695cd368713e92a60a3a1d78055081ff74655c19a704a9303f79d4f66d41b38e

Resubmissions

05/04/2024, 03:26

240405-dzpm2sah9z 8

05/04/2024, 03:26

05/04/2024, 03:25

05/04/2024, 03:21

05/04/2024, 03:19

05/04/2024, 03:16

Analysis

max time kernel
1259s
max time network
1218s
platform
windows10-1703_x64
resource
win10-20240404-uk
resource tags

arch:x64arch:x86image:win10-20240404-uklocale:uk-uaos:windows10-1703-x64systemwindows
submitted
05/04/2024, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eg-en.html
Size

1.3MB
MD5

ef3e67e8c87982ae2424baa272fd7fd1
SHA1

f002b425b5eee94f0a4e17ff25d31576fa478df6
SHA256

695cd368713e92a60a3a1d78055081ff74655c19a704a9303f79d4f66d41b38e
SHA512

ed6a1a726ee9827abb9b399f5376dc24ab989c23493a77c58d89ef6dd2210f63efab9bec1f2bca08cfb70abb7b4b53dd63cf32f4b154af5e254aa372b33761fb
SSDEEP

12288:PfG6L+qHfKZdUkbNPdNiojl49QtAhwFh66njWLp/53:DLPHfchFh66jM53

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
3308	chrome.exe
3308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 4544	3556	chrome.exe	74
PID 3556 wrote to memory of 4544	3556	chrome.exe	74
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 1356	3556	chrome.exe	76
PID 3556 wrote to memory of 4700	3556	chrome.exe	77
PID 3556 wrote to memory of 4700	3556	chrome.exe	77
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78
PID 3556 wrote to memory of 3952	3556	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\eg-en.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffac4549758,0x7ffac4549768,0x7ffac4549778
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:2
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4832 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4736 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5524 --field-trial-handle=1784,i,4907909453696420863,11213970165703548064,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
259KB

MD5
3e55c56205a89c859fed005ae1729faa

SHA1
b33bba44ef2d6932707d0eef8e00b0ed534fcbb7

SHA256
3eec290a7f7da9abb00b49ca84f5f16e6d45ca33d40fd8ede4380835d6161d71

SHA512
08857f23cb9c37e55fafa55d5f2b74ef7894bb54138f6c0db243ec14310e5a47508375da83eb8d6bcbe471abe24fd71ff24040139ec85c0eb6406d3b45341aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
263KB

MD5
3cb12db7c672b33735006480a455ec72

SHA1
d060e5996b3f7143755496cf2a06de5a59c283ce

SHA256
4c7a552d219146985961bf78d9083b7e2c1a82c4ada5d959f48b3e53754c9049

SHA512
808598eed329f0bf3ae2800eb9d7346a16e23fb4ee0a4e80f61f7f6d41fff09b76cb33e4d21d5dd6768d010d361ae63760814e4076926093afa8edb21bc52326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8e0c421599ce05fd0f5ae27da88a9fcb

SHA1
bf35daf11cfc19181772f91c6462df2d5df5e807

SHA256
55884d5ef7bfd418206016af808259b7b196ecb1c5f18b59efbcc286f242b052

SHA512
f10cde18a9c914ae853eb1e3c72df86340278c35b92e6281ee5c694d35668790c3a0b008d2d90e07f27955ed0f8afb7cc4afaf3e3c522e905373873c458ffd70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5bee81d907b37fd1d4604515d6ae91a8

SHA1
fb64e216e8e6385d52a9d86b3242dfb72391f3d7

SHA256
1120e5ccf01464befc44361f1e45ef4e7efa1cba0af0efced8a56df2b071032a

SHA512
d6d6d9b1b1dc2d80652f3212065debb423b4e67349dbd55e9f67e762b485ce09ec94b1b69e9360b929f6399ec28cef0adad749304262e89334c5e458465129da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f2b2eb8617f11ab3988af261c75ab3b8

SHA1
ef1238ffb8fd93f968c3a927542743920373ee0a

SHA256
bc9faceead3824ba97f8f75447caded353708d2eb607b217c68c765a8c5cf3b3

SHA512
dbf10c260d8ff57db0135f8b2a18cb3f461dd28e927372bcdb0546ff5ecf1866a99ea64170c1437b5335a509debde021261192f7f00c9fac9d361de5f3df198c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5e38e184124f34c14f1a5c822a018db0

SHA1
585d22cb7cefdff8cbcc9e7ceed2295fb513e6a9

SHA256
6c7a1639b2a844ebef651a5fa4cc57a446da8d6a26c0453caf8780514e6f59d3

SHA512
846bddf4beb2e7f96eea862653ad8a9632e86028934237c18a5df64de2600a1c84c238c4d6c042645a19e5a4e2654d55064e87bed16326beb094d926dcf334c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f1ac4639fa72b237909db27e8e6dfcbd

SHA1
b374e9f8b6d14ec01c911f68392bad90cdf0b8fb

SHA256
cba891c91cfff6150e467e7913fbdd5240ddabb51007eded7bf8961d972fa62a

SHA512
14c8215e22f530641db9c83df105c074dd09576bf951d6e2e28a86b2e7ecb60625bdc42b4b5bfe387f32a7b6962e77132841b28be5c18d61ed8d68d392beb1d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
9dccd9beee32df3b7f28dab96d105a24

SHA1
d06b17eafd525c3fc9fb88901a649957b88dd9f7

SHA256
88e8ef7ede6d0ab3aca531cd0bbc2f59270ac63b4cadb6d5fe88117762495bb6

SHA512
b643b93b5ec5803e4f1c25ccccefdcaa2ef64303bc44023457c25ca0df64370e25d79f34e126ed295750aae9136a876f863588b9c8e9b25e1e5c2c1933734727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit