hxxp://www[.]jonas[.]co[.]il

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.jonas.co.il

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133558646178744622"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{06DDABAB-DF06-46DC-839A-EC2347AFA4D8}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
5244	chrome.exe
5244	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 2424	3772	chrome.exe	88
PID 3772 wrote to memory of 2424	3772	chrome.exe	88
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2564	3772	chrome.exe	90
PID 3772 wrote to memory of 2244	3772	chrome.exe	91
PID 3772 wrote to memory of 2244	3772	chrome.exe	91
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92
PID 3772 wrote to memory of 2488	3772	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.jonas.co.il
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff814c49758,0x7ff814c49768,0x7ff814c49778
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4808 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3752 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5332 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 --field-trial-handle=1760,i,7750250534674967612,11191338423467168023,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5244

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2092

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x408
1⤵
PID:1456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\21f5359f-1817-43af-b937-620da8ca25fe.tmp

Filesize
6KB

MD5
7002955792e9a83291edc415d22e9d55

SHA1
36a57d5006b717d26b0104b72c79603f5bcc980d

SHA256
826d9ef31f43e3428c1934a6beb708e3c1910bdd9f70505e30f59efc33890d37

SHA512
990837e3e86dd99ead096bf5def965d8728fd16a77f4504c97e1d0ee14a15a73b3443f8aa5c5e38cf3592c1c357355d878415bad3ddd9d1ca2dc91d86c82210b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
ad9153a086f7e09c0975ae0133b9ac12

SHA1
1923e95f4d55b12a1886e8abd50cdee759a5387f

SHA256
1b9ce3c46f63017aa5bb5ee7365874f5c51a9a5985f24a17a304585d73c12140

SHA512
2c0f1d37236897fb0bbc8c4033e0742bbfe46455b1eec59758b6099f466c1229a893a48bf33bdaf9e8c51c5da2e1a8073d84df56b269089a72ca229e64ddab6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0ccd90999e4bfdad292306f49e92bce0

SHA1
9d10df3677c82d3e816b3b0bd36b4746e1b6c836

SHA256
4b8fbd38d324ef3b5b88605f8179785e94acf84b5175fa88ef57d90b7d3b9c64

SHA512
622b16295d13b846908287241edbe98a695032f8be3ded75469371c2693539a22007d91fbf46dff2819c1f8ac040d42841181e8b1cb87b2dfadc6ab40b72f118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
353fc42f792594224850d7ab0d365f7f

SHA1
940f95820d90b0d0c32cbe3dfa499987043306ed

SHA256
92ebf396242103cba1b85c9f57a4ce2237c5ba977d14ad5952fd4fd1aa524a77

SHA512
fd68cd7e365bb17fb4c9089a234e080e03f2ecfec66dfc168e313760f7db7978e8902c27256844b224850cef879346f03131bbac8d4f9decf0704d980295e466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
e80268f386433ea47ff59a22b2476564

SHA1
8bc1675187fe545664e8db0d521956580d5a07b6

SHA256
4d285e23df9cfc548a6548860508f3f23485c84674917aa1d65ae68bb7c9072a

SHA512
693a40ded34313b778684d75933bf189d0cb6d73c8cfa30d16c786f1bdf7826d64c0c6cfb4d6eec4be93133b9e46e15cd123d92e747b070a6289d3de1dc8fb4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
90ac06029002d784220e56fff50e1e18

SHA1
9266f0f5ac0609628aa0b2fe62b442d14372d5a1

SHA256
6d6371d6c988d5ffe4bcd874a6e8dfc96c79127edf15c31d3124e8b6f953e2d8

SHA512
5a77bbc07ddd9fd73b28fd05649c9ae5d0bcbccf2d06d46125beb835c714bbed9320019e133a58eb9df64cdb27d8f174f67c5e6b12b0d80fec0c9608f9ab28fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe32171a311e3181570131e635a27cb1

SHA1
5e60a2e4e4aa4aa7bda47f7be9bf0b54af98587e

SHA256
6ca35c05c511b0d272dbf0b1786c40aa135e495e010e002f3ac2a4bb463a858f

SHA512
0977381c045115ab1e02e781de6a4fc4998d0c03fbb1294d999591376876f2eaa5eb8561eaec6076b3adf29a93f513ab077e42cb7c6b5f462d2c7fd2aa059852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57565d.TMP

Filesize
120B

MD5
18ea72eb05548f33a30e33da0d355053

SHA1
bc4aba94595561a4015e09d6c21cb4708d76ff8c

SHA256
a2c7588a5ecde851e0c6b8d97ef74d33825cf9db126702b75116ced93dc9b391

SHA512
a49ec9f5ef09fb0f92e8a07caf2f69276fdaefb892cf38ce29543356a193e7c9330c61f24dfcd9e084c3090f80258b00de2fb06fd33419c3530caee48bbada46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
ee9ce12cd18b00d2b31d3031c84b1961

SHA1
beb883853006bb35ea43b5abb26073e94148ba51

SHA256
de28d73c233d65c3cce2619dfd50e345473416882837124251791179ef4900f2

SHA512
31c6399e5c11518968ecc4fc9762ab28cf1dbbbac294e900a87bdf74ab12f4949c358253e920d0f82de972c444c2ef05c72c26ce16cc2844684f5c7070aae108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit