hxxp://shahee4u[.]cam/category/%d8%b9%d8%b1%d9%88%d8%b6-%d9%85%d8%b5%d8%a7%d8%b1%d8%b9%d8%a9

Analysis

max time kernel
299s
max time network
276s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://shahee4u.cam/category/%d8%b9%d8%b1%d9%88%d8%b6-%d9%85%d8%b5%d8%a7%d8%b1%d8%b9%d8%a9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512277539838219"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3803511929-1339359695-2191195476-1000\{3C06E86D-59FC-407D-A157-256DBFB7C8E7}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 1644	1448	chrome.exe	86
PID 1448 wrote to memory of 1644	1448	chrome.exe	86
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 1012	1448	chrome.exe	89
PID 1448 wrote to memory of 2440	1448	chrome.exe	90
PID 1448 wrote to memory of 2440	1448	chrome.exe	90
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91
PID 1448 wrote to memory of 2436	1448	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://shahee4u.cam/category/%d8%b9%d8%b1%d9%88%d8%b6-%d9%85%d8%b5%d8%a7%d8%b1%d8%b9%d8%a9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd09269758,0x7ffd09269768,0x7ffd09269778
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3820 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5260 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5064 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5916 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5796 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 --field-trial-handle=1880,i,13897837053302166033,9106191457672862512,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
fdb927fd00b22571aff2fa5b674e0a0a

SHA1
93d6c0cd59d1904a3cba2b14cefe89291c30cf34

SHA256
7221023074061de5ae03a591e7bd00dca2fd3d706827f242ff919f26cf232122

SHA512
e6a7650bcf621fe0f6be5751b5441759a39dd13e61b21871c7d6c5ba9d5839e30f609691e7f092daa0050c63901225671ec38c3868f70f2de6d2ad3e3c800f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
26KB

MD5
7ed7d635d0f5215a32a393202ea7a628

SHA1
e04d5867f3a0dae63633baf8cee4c52e95ab964a

SHA256
ae7f7fe9b62a9e6b7acfeaad4884a0873e08430aa25183bdaadd5949b5febc00

SHA512
deaed4a0687981945e4bb0aeb679f806bb45ff33fb5e2524e5c2f1c88db75844485770498c552eba6f31e7debdc9c816bc846ff01ce1ef0cc6c7d6d23ee041f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
f912a8988e8ae5a39a533a3657b4b0b6

SHA1
eebd051142d924b83dec66c07c3115824d59b3b7

SHA256
d3f1923007321d1ab9debad43b552fbe44314dcf78e2d4c861823a4f30cd8197

SHA512
cdad204165bdd024b4a547b399e88380f3a80c890a7c4a86dc799bdd388f9e390553a3f82417bc724ae14bb2c045fac993475ba6a560e9ea3012906703bd33e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
26c510b3aba1959dbf6477c561e973d9

SHA1
f2562b3e235a7fa20c7d62afcc5b7fee43ab29fe

SHA256
c1f215fc23b9ce5f76e2efd8261e0807b0ac99f7b541c46ba60e6eafd7f4faef

SHA512
b2e2bcdd53c434f4e7d3475846488a0ce59afe29497a2a623c20215bac89e9c260d12564b7619c1028e3d693bdb4ad60c642b23345d44ce1cbf8c95b3e6eb3a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
64ffd0ed339b8b2d2c1e8c97bd7e5af2

SHA1
9a0b176c70f589b3d3250c8b7f4bdff6a4a0297b

SHA256
b6b9a3a6207f26f8a1c85716ddb289f5786d1cd9c2436324290bba0991c76b7f

SHA512
80bf0d7e564d032aa4bb89ec33e5139048c9b2ad820b914c45098585f505a9fef8681eb22fe1b76034f184af8b107ffe23e52e59d8570c018e951d71d24ab03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0acc1307ae0924b34f64c9273064d7f2

SHA1
cd4d727c7cd023e821ffdfe8530ae5e280a3ed49

SHA256
e7e929d415cf4d8e72624472a7a03bc717e85ee7a8a4aee9632b3f678d2bc625

SHA512
588fe6b1a62cfbc8208a359a618d0662be5b698f93c1c9cbbb8195124ac4e3b5b28637bebd42ff61c801357812bf33332b9f71480e1f4fe04c36c9b42168db3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c87db9bf4f897033b543d826db7e273e

SHA1
58c75a8d9e0670f75d46622200bc8da8be4ece2b

SHA256
5595950a5b485533be6fbf81a32fa63d80fb8f47eb7cd786fea6eb4b3aa55951

SHA512
eeadb5a2dc7c393a7f09802519b485c3aff30d7ffbfaf522d2631a87e1bfed2a75518e6961739563e0d2059c672afbf60c14368e14011cf22b36907cf81b3479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit