hxxps://url[.]au[.]m[.]mimecastprotect[.]com/s/nkisCJyBWmh8Kk98fViMUe?domain=au[.]docusign[.]net

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
13/03/2024, 02:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://url.au.m.mimecastprotect.com/s/nkisCJyBWmh8Kk98fViMUe?domain=au.docusign.net

Score

5^/10

docusign phishing

Malware Config

Signatures

Detected potential entity reuse from brand docusign.
phishing docusign

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547700098781711"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 4756	4080	chrome.exe	80
PID 4080 wrote to memory of 4756	4080	chrome.exe	80
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 1320	4080	chrome.exe	83
PID 4080 wrote to memory of 4564	4080	chrome.exe	84
PID 4080 wrote to memory of 4564	4080	chrome.exe	84
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85
PID 4080 wrote to memory of 4112	4080	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.au.m.mimecastprotect.com/s/nkisCJyBWmh8Kk98fViMUe?domain=au.docusign.net
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd37c9758,0x7fffd37c9768,0x7fffd37c9778
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1820,i,912116687121699707,10280637677260469065,131072 /prefetch:2
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1820,i,912116687121699707,10280637677260469065,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1820,i,912116687121699707,10280637677260469065,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1820,i,912116687121699707,10280637677260469065,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1820,i,912116687121699707,10280637677260469065,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1820,i,912116687121699707,10280637677260469065,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1820,i,912116687121699707,10280637677260469065,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4964 --field-trial-handle=1820,i,912116687121699707,10280637677260469065,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4564 --field-trial-handle=1820,i,912116687121699707,10280637677260469065,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2460

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6ab75e4429b119b9bf5ff174b1ed4370

SHA1
0c437b9f357a33c2532aca45e77a61691075d662

SHA256
003665c660f4c408f51d41dc2d2650736461d5485afe30279f4f829475ac0f52

SHA512
4bf97b965a5b842411f2e2681a5016f7053a01c9b104de799fc95d844ab7d7d7e55f67a2fd63708520f1efd09811d33b4b6d31d8268c3eb847746e7726746b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
40745feab14cb637ef431f7a12986898

SHA1
a6cc5fbf766e8ac8513afc9841986eda6702de77

SHA256
6a978347d7a42a53cda41b3f22206680d89bad2b69471575ffc300d5639a7562

SHA512
8d9731b07c7d4092702ed68a83fd3bd11c52a57c18e06bab320f4e657d1bef0900edab20237837b9e23cf0a3a2c6490c39ebea715b02d51a3d5b3666088e76c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c9027521c8a77e52930800a51e8ba5bb

SHA1
bc4bd5d24a34cfe3bbaf71372e9ce1a58779c108

SHA256
4bfa4fe6014e0d44d91fc23a28c8e2b9a1c9b04030bd322b973d94babc8435ca

SHA512
5c4ef08326e964a0308dad7041c5ac584585bc9f95781c3abd309dc59233b51206b03d585c1963ed734b52d2a501c1b49dd86313188bd8f501e5d2ec04a51152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
61cc2bcab66f30571ac20116a5027e0d

SHA1
18caa11e2c50315de3d472b4c94856f4490ade37

SHA256
d6c066b169d7f8f60c06aea154e1752015ef92cbdb0b9a4272774e5e747eac75

SHA512
670a16d9ecd9176e8407b6c0de26965f8449782251ee70eadce58a24bf237781e1d3cef1f05d212de7ab18612438ba88a277e9e37add0d414a1cbcabd8829598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
adafbbc9078d497d9d4b7be13ac3f6c6

SHA1
e17b754bf2152cbd9a3b5c0e82733425802274d3

SHA256
94c1e637bbe2555745b987fb009e309fb703b947586b6b617b53b70a61ed5388

SHA512
9efedbded11d091830f66d9c4865e6f060e6a540ecabb42890d78fe504e86ad4320c4f2765e49d2e80c2e2379770ed3ac17f96ca3181d3f07bb7c736dbb90bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
052f8575acf8f2c611a260fb358b417a

SHA1
61a12071d1663516088401e8f6ad25dec6b04020

SHA256
15abb7e07ee84c25550d60f2be1e6c84b5e4a2096c187d6a9fad0ba79e744bb3

SHA512
f6916e4e34c0f3b80f3737dfa87f422b25a95261e79f6680c1462d5c5817cbb038287d2f33a72bfa18297e119a3f833cad29967db2ebfac975406687bc0844b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
5569a62116bc9ed35cec98ae19501940

SHA1
ed96ee87c05f029492f6075528f50285ddbbb0aa

SHA256
85a797bb8a73a69c6ae196bd91ae3b2261ce38630e295ced06a71e496d8049a4

SHA512
ce2e7f677e53e6aa7b25d74eeff217800c3c58ef89509b3fac0d0da1ca04d7e9545f0a27c456add819b6e04c1daf5acb3334f447ad559c27026556b7fdb36292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
416f9e7ae8970d0f9142988dda9a0615

SHA1
217b69dbcef43c5f9e26d5627b9a0205f0e96e4b

SHA256
b6e6f0ae8c5f28a362446305c21170237f547f065be1414a51258ff7b7c5e4dd

SHA512
3efed6344d8cedbf78f7b7c4e6c33dde557ac0df8d09b2fd6b3f8922156424cfd0fd222072d880bf3a8135482febf0556847490966457d8c9bb70e101cdfe820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
06b50a6f5c61a5017f85c18b0bf906c4

SHA1
36179b9a70aaeb5b8d5567a613d91a1332db4e10

SHA256
2e6da754faabc0f7ffc14cce0420a864ed36d5cc9ac12e40533e010077ba4d65

SHA512
dc31d856ea6ed71a13d3f9016e9e3d8e75da87db77f287c8579e8342526702b2cf48f3358ccd4530b131f2ea65c9d6005ef419b74827feef0cb3513d69b02e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
d6189164710a0f7f716fcd9aa6606462

SHA1
5d49c00eb1e8355d0e3478cb0c7a56dbb197d4d7

SHA256
20a4b3a71a737b8d18fec51afbd195e561803c3240d8a90c401983647c2eba03

SHA512
fc7c303f0b58ac1b2dd4f23dd31d40899cad56669c9d9a312d388517d9e7ede3f4df8a5c9bc3ebb27216232a76e873e27beccb7846502a9529e4f751b6ec977e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1560b81faabf9012212ea29bb95a812f

SHA1
f080d00fce21832827258baf827033ef47220b86

SHA256
0ad845ed5a59f97e22e3fa4c0a9f11925d8facef4b5754e3eddf471ceaac56f1

SHA512
2e016a411b2da7b9942e657aa1263c536260a13a6be863b7d5525989bf6770dd568e5dea853120673d86f1cfef995409976c64688a3b6397409a7a06d325ae5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c1bc8f24da967afebeb3a71620e1c869

SHA1
73e15c166328b83ede2b21e1a8b7e9cf5a381057

SHA256
8324ac9a7839c50afc41752e36aa70283e528fec70056d4b2ed4ee4303112815

SHA512
ba14807a5ae25e66d56924084ec9d70b97138c33a91fdddc2451a644c65b4d77681667ec3dec3ad217bf74c11bf543dcfa284b81099ba240f0b169d41b0db306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5ed1733b7e9fe1217572f2e12772fa70

SHA1
d28df21acb200d82fff2960219218748fe087f73

SHA256
486b1ac9be3e4f1383a776daa7ecb7b90c49b0c1be04949ef92d5661f29ef51e

SHA512
ac3501f4f2d4030bc2c87fe4286a492a6e6aad8742072dcf4f9c2e20189a2256b79d53802eb20f2c3a85257f3bfbe89fa62af50bfba06cda593bd86bebac2a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a612a9ba7b0dd183f01476198979aded

SHA1
4174a8cb049d7545501f10e598a0591bed63bc94

SHA256
2fd3900c291c6585fdabd8329238001d0884116fa181bb7793c62256267108b3

SHA512
ec1c4217933f9c5502de71f7f2d61b74b11f261bdb47e64ea0b479a9614e6305ef39f8b372d6fb4452eb221e96117144553917f2105cb5ede24dd4905d02b163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b7ab80036d5f213df1794a4e52186279

SHA1
bd5b50b8dea9c2753bcd8728bd9c6b15ac53b663

SHA256
887aab2cbb13a51a5a258562ce26540e62adf57990c972ab16cd7fbd255399a5

SHA512
09900ed7246645a9438397764861554fc212394676d4bd8a184acbe38e689ed1f5e316a0a2f5f60808483c13c45381e58ade0861ad9bcf0421d3697d08e0472f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6d193a2787b1a7c122e54a7782f7792f

SHA1
e9e62583891826f784140a34c9c79a1b5b376c84

SHA256
ea81950acaefa27cc1c8484e7c12509c85fd61066088a48d338c6b4ec4d17e49

SHA512
d887365a02e11ff5f3c5f677a7b95871462da7b276ab96aed9af61362143f46c743ce844031ca1d12b20164230fcfd9680892404a50b9b7ddb669ce158826656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit