hxxps://gitus[.]net/watch/?=250324T

Resubmissions

05-04-2024 14:23

240405-rqjx4aeg68 1

05-04-2024 14:23

240405-rqdq3seg66 1

05-04-2024 14:21

240405-rpgrcaec5z 1

05-04-2024 14:15

240405-rkz25aeb8x 1

Analysis

max time kernel
1800s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gitus.net/watch/?=250324T

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568005405603248"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
4364	chrome.exe
4364	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 880	1132	chrome.exe	86
PID 1132 wrote to memory of 880	1132	chrome.exe	86
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 4872	1132	chrome.exe	91
PID 1132 wrote to memory of 3784	1132	chrome.exe	92
PID 1132 wrote to memory of 3784	1132	chrome.exe	92
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93
PID 1132 wrote to memory of 2524	1132	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gitus.net/watch/?=250324T
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d119758,0x7ffd9d119768,0x7ffd9d119778
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:2
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5348 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5780 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1688 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 --field-trial-handle=1788,i,17154375613477594003,16546126318242150048,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
213cd44f70ff561af190bff687cddea0

SHA1
55032c8d77c984a40f5f3e22d3db034d8092b42f

SHA256
7678d5cfa5df3ebd0432c5db706b1e78db037f66c9e0913576c6cb4ddfb0d4a0

SHA512
ecf0982b3d59ff527207f5fa12cfa14a0ec8e3f8f4a496a0ad358e25ad951a6b8c43316e71a66ae7c1878ab1bd469a5de3503aef2cac9e7ad4450c41efa84157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
700c317fd65cd79271f2ebb578ddabb1

SHA1
c792f0ccd0c0afe467c5fc056c7817a780426e82

SHA256
9971d6bbc5c456c663f106b1dece6457553750784c9251015e449919ddfdf895

SHA512
1ae5377e1895167f123ccadc09d38c1bafb9184ecf51f8d23088b06ecc04d246482725a6013421a9a94301ce494a4424b793186bfc2f816cb6cce882037ef2d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a62cadb298f339ca38337ed9e03c2124

SHA1
86e5e4143b606471ffcdeb7859a96b98aabde503

SHA256
4c83b55c278005239d76ba79685aa642d2a13c131619402b9d77fbb53f930a32

SHA512
975c1d7cccdc6c09557fd889475d5df8a80a841777b80398528f4d9328d93d9b282cd463d006aea679b6ca22f63f3b0fa42061a39f2cdc73c870ea438fc07b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4615b4ad117928db8b39df351dc9a485

SHA1
30be6f71a375aa4e91aa6b6089f42594c0253880

SHA256
551213c8a0ce3a5020621bac57180037edeb0ae767c0bffa8ab51288aca1d874

SHA512
8c64dfb7fb1c49886a79cc4bdb32f56a1194f7d66ab62c05a06d099d77034313e6c48d53266c250be6e4c5782d5cf2e2a81fea125a5e16bcdb2d81fea4792b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
d092b79433055abbb97b121ce48bc878

SHA1
745026f1a3b491e525b6a696718ade3454658800

SHA256
bca34daf67520975c3564759e085752ddcbe3840d5c08af1d775a8691f80f36a

SHA512
342bdae011302c8550285c63ef48568b4fd23483bf0dafe680b5ac01543ff0e4bd7a424caf416c025f2bd4e5b8e4118d254ec07d5e638a721aeb234d02a85c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
20f2609fa5532bc2830f218d80b74562

SHA1
96ca2efe37caf66f34e1141b42ef26589e0ad2a0

SHA256
e8f48ec7cc104e3fb9ce20e1b88bea1109036835f69f0782feeb12a0833b56e7

SHA512
2cce72e8a7efe7eda0ad6402e60fa784e606a9942654a5c90bc9712f795b1783bcc110dda66b2cf8b1d628c25f8823b3951f8920e7d6ba52fe79047d8e465bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2ea7f11eadfe9989d4674706b69f29a2

SHA1
9ba0eae49fd393713e7a073530367f3f49504429

SHA256
08927190a8b2fddc31ef4e50f9c28387059c2d417e794a7ac38b269f9d412aec

SHA512
c66b6b555fbff4a952364f6a7dd8b919a380c7beb66d080668b1a04dcbc6b790193fba247856c1f494c49bfef84b334f59d75fd4d1b4d786e66a77c5b34ffa1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9b9512325550c761685a4c039042ac10

SHA1
dd994eedba96021e660c7f84ea8f248df85e2681

SHA256
c1d139ad5cb6377e2545c1c4284dbcd2970102407b7556300af9a778f5fcc555

SHA512
a21c81429b4a660322085c03bd4d612fae807d1803f4b9003eab4c02de21a233d180a68a926c19a63537aef7aa99f832f2658500217aaf74679df3da174ff4f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
afa444c58b701f92317b9fb7701caea2

SHA1
d90a41d7da3955907ab58917a1222d2f202816c1

SHA256
cda4be072a3d6be7c27b91252e1b747a5aebb34755f9d7247617bedfbaa562f7

SHA512
bf68a6a53682a1c942d606e40b64eb9da24dab3a5ae6177df2615c9e59d01a9045e74411c2d1d71d3aebcb8c425be98cda40141ad1b7503af311407e484118f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
7e8758265ddc08f57b405e824cb5febd

SHA1
fbfcc80b8e84d712c0d4bddb1b5e081a55898cd9

SHA256
2b6d42e0278328dc2297ed781b1cdfb6872a324bb395892cfd751ac8271c7eb1

SHA512
cd1ff12c6a8a6bb1fa2476675c1a861bbda3dd653380f1dd801d7c4cb9d2f0e23731e5ef3d17fca55b8b57452d4632e88d22a07965aec89af8961c9e95676bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
573a11587ca31e04f9db0b89e50a7171

SHA1
ab0c393bc4cddade88ef92cbe0277fbe2bf0afa0

SHA256
bbebcd144a5018a6317b205d2d75b9a6cf10e1902f1cc718b121aacd4c45382c

SHA512
ef73aba8485033097c4306440afbe6e4152a130e514c39df2a6471ecbed26bc70e0641160b55d6a72d1e74d0a2d2d47634df692f2598a8cb2556873182499d2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581ad6.TMP

Filesize
101KB

MD5
57dba9581b794a4a8f8f1ade1f533129

SHA1
12d9bd670ca94ac7992fd4e723baf86ac8204b5d

SHA256
50c9ea736cacf1ed790edc0d46e9aa4451a31e3120940d272556e6f5bdc1a918

SHA512
e132a6a21d18ec3b0edb2953bd0c4722d33a54d5eb7bceb3aec75ba02119e5759a1381d2995b142750323febf97634548f995339f96ade189a3b41c0214b6fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit