72b5e76a8256cf479be8ab736165302405cc399be066f8b9d7eb1ba52520e3c1

Resubmissions

03-02-2024 06:55

240203-hp5czabeg7 7

03-02-2024 06:52

03-02-2024 06:46

03-02-2024 06:41

03-02-2024 06:38

03-02-2024 05:47

03-02-2024 05:22

Analysis

max time kernel
152s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RAM.zip
Size

31.1MB
MD5

4ba0b2f8488848eaf1d1bd62d99deac9
SHA1

350abba23726ff7e4b597f72f35e17df33d4eed9
SHA256

72b5e76a8256cf479be8ab736165302405cc399be066f8b9d7eb1ba52520e3c1
SHA512

d698ce29c3d1244b53d244588989091c32d8db97c965fdd457e0f441390c198d5da0b54d72588f5d1db6af44e14227593ecca8af4305975afe22a21021e9d225
SSDEEP

786432:V7g6SJ5g4xZv3Qn4VZ7Mt1dc83+6HJe5XwG30RX+5z3xoO5iIOt0M:V7g665g4xmS7Mt/V+a8XNkRX+BxoO5iH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133514165412013555"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3500	chrome.exe
3500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 3132	3500	chrome.exe	103
PID 3500 wrote to memory of 3132	3500	chrome.exe	103
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 8	3500	chrome.exe	104
PID 3500 wrote to memory of 4924	3500	chrome.exe	105
PID 3500 wrote to memory of 4924	3500	chrome.exe	105
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106
PID 3500 wrote to memory of 388	3500	chrome.exe	106

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\RAM.zip
1⤵
PID:5024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4880

C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe"
1⤵
PID:3480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe95d49758,0x7ffe95d49768,0x7ffe95d49778
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:2
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:8
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2808 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2800 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4204 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5364 --field-trial-handle=1928,i,1122264108922371288,3186350369359854322,131072 /prefetch:1
  2⤵
  PID:2248

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2192

C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe"
1⤵
PID:2892

C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe"
1⤵
PID:4812

C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe"
1⤵
PID:4000

C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe"
1⤵
PID:232

C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe"
1⤵
PID:1796

C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\New folder\UnityCrashHandler64.exe"
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6a141fea-7b27-40fa-ae63-968eb5367a11.tmp

Filesize
6KB

MD5
21e40e1751fcc3d93e970a6f776d7ed9

SHA1
2c5925230d7499e62c9f1f0f62b8eee13484dd9b

SHA256
fa9697402836348512a030ce4cb9a2fc55f298b7d40afd0941707138d074d089

SHA512
e6dd6f84cc8c69f3cabd5e5ea8724036d0a784a581844eaf5f85fe9bb7305abb5942681f08a5d609a4b495b7ad9543079a1194b991f7019fe50be3aff1697752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b96c381434deb91148bb85c53adf4129

SHA1
5eabb5fe9390a84d80c2617c863fb763213c385a

SHA256
100db928d55550888d34f2692925a8cca29b2e8ea469e4f0a1e08f1e4ac59279

SHA512
b840642056f01d81692ec3a4bf1fa22611c2ff6897957ce0102e772a7a8a43ce58f6b53a254915436b660ca87a0b689507e3c40e9128ca5841b3634d99fa6bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
89435a59fad7f166d084b3b2513354d0

SHA1
77a89b76d3ec75403317f3d177a191a2fcb3e8ee

SHA256
b7c14118797dbb5cae7de3fd8943ca5e00a3af5a62dcb8519c4b82fc156b46cb

SHA512
d01e9ee5b7ae563ae9a5cacb28e9d47dd4d7339aa80c714d10e521c3878f0759c89f2001870a99afed56e0b921000fa0de22c718bcd74bdae94a71b81fdbd347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
715da502c6fb853edeca5ead6a181e9f

SHA1
4deae1207b1883a69f47eb6a2072de9c381eed6e

SHA256
b4559e4bfdb0a51ae1e4084c0bef31135d30e68fce37ade49bf72f616c0c5c35

SHA512
8a55dc5966464a79ba8cfcaa9b874e2566e60b30e16d9b98f92476e6a00b3076921fb59aeec17694a631e721e58ac6c2353883b5373c9531f46a974cc0125d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f73fae1eb6cd297a6cbb6f9915c77e08

SHA1
bf6eff5f9e8a3ccf06482bf59a283ebbbaffefff

SHA256
b0b70b787a7301efad1a8fbe3e62c9353401b169112f94f0246b95145a3736b7

SHA512
7f3f93360721848bea43163de6a07d3a789e81d207f60b2406e1d2d6303ba02350cacc0c9ed1b700c2bdc32cc7f711583e81a427a64f3a94e0064013bbd69b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
77a8efd2cf11e1664992662762d6b1f0

SHA1
48a06ee350c27e7ec5f9dc614b45452ff7dc419c

SHA256
c11557233f5e52c75c9da9ce9dd329b7ff6418c4f7ad1c46a1c22ef88c86ce08

SHA512
77a6224741d9f5286af0120639b5294d4bb7a4d821fc88a2736b997e07d2522804ec4467d62ec66ae37748584949135bcc8269dd3490d5e3e5bfa6f95b4a24f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f93cbc9dcb8db1853f0cfc9274380523

SHA1
fda8ba0e4747c2d472dbd14fabea4bf57bb2f7e6

SHA256
631669a8becb74c0b45ec511b25db88142aa9edccb7e73b9cf7c29f55fae2d75

SHA512
9d5a0d5d17f2b09155d811800187fca51277400d6fb82edbf1169022805730154c95bf15f169332348c627aa9ee0ab69fd8f4f3e8ec8da764fe32e641e35ba39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
b2c3e6a217686303dc72c90c83e624d7

SHA1
ec330dfd691dcb61aa1a06a4ac7d019d8c032721

SHA256
50b68c5a3ef6c4861ec730486e7a5059c870f26a889a93d091c2645f2be70e9e

SHA512
177280065bf7d7132f92bed71857d3a616f2095ce989a719aa05639f888133131bdaadbae591e0bd2b845b3146e8357b69b0361083ae2a4ada3aecc66a4d803f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit