3a734a871a398fb243780161349aa5b7c436ffe04178a1d6e29db76847d49458

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
05/03/2024, 13:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3022_011132.jpg
Size

1.3MB
MD5

dcf3f68ba1410f033320eed794e14533
SHA1

90bab31dc3402b0842c3c9aa05b7b99db88e67ab
SHA256

3a734a871a398fb243780161349aa5b7c436ffe04178a1d6e29db76847d49458
SHA512

67238178cc2205477848805a23b371ec851cffc501119831315b1d6da7f1f760f6417cfb66f1dbe8c2b26f362e983897a3e6ecf635a34698d20bea6d98efa68b
SSDEEP

24576:FpFZEg6LebUBEg/tOarcFV/P7Z/aw0CwH3AUfiGbMOS91A5wM2prT4Ln5Qj0v2Ya:FHZMLBmkO80P7dsQUfiGbvb8x4LnQH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133541192277511909"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4724	chrome.exe
4724	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 5016	4724	chrome.exe	85
PID 4724 wrote to memory of 5016	4724	chrome.exe	85
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 400	4724	chrome.exe	87
PID 4724 wrote to memory of 1988	4724	chrome.exe	88
PID 4724 wrote to memory of 1988	4724	chrome.exe	88
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89
PID 4724 wrote to memory of 1536	4724	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\3022_011132.jpg
1⤵
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4cdf9758,0x7ffb4cdf9768,0x7ffb4cdf9778
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:2
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2608 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5444 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5644 --field-trial-handle=1848,i,9386808003317792363,9102899645279200661,131072 /prefetch:1
  2⤵
  PID:1580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a625f5fb067f18ee0764afef789b9f4e

SHA1
d776c0f4d90afcb617fc8dd584efc973a9c4096d

SHA256
e2eca0b7ff32bd60f24ba337642390b6c8dfc822d4df89d23bfcdb2beec9281a

SHA512
c9fb2c2a433ddf66403b5fa01b08ae6209f03d10d76a13b9dea3385479c9889fca67ea93e55492a126b48e67529a99084d504671651d3009d7efe902c3de5897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
33a3b4aeb7ff2c1c4b7a50545cd8f1b9

SHA1
d5f955eb35074debefeb397d4e8145d2d753bcdb

SHA256
39637750f6a590b5f1d8cca0909985f784487f850da208911dc52ab76476ef40

SHA512
d842082352d660a41395a4adf9b88a611f5db960fe90146847eb1da507214059fbded18e9e2f7f38a45a5f6fbb7ecf63abf6cec5d82323277f7e658ca41d6750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f35846ba487974c5e284b39866e5aab9

SHA1
611df7ec22ef1f0a4551cdcf7eba719a66bd8d8e

SHA256
6deb4f052ecad5387d696d623858017da6a643ecb9585aa726a99d7dce27ed7c

SHA512
8ac83fc9e72a5a476699bcb39e01af3d8b2c43cad40be9ca9de103c8ce81b2d62c2b565f477befad275aef21877af3a4d8fe67eb4d67a07f3916b323a9f298af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
4f3f29637c3e5db2960e981f30845fa1

SHA1
92e105a528b0ce343e70605e98863e6b2875dc56

SHA256
cae54a45213f7dff5290db07b3ddab5c0fa6a58311c6982c3053aa90ed21c04b

SHA512
568a76a3115016f08a285d22343f031f19ca86cb8e0be6697b6739307f39e834eb20d29ddcfca21c80ef87b72dbfa2fdaee9ac012bc22623c840c907497e4906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
502e128623f09b32cf9f7e696bf47f69

SHA1
9dc852f11f489bc601f8f5ac185ef83cb8bb7495

SHA256
a3718e5c51c168039841b7ca20882191adfcf855911ccb285332dee16349668f

SHA512
08756e38842da568718944b00735c9681091c9282a433466878b11370a5feb5341b95954802c78d32f86e846d2e1ee191470e6ce8e6db9d573196f7f6c6cfd32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
38d7bd09208264cc6ff9aa34ef82423d

SHA1
fee5e04bcd1e6c4afd6d68f4e45a6644674c0f27

SHA256
dea5e604988a834c2abd3434ee2f1d00621eb467a59904dd709b846e6495d3af

SHA512
76f13d33bdf369e79a210706ce73c85247e47304aba4d3dc8e745961925c6504b6cbb024e07a07dd18c769c1c80d86b3820e76c5ee39b2cc99273ab6cac367df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3bc0f5f3e5fe0883246b881b62eb17c0

SHA1
478effe33337b41518034e131b44dd45fbc8059a

SHA256
ed6a087c51c1d37ff621bb48592ac90b1fbef12f88f9848dc68da2b3a466b766

SHA512
df4e7bcd75f7521282493c32baab3a08c57f305321c82f96612f86d98e8f6b4e4ad6169fcc4052401e3df3136a84d5b3b4471e1d06753e03f05c1b7a804519eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b746fc38888a86e29c8e01ae14275765

SHA1
37d12d3822cac63616740791a91b735a21cf3ed1

SHA256
ecdf303793586dca77463b28d5b0e1204f49d71a0809935bd77d7ce7dccf4014

SHA512
e8db6332f5452d742488675d5324d5758513014090d722f4479cf23098b06b170a9aa7c75cf8c1167d71aec6a968b0a8057857f621ad9b17db1844a0ceead40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
12a046767ca92c334f8d1bfc9ec6f855

SHA1
7347c08fa74e68a7e8b6eb9294e6200f46907672

SHA256
4e8670e953f6c49f16f747ea4cd3ead68876cb5b62ed7f1515588b5c33f59404

SHA512
66b58afaeab9e52e89ef6a554dcd44c85bd2991b308ec457d486053ed46533b2232a946e03a3996e556abae54aa3858d2a24157ebc983c9d2cc2d0db40c1abf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dc597768b169b4055551f1f6703fd08c

SHA1
9dd6fb6a98176116d19fc11197e530cf73e8c878

SHA256
e35d64298b5b7d5eebec021a331ea49e2fdb7fa1d5ed9208e74b2806dffbfdf6

SHA512
30713d946dea478fccc008cdf5feb3ab1e3c573ecb7a0c8d113809f2610bed442f10f7000dc3beeec09cf836d7401045bd9a3c63e38be3b102c1d6ad84e66545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8ac5348dcd3e03d5baa94a5b4c9dc369

SHA1
8f790357667df4aac73068cb0b27a443f5e2a781

SHA256
fe3b35312152f48b2d679189d9faec8b213b013d2b03dd5306cd37ddd9c94d20

SHA512
ab5ace763568a46f7a53ace2dc2bd8154c58f79cefee79435282f2d98e7bf99ab7fb56779a36485b2d92ff19fc73115d242eb9bbd1c038c035b18b04a91de301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
020a67a7c91698f3f0724e0c368827a7

SHA1
5ba8e8ee1131ea407e09cf0f1a34b9d568f95b7c

SHA256
96e405c61f06ce288e7f650f1876d642f27ff98c66db642bf8b5afeb8e928548

SHA512
205c323c0066013b11981b828039b2e30a2c0dbc94f0a879a1d1e06e1161b0a6c636d14a4362adc5c9f0ddb6892a08c008b898c3e243aba9af7f229f760b7075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
6579ba90b80ecec1a10610a8443419ac

SHA1
ace765db0c929ca59d4a8749086d69376f04a70d

SHA256
aef3d38fcc0993d05365dd15eee493b87b403e8941645968fca235f4a8ce62e2

SHA512
2754bdd444fc0fc71a8aa981038f8e1b9b2211f572ef81bbbacce4a8867f04b7f96885797971960ffddc63855b2d4222b7e508f365a8dfe4150c0ada7238930a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit