hxxps://t[.]m[.]emporiaresearch[.]com/lnk/AUgAADts8rAAAclTJt4AAiWkYKwAAYCtaj8Anm1wACMv7gBmBqCPL4F8-zL0RXaxaAIxI_zCMgAhACA/1/J8VLRYgIIX5hneJSCBeTnw/aHR0cHM6Ly9hcHAuZW1wb3JpYXJlc2VhcmNoLmNvbS9zdXJ2ZXk_Y29udGFjdElkPTVlNzFkZTEwY2Y5NDYwMDAwMTgyMjFlZSZwcm9qZWN0SWQ9ODM0MWI2MTcxOWQzNDM3ZGE1Yjk5ZGJiY2E3Yzc5MjkmdGVtcGxhdGVJZD1iYXNpYw

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.m.emporiaresearch.com/lnk/AUgAADts8rAAAclTJt4AAiWkYKwAAYCtaj8Anm1wACMv7gBmBqCPL4F8-zL0RXaxaAIxI_zCMgAhACA/1/J8VLRYgIIX5hneJSCBeTnw/aHR0cHM6Ly9hcHAuZW1wb3JpYXJlc2VhcmNoLmNvbS9zdXJ2ZXk_Y29udGFjdElkPTVlNzFkZTEwY2Y5NDYwMDAwMTgyMjFlZSZwcm9qZWN0SWQ9ODM0MWI2MTcxOWQzNDM3ZGE1Yjk5ZGJiY2E3Yzc5MjkmdGVtcGxhdGVJZD1iYXNpYw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133561961570105090"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3392	chrome.exe
3392	chrome.exe
1952	chrome.exe
1952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3392 wrote to memory of 3040	3392	chrome.exe	86
PID 3392 wrote to memory of 3040	3392	chrome.exe	86
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 1028	3392	chrome.exe	90
PID 3392 wrote to memory of 3088	3392	chrome.exe	91
PID 3392 wrote to memory of 3088	3392	chrome.exe	91
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92
PID 3392 wrote to memory of 4904	3392	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t.m.emporiaresearch.com/lnk/AUgAADts8rAAAclTJt4AAiWkYKwAAYCtaj8Anm1wACMv7gBmBqCPL4F8-zL0RXaxaAIxI_zCMgAhACA/1/J8VLRYgIIX5hneJSCBeTnw/aHR0cHM6Ly9hcHAuZW1wb3JpYXJlc2VhcmNoLmNvbS9zdXJ2ZXk_Y29udGFjdElkPTVlNzFkZTEwY2Y5NDYwMDAwMTgyMjFlZSZwcm9qZWN0SWQ9ODM0MWI2MTcxOWQzNDM3ZGE1Yjk5ZGJiY2E3Yzc5MjkmdGVtcGxhdGVJZD1iYXNpYw
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa06619758,0x7ffa06619768,0x7ffa06619778
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=2072,i,9787447148739039928,17834568217294240616,131072 /prefetch:2
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2072,i,9787447148739039928,17834568217294240616,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=2072,i,9787447148739039928,17834568217294240616,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=2072,i,9787447148739039928,17834568217294240616,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=2072,i,9787447148739039928,17834568217294240616,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=2072,i,9787447148739039928,17834568217294240616,131072 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=2072,i,9787447148739039928,17834568217294240616,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5212 --field-trial-handle=2072,i,9787447148739039928,17834568217294240616,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2472 --field-trial-handle=2072,i,9787447148739039928,17834568217294240616,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
89b3071d5e7f9f9e415d577aa7ea9bf7

SHA1
32689ef14efaa649c5c1cb6b54d9184d2c408b6f

SHA256
f9a5d6031449aa58585d7c68c9279fded4e47831be5ce972003e78cedf6cd90d

SHA512
1df987a532bcb72ac07b8d40d8bcf2762e05acc4d8a0584ac6ddbf3c70dbbb402535d546d3045d7723c70a056bfe73ce002fbd6e4a015e6cba6fa684b2c030d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
2bcb46b63e8136205b8ae9b4395249dc

SHA1
7af1e7c1a094e4bd4adc16a940bbea5cddecae87

SHA256
4864bd14ba8cf805a59a5141ebc2325ebb3e56ae97f7b11232104b769a872fa1

SHA512
6be0e49f06486630ba6b2af5216b770085fdd72348e93be21895d819764d5ffe9aa4b6359183a0fd60d5b9cf31772b77015ffa5de26f914917082b518ec81f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c15a17a0876d8e4ee0c4f36f1fc19bb4

SHA1
1079bece2bfd6201e047c522517ed411993281de

SHA256
97ebf35973ad6c1963a252a8c57557be4b25eeacab45c1beaaa385aa7d9f4596

SHA512
2590d8c089856783d9ef0299f5ec2a2566b361ec8a458bf96d241c82e35af26783af3e1917a2ff01ffab7b90f6d782cc012b7fe8cdcb9972901b199a1578b9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
95cbfdd58f250812ee945df369cff94b

SHA1
976fb29d688e0f85dfbb1ae0dd2ee43d43b12f5c

SHA256
67eb1733e569e67a8293d9375f548441917d14dcaf7e911e831e2b07c127db2d

SHA512
83b11752f232e9c0459e71ad034411af63421a688895ba7183b9083e2ef19cebb4944d73dfd6cbdf389937e0cc93cb537f956ee66e453a2e6ccfb06cf51cc6a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
6ee23f24f81da1e0baa8ddbe428b5127

SHA1
8378cc77220e4f5c207f2dd7b1f761f0e76df1dd

SHA256
4842b246c883a10b03a1d0b4c2ace6b61ddaa541686b7117def241466a363d26

SHA512
8fa5dca04dca80dd28c50166ac2dde8975b0132250d24fd05597623af5a44ea29d5a47168963ee97d5b20ea7a802f8a1ba1642c1e0346907c896f167c17f890d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
a1f2cc56199a55c0c6c3e5fb89e9bdfc

SHA1
d8683a7b438752027e1da64cef2508214f8fff1d

SHA256
55b8d9689026349286b8a1d4c23cb4c7399cb86dfd98c34322617d1d3201e36a

SHA512
ada4ebaa6e4511e116c711353da13e44850b4453c8be401c109b0449d53a7e550d6bd6d36ecce2448cb0ecf4338c4f68f3e777bd115552e9c26e3f144f10947f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b2defdbb714c5a3fda58b44aaebde79

SHA1
5335ae3b4426637d2a8ece2837962afdafd36123

SHA256
18629c89774b79fd23fb569823826e265a41745fec2bd3bb04e7e830ee6a8d87

SHA512
9068bac8b1b893f139706ad0a2088c6e8837dd3ac6a50449e4373c81bfd2bce815767fa259f311d24d9671ae6a8c03423685e5c9ab02396320916cd1b19ff9e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d5f914879d7a45d90040d4e0279bca34

SHA1
b734fba391a7975eab29e1b8bc560f248f408824

SHA256
5d922249585f288108a69c97a6314860a6e35af42666e94dc265ca02afbfd5d2

SHA512
4ca1038e621ed81208a86a333e615dd8fd7b3b2d8672f3ffd321cb0c132086330a9c6acaa016412309e45a7eab807e0624fa1efc3c8203774c401057fbee4e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
ef8e90a0cd1c0e538a29a182dff38af5

SHA1
189f2d1cb467c372b2b09927ea9fe834d3a10b04

SHA256
f87e80de93d61bf7ff7cf7ba6a33a9b182c2e0115204d7f866b13ff83f2a91cc

SHA512
ec843e20aaa92b77592e5722d19d942878b6cb05013ab3a008d1b4a66b1efffbc628819e6e179c53b97f2fb93fb36746f15a8168c2d2c96350ce178690c34e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit