hxxps://powertofly[.]com/companies/expedia-group/details?utm_term=Delivery&utm_medium=Email&utm_source=HireEZ&utm_campaign=ClientEvent&utm_content=Expedia__02-20-2024

Analysis

max time kernel
149s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
22-02-2024 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://powertofly.com/companies/expedia-group/details?utm_term=Delivery&utm_medium=Email&utm_source=HireEZ&utm_campaign=ClientEvent&utm_content=Expedia__02-20-2024

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1944	chrome.exe
1944	chrome.exe
3272	chrome.exe
3272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe
Token: SeShutdownPrivilege	1944	chrome.exe
Token: SeCreatePagefilePrivilege	1944	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe
1944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 3360	1944	chrome.exe	16
PID 1944 wrote to memory of 3360	1944	chrome.exe	16
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 844	1944	chrome.exe	82
PID 1944 wrote to memory of 5100	1944	chrome.exe	84
PID 1944 wrote to memory of 5100	1944	chrome.exe	84
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83
PID 1944 wrote to memory of 3892	1944	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://powertofly.com/companies/expedia-group/details?utm_term=Delivery&utm_medium=Email&utm_source=HireEZ&utm_campaign=ClientEvent&utm_content=Expedia__02-20-2024
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc353f9758,0x7ffc353f9768,0x7ffc353f9778
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1812,i,10169809322426936501,10351646850160273435,131072 /prefetch:2
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1812,i,10169809322426936501,10351646850160273435,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1812,i,10169809322426936501,10351646850160273435,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1812,i,10169809322426936501,10351646850160273435,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1812,i,10169809322426936501,10351646850160273435,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4816 --field-trial-handle=1812,i,10169809322426936501,10351646850160273435,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1812,i,10169809322426936501,10351646850160273435,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1812,i,10169809322426936501,10351646850160273435,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4608 --field-trial-handle=1812,i,10169809322426936501,10351646850160273435,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3e76735d6b444367cce8e4abdd0a7bd7

SHA1
0fe2cda5fa1719df9e3550ccbc1f7a3040092f57

SHA256
e73b6f21790b337629432ea5809b8247860d5dc75db0ec1199035ebe50f33bc2

SHA512
66b720adad3cd5461c3222eb8c5538fed517eecf431a391b0356bd77d607d2b69c08470f3ca8841b1afb799040f2f2d911e2cd195bcba498f83b6ed482d1bd05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fd5d6b0d0f7478521f975d65af8a25d4

SHA1
53e7d01d9ccc99c232ca03f63cc7daa01d380283

SHA256
b6b2c93e37dcc369ff8584f70521ea3f189cff67822da48f740c5d1fa1e92a62

SHA512
a73d69b23ff7ed782d02170141f1340422fffd961eaa975a87ee367b8ddf00dcc7eb8bbadfaeb9303fe4e0141ea576b15f5d3c8bd6e1b9dcbaa5c6768ce6dad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3d2f781a87a8e834905bed8918a56a09

SHA1
be507247c5527d074d2930b6c47c101d7799f49c

SHA256
3bd6fdf794b0d1c9b2c6742478f69307d0297fba3569160d3f66850040ff9368

SHA512
14e035672848a8303d0a8286c718cbed91b32474063c7084f4dba035033dd6f7ab7f39afdd72f9eeac12460fba8aa83dbeb7c7b7c838e774253982fc38eb8968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2241cd4aaeaacfd7d4acdb902779a4d7

SHA1
34525a782209fc72de5dca9e986d4b0fdbe091ed

SHA256
427205bfe54db660d51cdd6612b9d79795f89c0a5e903476adce9b453ec7ffba

SHA512
d12a4f82cfd04731c2a09658066dcc73e1be2b90b50fecdaa7fb3808fd5a8377cc6ed15b158c948953a097dd95b44a4764bead9ba32eeb07ae6102b175a5ca94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9529bcd90c1ec458c6997b2efec74f5e

SHA1
1c17e753989f6c8ea35c536e29d9911bdaade4d8

SHA256
6a8445a541129f953d19b8cbf7fde9f364f675fccd44de53af05d34103f64cba

SHA512
89f16a1ddb823ffa838a0f04b52567ec09ebfa65db48761bb74f6cf824cd91c9fa0e07e52894b40ef7c77f6709a0ac0bff3b02f3f1498a904be9f4e014050f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d4552e330fb1ae8a8f7c685192844d8

SHA1
5c3418b251ba42fade1357d90aade1767d60928d

SHA256
71130f7c26dd2a7a8cb0148e85a4da9b69307cdcc80b42a540ade26ce2eb5f27

SHA512
8b9d1d1afe7eb4f4616528fa44241a15048dc90078814e3aab91ca135decc8e02444942a5c1fe233869b357c3dae71dd77106281f959968b044c81dfb74294f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b5eedf43934d7d19cbe7ed8f807f6374

SHA1
a16f4aae2d442e8f513b882a37cca43affdbd020

SHA256
c0a6ea0f3fbe8538388fab36c033ea728aa58607d80c0d876dbbdca1f38f5959

SHA512
237d096b428dda0323f04135d3868d0065f55f5092c2fd97b8289c533c665affd37901296f43774fafcfabf237a8bc750f7749740520ab59943965a612b8f342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ab07af65a9e64b30cacb7474e9c01400

SHA1
7e70873b912e17e052b6dd997fec8cef673e1002

SHA256
cd154d94a46e893cc9bb384f70e5657d5915e2d59cb50c1ee99d858ccf98f0ff

SHA512
f5ac83b3b9749c3b71052b30fbef3ab575c57e285c18fcbc96b5e4e54a3d28343bcc2e6420a5b7f46c6018614371e05dc53668f834b46664c09f49d141228b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bd1cc5c3cf9bcff52964fbf0b928f09e

SHA1
e93f73fc580ce391ab65593a026230667c1b836d

SHA256
d36803af15e261aa117c5c679af5649a837945457a5d2ee0fc4d6fee7759abc2

SHA512
7cb7ce78d71c032696b82934b68e29e493e86741e52b5bf7e82c16304ad15ce36fa4b651a3dfad1d80cdf40cf28f31b607b3222a53bb49c6225605245222ac31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
17dfcc746bee70f99d13e6caf718dc7a

SHA1
90098df85fbda76cf218ee174376d92bfab82b19

SHA256
638563e0865ae3e6544f498c891fb72acb53ab09713047861fea0aeb47970a5e

SHA512
8a6974e88ddd9bf24758e5affc014678fa444c3f1168eceee52ca1204e0b61714ffc539c2600e4795210743daebb26608a5451767b78cc5a34b9128e41ab195d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
b4fa19186c3e0de3cb6c8e4af6852981

SHA1
f3829e93c3c67b43891bff4198994d41360fa9c4

SHA256
8d314d63dba5bcd27b3691873152bf2aff354e1d9f20b7609494f8bd8e8edfce

SHA512
e41805b75fb3a19e303f46c53e16f2e513ff863282978275e77a45ab142903676a013f89651353abe81d2756d98e9d712a58a2e3236dccccfe1b3d29d8bc4ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit