hxxp://nus36[.]impdelivery[.]xyz

Analysis

max time kernel
299s
max time network
287s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://nus36.impdelivery.xyz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547094584684377"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2456	chrome.exe
2456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 4288	2492	chrome.exe	88
PID 2492 wrote to memory of 4288	2492	chrome.exe	88
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4916	2492	chrome.exe	90
PID 2492 wrote to memory of 4576	2492	chrome.exe	91
PID 2492 wrote to memory of 4576	2492	chrome.exe	91
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92
PID 2492 wrote to memory of 392	2492	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://nus36.impdelivery.xyz
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88c009758,0x7ff88c009768,0x7ff88c009778
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2724 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2732 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4184 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3740 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5232 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4744 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3184 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:8
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3120 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4896 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2324 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5036 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5212 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5208 --field-trial-handle=1868,i,5566948625263819358,4964251839516085103,131072 /prefetch:1
  2⤵
  PID:5316

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
81b55fa5177ec7a29b234583e35e1456

SHA1
f841461ba400efec0cd1e0141c4e149c59b34c65

SHA256
cb0badb0ac307fc46165538c80e8d43a31afe79c536f9f7a9821f0eb14865129

SHA512
0a326af742e56b880321fdabdd3be17545431cc29ba0160977ff018a5e28bdbd9c23965e652ce9abe2f9694906a5b34a53235add16df46d6ec0d69626cbb28ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3f3e763e5b1dfe662f3a7d0b2a23fc67

SHA1
3c97148029373774a53d021ebf7dc4b5f87b4917

SHA256
cc111af08015e37895786c4efab508360c238b6998f759c393cf1f9f0fda2dae

SHA512
203b42c6abc4e60455530e6a913cb2dc81646dc54f1713fbed3127fcf8481522d58399de1afaa6c4969644504bdb69a6adbf6c5ceca15ee6e973fdf204f737b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e8314ba416d54a347d4761c0b29de0c2

SHA1
d70bde0effc536bbe398740cb149dfbf8d012bac

SHA256
e2c4771ac498094b72a9ece4285b9256cbf4c83fb91baefbcff52f57a95f5cfb

SHA512
e3c23fd241ba6c50a6cea7d3d2763ee3510fab85a1b39746110a696889b5a7620214d7a582834c268137244a95312d40f1397ecf0fd3cfb99540e19687c284cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8586b91a60ef1c409b4bb34872c26eda

SHA1
653f62dc68de47e858a4b4290749dce09378413b

SHA256
1b50c7bec656cc9fe852150d32bb882da58c8805d6836887d1eb15e9ff318232

SHA512
e6e86b374e1b279e34cada5fcd8a0084e5a5b01ca48000e3b2f64c8fd36ad13df9be4163e84cdf8c2b6b37729e1046e101329e7032b4bb3af48f62d4be7ae62f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
2bcbd1eaeef7d6b6b3eee74b9e9f753b

SHA1
6eda438713aa9b32d423ce673eb1f90eb47e51ae

SHA256
a8ac46b3245bb86f51301735083aea6f012050273461e0c82a9e7085dd509737

SHA512
9a5bafb5fe4534357a55b74619df66635ed78225ca6dee24b592cb42206cf29ab4bff561e552db515919693e615d6c7d1264e8ece5f9875914ec77c9012127c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
211db55db176d1c1af18cdc83b162e8f

SHA1
a21b393cf97ec8aedafe4bfa5e95a6734ec8b038

SHA256
18013903213f74660f4c2e6b30a5f7b82c0749e204f40356bf8520f52cc2c0c5

SHA512
a2eed605baa43bc1e3c22875640112b9de1422b229229325f032a837a2dd76da7f9ad769c3c7e999992e61c92331d5c16df3a62bca1ad70aad30f42799e1ff72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57db9b.TMP

Filesize
97KB

MD5
48007413e55b391e8ea0a47379fa5f0b

SHA1
39234966424928e2ce858bd922418fed1e30b43e

SHA256
ac9e7701d056bf778e5735524579f195946a569e6a014aba49aae9b07cc8fdad

SHA512
6240b87010f23aabfef66c774f3f70880c6e51848bdcdfd002f9d722ff8c4b7c8b8aab8197936e059db81a0f8bd48124e6bff6a8d034b6b8278b17b9b37ca6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit