hxxps://br4mv5xs[.]r[.]us-east-1[.]awstrack[.]me/L0/https[:]%2F%2Fwww[.]highradius[.]com%2Finsights%2Ffinsider%2Fhyatt-vs-marriott-financial-analysis%2F%3Futm_source=email%26utm_medium=enmasse/1/02000000p2fo6196-efnlhff7-950a-79gk-eifq-mn0pkvh7ddg0-000000/28hFmUZS2FZycjELlMpl4QY8gdA=364

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://br4mv5xs.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.highradius.com%2Finsights%2Ffinsider%2Fhyatt-vs-marriott-financial-analysis%2F%3Futm_source=email%26utm_medium=enmasse/1/02000000p2fo6196-efnlhff7-950a-79gk-eifq-mn0pkvh7ddg0-000000/28hFmUZS2FZycjELlMpl4QY8gdA=364

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546430264343713"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1776	chrome.exe
1776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1592	1736	chrome.exe	87
PID 1736 wrote to memory of 1592	1736	chrome.exe	87
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 3596	1736	chrome.exe	89
PID 1736 wrote to memory of 4556	1736	chrome.exe	90
PID 1736 wrote to memory of 4556	1736	chrome.exe	90
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91
PID 1736 wrote to memory of 4436	1736	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://br4mv5xs.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.highradius.com%2Finsights%2Ffinsider%2Fhyatt-vs-marriott-financial-analysis%2F%3Futm_source=email%26utm_medium=enmasse/1/02000000p2fo6196-efnlhff7-950a-79gk-eifq-mn0pkvh7ddg0-000000/28hFmUZS2FZycjELlMpl4QY8gdA=364
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb43989758,0x7ffb43989768,0x7ffb43989778
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1880,i,16693668117805254047,15197524608146461382,131072 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1880,i,16693668117805254047,15197524608146461382,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1880,i,16693668117805254047,15197524608146461382,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1880,i,16693668117805254047,15197524608146461382,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1880,i,16693668117805254047,15197524608146461382,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4928 --field-trial-handle=1880,i,16693668117805254047,15197524608146461382,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3172 --field-trial-handle=1880,i,16693668117805254047,15197524608146461382,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=1880,i,16693668117805254047,15197524608146461382,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1880,i,16693668117805254047,15197524608146461382,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3844 --field-trial-handle=1880,i,16693668117805254047,15197524608146461382,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
323678bcc7e2d199f69a8101a5959448

SHA1
e2b3f7dbb5c0d6261e31713f7ff6b858278ac800

SHA256
98f89d8292b037014b20220e057cb4b71ad0fb58c6f5e79664452fc814c3b0fe

SHA512
53252b2b25ef7fb2f28d4810d56cd752329a3eac102031ac887bc607a69cff9039f71cf2adba0196fcd227597332ed69f3da05d0e257eaa85d54a6c43d67ca4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
464a84c0925e79fd19463b469f6f340a

SHA1
673d282b906597a85f779ca69ad88cd9e35d1ea2

SHA256
b74b3006db2b5de88625a6d245c7376bb37dd776a9989968e14af1685ed18598

SHA512
42758e52d5458321e2214d30dbc8278e596f21ead914cf09b7fbfed512cd663bcd722b41c5a85bdee512ec1df693504a7e7d89af165de7d39b1e1d9ac5a523af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
48ecaf070ae90d9f47757f4fa504ce74

SHA1
010fc18df1d29eb92ace0e0fab5cfa6f9620b4a3

SHA256
345f6fa0d88d3b269a10a42a19735283aa8c961099daf20e790c5bb6630bee04

SHA512
937a63544036ea605fbf77ecb1da4e6fb3d4090524136d6ca0f4740457a3fc342b117cb77c801cf2301d06d9e92777e1211cb84677682c8b736cfc9c25e4559d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
89dab2ecc5b69d487cf5960fc5fe5e76

SHA1
95c77a7254b2505de65b009badc32f11455ef7f9

SHA256
5bf787a65405753c8ba33afbc18b3ef866dc1a2400b941c6324c52e5e063a9d7

SHA512
b707d111390b86fa7ffc5887e7c1fc03bdb75d8c4ce8a4ff0ca2ccec5fb4c80373bea2e0729789863e99646237bcd5b3f9fc379ab01cb03c6826b78827e68e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
826773cc2b6022ea1cb7f62651e1f823

SHA1
b75be6019ac6a332c525c8a08db2f35f9a4d0725

SHA256
c40c9c900a55cde03828b42e945f979b808026d1123a34150e17ded444fe2252

SHA512
f291364b72db87ff2e17e9f8532c68ceab08f3a897e8f3bddbbd458ffa91a4a685743a79e3171fafb4a4b9baa603c1938334ba58f1ee685e2cc785201960594f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c188bc0395537e515291b26b9071d6ff

SHA1
7ec620f592c78b4ad09c9c545366097fe01461cc

SHA256
d53a6343b13476fb207d5f173a99c11119818b069b133274f1613cc85b098391

SHA512
b0c4586888be1eda9c917af74e2aac2a0f1e9cb2c1d5ffca1af1f8a94ec4561ea29ee9c5076e6fcd9e655445bff6ca1e948098d95e1dd1d06baecf44a9f7cad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6bba8fc2f379fdbd75ee924473a637bd

SHA1
a2c72e22cea51dd40a7db680ad63a40149b93118

SHA256
fd5dc513e3e95cb36009ce42aafb26ce828d2ac10b8bbc2f57884171991a514c

SHA512
db671e964188b82f2fa8d1e562c610eb052a7e49216e301b403ea312e7c14e816013a99896843752ec5ded5e652b30b1f0d28382d1b33b120dc91bde50d8e62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cdbc1be27db32ea999d63232406a8ecd

SHA1
fd6ea0eccfcb13a7f92eac5cf3d1072a082228ce

SHA256
0063913ab0829ce36d2074a4e3e66b5708a3fde028cc70da3ae57103dfc8ef0f

SHA512
c2e82a3780c0c00ad463469bce3d76b254b1e2f049197832540299cb376d00ea231a25a26af68c742220a5355be68a9df8e4a48d8ed3b65f8f4cf8d8b4bf02fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
cdfbfa8e08cadb3f81796468ced93315

SHA1
7069f11e08a00c075106b6515fea406e0dd0d568

SHA256
e57448f74d9e06232c47b127c05216596530b457e5d6b9ba02af2c47b5898f31

SHA512
ff14be53705a3b6fe3332c13aad664eebc7fc73f9bf5fc3084166ba675979ebaace40ea19a3ed682c35dd4e39a9e4017bb85550890d6e395b8100ce74032499a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit