hxxps://www[.]hilkom-digital[.]de/professional-linksprofile-clean-up-service/

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.hilkom-digital.de/professional-linksprofile-clean-up-service/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133560765691765847"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: 33	2872	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2872	AUDIODG.EXE
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 792	3752	chrome.exe	92
PID 3752 wrote to memory of 792	3752	chrome.exe	92
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 1376	3752	chrome.exe	95
PID 3752 wrote to memory of 4836	3752	chrome.exe	96
PID 3752 wrote to memory of 4836	3752	chrome.exe	96
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97
PID 3752 wrote to memory of 3896	3752	chrome.exe	97

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.hilkom-digital.de/professional-linksprofile-clean-up-service/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9dd89758,0x7ffc9dd89768,0x7ffc9dd89778
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1908,i,4935629347909271383,6835051667411866863,131072 /prefetch:2
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1908,i,4935629347909271383,6835051667411866863,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1908,i,4935629347909271383,6835051667411866863,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1908,i,4935629347909271383,6835051667411866863,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1908,i,4935629347909271383,6835051667411866863,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5324 --field-trial-handle=1908,i,4935629347909271383,6835051667411866863,131072 /prefetch:8
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1908,i,4935629347909271383,6835051667411866863,131072 /prefetch:8
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1908,i,4935629347909271383,6835051667411866863,131072 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2624 --field-trial-handle=1908,i,4935629347909271383,6835051667411866863,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=808 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:5860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
c2730aee069792aa99cefed08c2e0086

SHA1
ccee87490229f078f904fd48fce11e5f989f188b

SHA256
1e17e1f4bba078d19d16183e5baa64a9e47aa788e1622f644f9b76a8abf98253

SHA512
f58931d82b5733b2e4af88cdbd3cee0428dfb26b80cac82cd5b09fbd5968bf2f589fbdfa8c7c5384dde2f3bc4e3b87af5d7763615dfd58a49824ee53250e0e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
1d8f9a915efec6ddb291da53a574c512

SHA1
5582dd56593f121b16642852402c98f17bb6af9f

SHA256
3d6d4eb1e0c25dfb270a96e26a7ab17071704d74647bf9e5e9c156ecbcada5a6

SHA512
d1f8add512e6d3eebd12fafd9061a451770e0956b5e3cff82de2b5a52fab0b00cc15f19358b2bbda700bfbd5e30607924995dac4459614cdb2c6cd7f77526975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
59b6d5bd90980ec5ecb77c924457b218

SHA1
8540c4397136c2726587fc1e2f5499f748c37e1b

SHA256
fe517b58136a9e70fced447d2908545327afd24f11ec1123f3f51e3ceda80218

SHA512
2f413e44f7089562217aa97d03d4169d0bf1cda9d60d400e5ab0532c9b5efad50a756c0c4a7a4f17444b44275fbf134c40f1bb6655e1dd55e8466bba2d7f5cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d57bc151d9af5eacf56926fe0222b1d2

SHA1
4f070257dfa4e20c67c0ce04ada7320fce28a01f

SHA256
575c4315ffd7daa57be814f3f9f84b6625612b3c87b36e6ffe85855a4ef092d4

SHA512
f6ec9d3d8284d584d891fb5c75f6b486e2301d1168f531731e701c179c792a8f4193c517fb942ffc6dcf58a332e78f8051c7e405061a087332a42f432e4b642a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
701B

MD5
af1165cceb08b7b81ee72bd5150d8907

SHA1
19ad35d7da2f048f326581f9ecd0f30eab6bf9f3

SHA256
a542424bbbfece42dd016a958744100d9605cac3876a1f5611c4b9573e9105c9

SHA512
bf09d1b60d8c8d0d95dbe77e27f4c9d27b0aaa82cc1629a35a8fdc7cea6054dd1c9493bc38c0aae6040bfeabebf6183e8b5b3a95d1215a6041233a9c97ac6ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e258f87284dfb1d5ba42b0cfa2de1c1

SHA1
411a4afa7f7db06336290cec6df8b4fb98d82092

SHA256
c582be6b98f009a3f2833d9c10d7d5959200ae7d0a5dc713b12b03ee8b438f92

SHA512
4152d23977b2cb85b49a921e551a5997431988b1482c04a65b45533f4bab2ef607d8b6683cf95de4554076db7a01a3248513041191c5905e28f2420989be3953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5ea87e5268aae1fb34d5f4b306d8a521

SHA1
ff5813fad072bc2866be0796e6ad49ba165a5571

SHA256
bd57a574040990024212915d0fa7781712013684dc505c7668842abd79e00b17

SHA512
6cdbfd2267df2414c9fd22864a3a15b69407c1a307aae295f1d58a46b42c649bc91a3a8a610a497cc7944bb516303a4ed3c5f9d1fd5144d18dae2b949b1663d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ef877f75ecef980852cf85da3f9b401d

SHA1
6fd86ebebbbfa2136f0d27421c8d88c9921810ba

SHA256
849c7ae0491abbb15d6936b1460e4d14f33b10b6eba999ad20c25838cc02d155

SHA512
95e13188209ef3956868916af2e0ee7305bd12697600ed4d9e73019f52f8a65d3d4d5ff4777b8c0bd83796d41eeeb89c93a251e7b10d923b614d585666df1b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eccabb2e6345264290bd689e7d1c953d

SHA1
571b0d71d01a7ea3e38faf1e65ca768de6552b78

SHA256
54b827d65c150727ea42cb65460c00027d7ed32c6d9b24f51b87951703654b66

SHA512
cc90ffc30f007afea067bec0012fe374d02cd85b8c12c14930c1d68e4a820e7eaecd6e2361068b6e9d834a388265ad07b03f983e3a9fa72bb1c8204597cb788b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
32bd076031ac9ae502d6ba0c695bbb7d

SHA1
7635203d4841167d807838537e6375b670572f51

SHA256
7414ce46f256d8c1303bc1c39c48342d1305195b146ceb8c2a7d338b5aa9c2c7

SHA512
cb338a27edca516f29a7d113a662116ac16903b0138290aec74320c4f9ec8b6945a74259449784ea7d022c52729794e197a891702297145732da1a488fd7921f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit