hxxp://sendy[.]magpie[.]ae/l/3BRfiBslSthFa2NWqplODQ/dUQ1vSUDLiLj8763LaCw2rDA/jkM4892763E0eJbkA7639fhAfqTg

Analysis

max time kernel
299s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2024 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sendy.magpie.ae/l/3BRfiBslSthFa2NWqplODQ/dUQ1vSUDLiLj8763LaCw2rDA/jkM4892763E0eJbkA7639fhAfqTg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548976104264389"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4224 wrote to memory of 4304	4224	chrome.exe	87
PID 4224 wrote to memory of 4304	4224	chrome.exe	87
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 1976	4224	chrome.exe	89
PID 4224 wrote to memory of 2828	4224	chrome.exe	90
PID 4224 wrote to memory of 2828	4224	chrome.exe	90
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91
PID 4224 wrote to memory of 4668	4224	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://sendy.magpie.ae/l/3BRfiBslSthFa2NWqplODQ/dUQ1vSUDLiLj8763LaCw2rDA/jkM4892763E0eJbkA7639fhAfqTg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec0d79758,0x7ffec0d79768,0x7ffec0d79778
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1900,i,571758335715492576,523367979948907379,131072 /prefetch:2
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1900,i,571758335715492576,523367979948907379,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1900,i,571758335715492576,523367979948907379,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1900,i,571758335715492576,523367979948907379,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1900,i,571758335715492576,523367979948907379,131072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1900,i,571758335715492576,523367979948907379,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4760 --field-trial-handle=1900,i,571758335715492576,523367979948907379,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1900,i,571758335715492576,523367979948907379,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1900,i,571758335715492576,523367979948907379,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2780 --field-trial-handle=1900,i,571758335715492576,523367979948907379,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1d0ecc071bffc692c2d7118818db61e8

SHA1
348530de48f43046265e0f0e62f6f032936b9b19

SHA256
dd0e09e5b756e22c89bccdd1a29e1770974f6b7b73e53440f5f4e59dbce720a7

SHA512
8d25c85334445fdad2881c1f63cbee15d37bbff045af62f53a8c7143b074fc7b53333953b04d1098889459539f957de237c570a9b5c8cf1c55d6bb2dad6920d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
eb6396fa4a29b9ea24983a65dc090ebe

SHA1
8b22a3474bf070a4a2e4fc11812b22eabe345ece

SHA256
f7e8abc72fd6599964b68b8fb31a795c04c17c4e23b22c351223884c73ff5964

SHA512
ad30e612ad211cc6e6d660d593bb1a34f83787f339a1beda4269e6aa23591b60ec4edc7cb167db9a81ca639c7d089809e1ccdddad5d6fe7c538c3b4515b09542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8fff021d960091301db3e0a8f49b7bae

SHA1
f2302121d69590856714a4f42144db34c9d812ac

SHA256
108ac015e523576e7ebe8316ce12f9c5dd3971acb63ae58cd83010a7f31717a4

SHA512
00f010f487d5de7cac821d524a99b571f53e6a77e312b926122e0b5512fb15a0d7170f255755b1f81c55fa37f16a17ceca092952ee4247efb55d1cf07c890b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1b533ff3cd58dd8c30bf8331de855967

SHA1
d5e0f3b4c79fefb5e66d9a9952c80387fba42633

SHA256
932191da3a0924842b13d0afa046c4ea969d9cda17dfcd1c5d1ca593d90d1836

SHA512
685fd610650bec748957445a01b25226545236adf5e6b7f3805d91dc4b9cdd91deb898ad08d3dfa905c20f7cac25b20baf9aa9f58f71dde1b5fb439d9e76522c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2ebd160e7686e6cd29cf9eba632282d1

SHA1
78e1f9b168530f2b69988dd8eaef2655c3d6cad0

SHA256
4095a961778c835591e416dd0dfde976fa9b234427b535470b6c95a6a946f039

SHA512
03ce96b94dabb9f961a840a562602a6aeee6aadfac9456ee3d38be86633883e9091f0885697b3c1aab0020b5d0b5af4d14d6aabd1ac68069269f7a29a086b2c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
998131c8c0d8a4fdfc277fad021af67a

SHA1
144683ebb3ac11d377f70aed5d837f5902936a65

SHA256
7747c84bba802ccbb2fd6f8c4dc68f885fa38df72607c5dfd85fce87684489b1

SHA512
8ab5bf5fb8551352f488cccb6f4df3e2ba7f266dc30d02d93f427d34262c0a75dba7de108098d4828bd7eab7ee9a8cfbafe5cda5e805cba84adf7eebf04e18bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0ee3e6a9650c98b9a2d4d64dba69b7e5

SHA1
27f93ecd8a9e44c0936c12ea164b39b2ff217ebb

SHA256
d58dc0d0ada68cf54f8ab2e4230f06b0cb20dfa77f0b572cf03d417e5b86f382

SHA512
0a33514c757b044122ba1ee9f91046cab903892005aa0a9c39f0a9ddb9b4bab39a909cec77d9b25225c6d0fac2ee70e6cca829a86c9bc31b75e2dcbe393700db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e0a1d09a9f2dbe0e255ba226280b9d9

SHA1
7b61b04e200fa18c25030ea952f737009b1febd4

SHA256
ad4247d36003ee048af107b53a7d487f168ee988736d6e5784b37c1d8bb79703

SHA512
b758ed4629bf6b487110add5f46c1da8b22b2a868aa574295bd8ade5690982a5b37d0c111ddcb868bbd9094e46149481610a7b470c50a191d2041082927dcab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
637cd3e508f9a46bfc2326786e8b36ba

SHA1
e1d892faa9e0f329f375e1be91f8b0c7513e4103

SHA256
a0046ddbcaac123d86d7ca521bcb1b725b73d74e094be01bac01aa424825e51f

SHA512
48279d2697369e5a24a99d7eb2ec45a3fd2b50d0785e048fab2994a25247839e0f404c1737cce85e1a15c888cd79f625fad3025d8d743f74674a2067c80532fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6b9c319cd048db303862e948e92deccc

SHA1
1467a6a5726ddb38100adb522caafa3d593278ed

SHA256
927e58285d0d7e3c50c7b45310b633c40bd8b70559e0248340ffc62d78971100

SHA512
62c27fcebe9418a0921a481cf466ee2d83c77395b0bdc5c8d4d1a9bdb0c9fb9ba0ae912ca222fc036dd78d934d51bc95045bad77a3357fadcbec8c9e5ec6ab6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
63fa7a94aada81546ced594493da2175

SHA1
af7298c1ee0d987df8dcb112312268b7dade86e7

SHA256
cf4657fa05d76813b08ff6d76f366b514e2a0e93428c9d6107b522e94405d20d

SHA512
893af5a71a7f454f0c76a4b44d865e9c4aa138c0351ca930a9ed93c8e9919516440501894b2d7d1added4861e049e3433ced4f2dcc3b8ee9e794bf743c01d1fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit