hxxp://www[.]freeware995[.]com/promo/sponsor1[.]htm

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.freeware995.com/promo/sponsor1.htm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568156875970649"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1720	chrome.exe
1720	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe
Token: SeShutdownPrivilege	1720	chrome.exe
Token: SeCreatePagefilePrivilege	1720	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe
1720	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 4580	1720	chrome.exe	84
PID 1720 wrote to memory of 4580	1720	chrome.exe	84
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 744	1720	chrome.exe	86
PID 1720 wrote to memory of 2160	1720	chrome.exe	87
PID 1720 wrote to memory of 2160	1720	chrome.exe	87
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88
PID 1720 wrote to memory of 4128	1720	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.freeware995.com/promo/sponsor1.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bc519758,0x7ff9bc519768,0x7ff9bc519778
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:2
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2692 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2708 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3732 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5220 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3548 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 --field-trial-handle=1888,i,7190714848617297590,9997159048632374459,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
111KB

MD5
65bb0a158ee1967292ee4d11079d45ae

SHA1
b1029b1d966d1732e6241677773393a313585fb3

SHA256
96a2bf793dd663407f49bcd219fe5abca8d52ce98d47b6063e3843db5d17bcdd

SHA512
c7dade7db70ac99ca548a249e83d1752c106a823cf8c1a36edf1f8680d7a563a62439233c6727dd360d2f06c4087173b883df7943cba3bcbd991fd9d9c8c1095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
358KB

MD5
d570c14f28ffc92c1e679c27844f2c24

SHA1
6b83d94ad0069a35437eca92cbc7a91f330c3da1

SHA256
093a4e1e09d7e65b9e05a75667b38e68caa293d1d2a4db70f63c019f240ab424

SHA512
a7804c8db07a9284d3815c458ed3d95b2bb16721dcc65b635333ae98090f3d16cda13c8e9d64402f3a701177e4c2c8242372f21bf562a84fd3d36838e985bee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
823B

MD5
eef4a6f809470219c8072f9065c1d945

SHA1
b4b318f3b3f426758fbe80a6e07b654de9bcd617

SHA256
152e43e02463c00791f164729454a62befa1fc46d37a5b5e93cbf80a567cc08a

SHA512
dfe6eb3848f907f43250ef90a76f2e60ad06c3e32b52a265ca95e6ebae744ecc4212a9c24ba249d2db57be012dea47bef9c847bf0d3370d0d6e2a41a13170dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6bb747dd3b1a55ca02c2edb1b2230042

SHA1
6cd454ec0f9d8b3364b8bdb9e603bed080ce5a79

SHA256
d2cbab332205026df06c48ee216570c95bff1d41545a14e0a1921d521dd3d986

SHA512
74b8f94d87496278cc6d752b0de49fcd9e79b985f855eaf7c9fb7ec0218e909a65cb6bd4f16bd8c7ff9047b55765bbd3b767b240694e502a1a54d3687f8674f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d3543a555c7a1936b8db330c900fbf27

SHA1
30a6634888318182eb8afeebf2e4fef477085f72

SHA256
ca77f5c9f0ad135ee26453515955fda5c509c9cb903ea31fb319840fa315ee82

SHA512
351cd49f605efd35711656121efc51b7c72e9137b7de8d5c1e27397120666842058515bf1554e2181f5f5c65b7e8f3b4ff8d96ba5f71484ddedf2d80a9dc1b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d627e8cf63861771ff8756699d8dd7f5

SHA1
89c4b347c4a2913a318b6b53bcdb4c498345d093

SHA256
309a705f9e483753df9314719646424431b44ef3614b489741d45157efab2820

SHA512
7132e72256aeac83f0bc45ac221d612c533bae1ddde39ea6b3dd692fd4407962aa89da2a8e8a2052d625f50e38267358374b814dc6d060df0fb3825bc220ec32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
76b965c666f3455cbb57db60f26df2e5

SHA1
632cf21cbfa38a488bd980b4e3d1fae2d9152a86

SHA256
b2329ff00a5974c3956a3d7d6e90f422d3cb69518cb2341114dd308518fdcbf7

SHA512
f3da8610d23ddcc43adb055980b71f7653a0383af7e83cfc8de378b427fda3d1450c0d901d57f1f601b9ddaf32c49116cb7b1255c51cb597c163a207309c9bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
943eb80efbf80f0dbcb2c62c3fa58f59

SHA1
ad3756614f6fa3ed51bafc161e23e774f289a79d

SHA256
28f10bdb093688a12e83e4a688c636a1a8ed0df3ba7993afb5516d503d558eef

SHA512
b492f794ddb6ff3014085523b2adc6b5c1e8fb44250e861ca8c3b5dca3f9c8f34c671a7d135c6a7c3e651ebf40970efdd36727014ad2e6531bc7fa1120a3e301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c2a929bf4db4a0bb7a0592a511e639f3

SHA1
f7da20021fde29c88c2655356f3b42bfebf4d663

SHA256
0fd8c750f5cf8275cebbe0c16828f72dbaf38db378e14457f98573f908183bf5

SHA512
494cdc8b3297fd5f6233f81ec128d94ffec09a1a821a630e23b108b431ff9c2d3cea6b265a6fd819d47b7a3a578c112eb6b4d7dcf1582d72d198d3be324d1bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
7f66af0c637f15091fb0799c411228a5

SHA1
2cdb0f1100d57efa50b5108f5a602bcb0c1dceb2

SHA256
d191db76284fa786971ca06a1f509e8fa8ab0e7e94e1d084e200771c3fec8115

SHA512
a2519519285dddcf905e2790e532b4e85a207cd548eb6a26bf344f86a13002745f9fc141031e927f16cda4513ed83ef8f9d1ff85f483dcd349e9756fec6a23f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
5d8d21f1990dc03ca01bb8822928b462

SHA1
d374e43642c490791b04b294b30c291fe1a0de92

SHA256
c35e70d66f6e84f2e99349c22c2d04169c3a4d14dce696068a587f1367202f68

SHA512
2b4be9cd4863a942bc54c2ef2a72447736010801df09d59f7d197bbe8e701cc29cf2779cfb22788e9b63f6519072fdb6ec8bb152c6ff81ecbddbc331cdbeb934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583c68.TMP

Filesize
97KB

MD5
c924d2e7d25b4cf3cb017aabb87b3d56

SHA1
22505f8e67db556586347bea8e7912036698a011

SHA256
9009fa963e8830fee45f36c1c4393baf6b8d673113bda693297f009af850ea96

SHA512
3a26dcb679f5b39cbc55000415b7744b13444a72f57dcce819c728f7e31dd0f42c6f27386e7a68a9186cb842809c9620f28afc51d09027c398ce36ac458b0383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit