hxxp://goggle[.]com

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://goggle.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530001046800145"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1280	chrome.exe
1280	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 4856	1280	chrome.exe	68
PID 1280 wrote to memory of 4856	1280	chrome.exe	68
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 3580	1280	chrome.exe	87
PID 1280 wrote to memory of 1720	1280	chrome.exe	89
PID 1280 wrote to memory of 1720	1280	chrome.exe	89
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88
PID 1280 wrote to memory of 3368	1280	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://goggle.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff801409758,0x7ff801409768,0x7ff801409778
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:2
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4092 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3164 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3948 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3048 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5092 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3992 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2328 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4188 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=916 --field-trial-handle=1900,i,9902873579625290513,7002371209324068847,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2e0b99bbb781902f03ebc69ac9a7321f

SHA1
abad68dfe1e3dfe4de0eaa66207a7252a0aa729a

SHA256
25531d5d30523f05083071274e877b34ac438bae76bb0d956cac56276c0e9373

SHA512
0881a79f5656ddb6992c721b363c3b31b5d4151805130a52bac23c924fa0c88de5b8879581a3982785fba59251c3c0e90c1bd1cc6f4ef48eccf3ef99ff74d965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ad533693e40ce02be3e8d70f67493290

SHA1
2491b3d37a5657cf59f63e98e9be4e323564b746

SHA256
84dd753a11eb960565105e055c2a7ec5a27d5e79e8393cd16df48d340300af3a

SHA512
dbd687ca510665d088a12113e3d3712d6c0059fe23afd84b1a502eec5b115316fd13d51dc52a003e365c5edf24ed2af30a7108b228feb06117693c45112d6fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ff23191362dfdc3fbb3f2d3e0de85c86

SHA1
3e22a0c4b8a4f37e3b8f78cc6aeee0ff393f2093

SHA256
2e2a9da9b8f2744a68a9e337378cd5a5b598ff5403b5068bb3d89bfc7fab39f4

SHA512
89a7a2359192133a7992b81755750eb6c6b5dd0286c60b4d9ae765af101d1b557dfd03d8d3fcc857ef57489b81805db91ff0f2cc6a141d95f8c8e20cc924e2a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9c06114ef27ba01b35b31f9698cadb5e

SHA1
b07e261068f79ad4fbb4482beda0201b32951329

SHA256
86d970cbb947ec53168d119950dd64da7cbfc6b1156664fefe5c8e6c5a8c606c

SHA512
cd4a8d2fe9031ef97c5a326bbe500da1e6f9797b4c39f4c94236c02abc4aab8099c72474a1d1bcfb3fa8a7c065f9bea00f02db85a9b468ac5076455f44c3cdda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0c7c5728dc168b630c38f8ed65da587

SHA1
c77bf18517a5001ce2621241bfd8881e08830599

SHA256
0513c2230b379a1e20fd66393fd12d4d8388ef5cd428b85c7e8a3db35dfeae9f

SHA512
af78eed6c33d1b6a4388aa36dd1fa621b9c7bbfcdb3434df6630ddba2eceaa80c6e066fc5794c87592d050ed55859767385d26478818f3f6b063d1beef802dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
65b4842863ac13f67a1456ed97faf8e8

SHA1
fa8c630abcb90e22ebdfd23a2848e8f5d874c3c2

SHA256
895db3466ae2a2e27bbf1191e4f12f8b4a3d2ee49dd788f0d970d07aca8d41d2

SHA512
742f10beb8421f5f8729c483553ee9394babf6f729652b772262c13e8e56a485feff66ad93fdc134604a8463edd69f07f8dfb68a9175eb0dfec0184652ac8e00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit