hxxps://github[.]com/pankoza2-pl/JSON[.]exe-Malware

Analysis

max time kernel
183s
max time network
184s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28-02-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/JSON.exe-Malware

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536068569050676"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
996	chrome.exe
996	chrome.exe
3000	chrome.exe
3000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
996	chrome.exe
996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe
Token: SeShutdownPrivilege	996	chrome.exe
Token: SeCreatePagefilePrivilege	996	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe
996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 1396	996	chrome.exe	79
PID 996 wrote to memory of 1396	996	chrome.exe	79
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 4964	996	chrome.exe	81
PID 996 wrote to memory of 1460	996	chrome.exe	82
PID 996 wrote to memory of 1460	996	chrome.exe	82
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83
PID 996 wrote to memory of 836	996	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/JSON.exe-Malware
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd4ab9758,0x7ffbd4ab9768,0x7ffbd4ab9778
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1608,i,9116052657788794479,10206343842410077193,131072 /prefetch:2
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1608,i,9116052657788794479,10206343842410077193,131072 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1608,i,9116052657788794479,10206343842410077193,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1608,i,9116052657788794479,10206343842410077193,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1608,i,9116052657788794479,10206343842410077193,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1608,i,9116052657788794479,10206343842410077193,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1608,i,9116052657788794479,10206343842410077193,131072 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1608,i,9116052657788794479,10206343842410077193,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=824 --field-trial-handle=1608,i,9116052657788794479,10206343842410077193,131072 /prefetch:8
  2⤵
  PID:3288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb9b522835a8d21852836c2c80638e7f

SHA1
d8806d304b0af973d05b7e8231ddc46fc89e9a59

SHA256
46a0d5040e2d4e8223816e41432920bd15a19d6f84d184b7b02bd4de7ef65d3a

SHA512
be1428ddd770ebd6c9d4b32337debf4c97fa47abe836272336c4fe271a7e3e97f942d5eab63a154a50a3e1640b78758120b1342cbd3b17c9d1b4d5ab1d4d77ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
59d9cdf0cc89b334820e9d82427eb12d

SHA1
03c427175c9b5ade3135fc6cb1099b148e69cf64

SHA256
7ca4007ae0d0d5351d43d7a8e048cb9a3b8baf1c8a231798c4bd0485e1603bb5

SHA512
08793995da3b59b101293ecf6e4441c7279d0c4d7563d76b19cbe6a24a7507e8c77ebd0bd2d6ed353732ba454d939295243db4903790f7e19069e0271c2ccb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
44b636015018feec96db039d97cc42c4

SHA1
10861442cce84e7d48816b5579dbbd68f5db40bb

SHA256
2d0287ac478375ff449d7f595d1ad86d2c6f628bee45325911b20605ef104af2

SHA512
472a51803c57116bd25b39b3c81a718e64ee496bd70f7ff77f9ebe053487cf96a865b3cd4bedcf142876fa71f6285a322b0ed98391ac6619339646a88a47e8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
161f90ac1623f2c07a1b817ad4a66790

SHA1
cf932923aca1ff21f7d459078603f0e8b7b11993

SHA256
7210a05c07dd1da86a807f11b3285063e85ee9e00c95b084c6cfede8cb404097

SHA512
9ac2d912271a9684d3bd91f8c83c42efe010e50a0961805fe6929a8a9889fdfc0b8498a0c8965af565037a8c44f78acf56c28cf096fbc41142c474b270033f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a36b785135897901ca2004e3173398a2

SHA1
7d642909329b1a38b7769233dc69d9089a374460

SHA256
e47a8337762d6fb020ff6cf5a0ae89378ebf55530fb7de7bfe45e2f7398d46b2

SHA512
c2266c4b669e5f75dacb86aff3be9931038645e5abbc7801f1f905f62209bd2fd0839c830fe4587da2689e6e0874eb253277ced5c10ab840132bc62fb157b9a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d47ede02f0e81a09d400e3febb6222cd

SHA1
555d70ae37836d7646038486383b1367a5be01e2

SHA256
a7669909ae1bbdb3e147cbfd854969abc237275eafa8041611f3788b8387cb8b

SHA512
2ad58239bff54c626edc91e36a98adf87355394e4500e09ff798698c7ab02ea49fff35074ddc15fabada28bf543bc92fcca1987495d4b932e32a7709199bb9ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
976af2a134068e891e5b72d3d872e00d

SHA1
6a7b08e1d9dbf40e5b62b0ba4bc070063d40ba5d

SHA256
dd802d95a254dd511d60bf79c2b8785b8b61294d82ff901aedded7eb3021c6c9

SHA512
12d3510d43ca9ce35bcc9addeb022f9f30222e1ffb14f122d7a63d2e5857f3478c208e74957597c893948d8b1650c98f3a1874214d861327743f0f51d1b513b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
29d220e3fa2c150d1bd4e4a78112c4fb

SHA1
25b96e2d3abbbedfe98819d3312ece373efa9de1

SHA256
e5bedf1f62d295cb31d7b315b3babdabfdb10bc75d8f95b8e1b2d09ed875c2a4

SHA512
56b667ee80bdbc89efd104b8fb45f290ee444d7acc8106ce7cf8c38e9bf1dc8d1c5b479f6a59821b245db0d8720c92c57417331f472e1873e27bd9bb9a1fd079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c8c8f334e715f58d85383d852632e564

SHA1
e98aa1fbbeb64a0589f3da96017daca4ad99dc9c

SHA256
d4af6d50eb023316f655377db4d59417c5f96e694165eba72f9c9e88ca7d44d1

SHA512
023e2fce5c0c6728ec9a478745c32caf2d6c9062c0f0f87b64a470a5975bf0151e1b19fe7c8cb3cc59dc24c1701f4e40b823848fd5195e05a11215559ba6bc12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d1f6cd3130be493f5fccec5cf0c312c5

SHA1
14196c79d26c402a9facf16c005fac2eecd24ee5

SHA256
ee2adf063167516e4f9193c4ad797ca962cd21cc7f6f0d2f27662f8174ecccf7

SHA512
6acf809dbcda902e90947cae40187ddbb9b82c8bcce9a1134ad7639032ea5ba92560683ad19921dced453e2c00c7ccbd3c64a6eecdb6a67ec5cc7fe2c276af13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
66785748c049fcb86b09a342a66a2461

SHA1
1a7efa0560aa11ae262b3f3e8568e6de185cb68b

SHA256
a8ec79c050bf3a93c826ec5727a9d616d81b2fd725699de4ffe40df8c55e7076

SHA512
b94d7f15dc6286a1cc454246719a04df5841900beb4b58b38e750ce0f858b6085e3a348ac53fd59aa4a72b8bf4b31fbbfd8319c25d9aa61accd3a719d9697dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
0ab265741279e5f477098bb11018c8ec

SHA1
27b61e05a51949f2608c7bf3b31809527698ef29

SHA256
a8017b1fd9848802bb5509dfaf5e4c48f595bb3a2c54245e0d41d76d087ee987

SHA512
db927100453ed9d167067168a7fa69fda9d80e69f96d79aeaa7fda64c8b82c1acf804a168ddf54a914116487c2896968423033964afe35f76e26a6661e0d753c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
c03287583c12936bf688c11e10346d7b

SHA1
d809eaa21e31613e0653d1fdf6c71824a9c0a20a

SHA256
fd851402100d0f077f2175ce2233f97d7fa7dd1145db7b45f2e3c8f8cd9c2ec5

SHA512
9243bb6a99c07c90309b7f132a9ff6d036fe944ca00ab89104336d12975862584895a39f3ab753a7a0f2cc93bae3362c37287ab6e00d984835218e51f33aa231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59f42a.TMP

Filesize
89KB

MD5
48b87b662b0e888e976b9ccebbb7d479

SHA1
13f98f43b80096e61f47f1944cf894bca03c509e

SHA256
0e2b05e70568824c6d789f02582ac7325921daa46ed9f8439ad636d2e3c6d0b3

SHA512
553fbb62f8023adc800ab3168d382628d09fa35700d8edad3ecc229bf031f3aedae68ba54d0542f495a04c73c3e13b595454cfe20b935b5741a4839c6f9d268f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit