745041197392,131072 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1872,i,8009181121617096130,6780429745041197392,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1872,i,8009181121617096130,6780429745041197392,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1872,i,8009181121617096130,6780429745041197392,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1872,i,8009181121617096130,6780429745041197392,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4876 --field-trial-handle=1872,i,8009181121617096130,6780429745041197392,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4832 --field-trial-handle=1872,i,8009181121617096130,6780429745041197392,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1872,i,8009181121617096130,6780429745041197392,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1872,i,8009181121617096130,6780429745041197392,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5256 --field-trial-handle=1872,i,8009181121617096130,6780429745041197392,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
325c5bfe0a7d254b143bb45d159c337c

SHA1
4b27a795fc9db2758ea92ff2d06825d02ce4b46c

SHA256
16f00f42c7917e5c60d1549092c0126a0aa720eb91f49a4da6b00b53ba84a4a3

SHA512
53c71dbcaba10d5a20a224d7da2fe1f7ee5ebe0a053ecd1c8e5ae21a092b156718e57711b88c956f4de33b6c33a43da5629d5d5d78b97e9b15bf234b50f897fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b2aa457ee6aa72d2ecfe9b6275bfee2d

SHA1
05d56681c140addd68bfff1be7479bd4d61a1660

SHA256
d140465bedd19b01f6b7a34fb6146a838e28ad2a1fbbf17bf91738e2fd847d11

SHA512
ce30f9b9da0149e245548469dba90fb92943933a57903158b10f472ee7c062fe5810b2ecc016d2153f2c3f47c75b65f898c92c7c8884c9005236161c7c03de76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1600d235f8fd9347c23d89fc6de1ef13

SHA1
a5864f1fd535f15bb6e6b6cfb45804ef02747cea

SHA256
e85336348822b05cc40ea15dbd3e3a6a267bbef5c7b51241a4679d8ca9754b7a

SHA512
253c3ab1375bd0b022a6f09218b73284451448cb81c4c0e485646090f1555195e89e722998aaa4168010532398411add3154dc59e6b6c59becba09e512f2e194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
2e075e5195223c922e53e72ae7de90f5

SHA1
54ec899c8d87e182f78ec32d4177ed291bc8eea2

SHA256
56faad2e92315aeeeef782f74256791be28c7df4f619f593fe18176d66e89fd2

SHA512
ebc28f8976ba2b6500cb046f987773728ca2e8e3d38fa56cd5edc34be869229a50a5026a842368b7db77dd659c634ac788882764e7d3355b44070b85ffddc7fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
fc8f91dc1a91f404ac306a18cc820bb8

SHA1
0c41a524eea8c1d789348301752035122f6cce20

SHA256
281bbb125ee152ed8ccc27b240a833b6312b480e28d1c75633c21ceaa3e2f664

SHA512
c49d95cb6888cf1ead78ec54da66766b7b93ad4dcacb1990b9ff908a56504f4bf3570e72032f17850ad9b173a81a76969ba9a517b8843e1d754077a219caee92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba3947f0b1f727ddfa015ff266f8850a

SHA1
6ab19bc5d9b2529ac01173cb19c489df50126be4

SHA256
a8cb885db48740508b027841ef3bde9d8ba461f471e5d19918eb2e02fd6f2ff4

SHA512
99a72a83ad668f61adb897b110bef266f151e9528972bf7628794aa97c2eb659a34ca1f41087a085039c01650b81aa2fc9fa595cbc9a77cd54182550a50ec9d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
434f7ad8adbfc85ea8988041d86b559e

SHA1
57089d4779bca4ba5f0185b5d5f342939c9270c4

SHA256
bed599f7503236e30c17c2787164a600eaf390806b01e7113fb984dadf781406

SHA512
7e33ddf30938042d98c4ebb90dcbb8b3ea0fdaae40ae327496ae3252a9360afd1a9d6b29780ef6eaa924eeb2cd3e3cc947aad0faa16e9ad357ff1712d5de7a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cfdaddc1cc464a7699931d38a5f3b8ff

SHA1
bb0959451b905bce4f0495a244d8e3ef579bed3a

SHA256
4fdd65a729d09d50eb07654c7a5477e1099e4dc13fd3877e0e49c669b7af7419

SHA512
a40c13d6990958d6797559e4520b0ec323176f8a87f99db55808c891f103045943981483da3a89923fdcdf35390e05c7d64de2e148df176b16df00abefce2068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b50ee4e12ae0b2a56825e37bc1ada2b0

SHA1
e7d1f220f191d17ce793149a1ca3545ab156388e

SHA256
7983ea6af94979d2cbff1dd2f803b5440039f91a8937bfba8a93b20f437a0de4

SHA512
8fdea3bc34716c99e0e74484cac287da586f6b679d89e19fdf0549a099b5e1549bfc1c5c6d021bb23e258f36f329754869498eb7ce02a7e0eb0c7099dddbdd65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit