d98aa8643aee90bb5b5521417c5d2a05d36f674d9498759e0416cb40c21258a6

Analysis

max time kernel
302s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

17KB
MD5

b62f92a34af5dc1aaa967bb8d9018c90
SHA1

670c87dca846467241ad46aa80eabcb59514ee8f
SHA256

f60cdffed206be4ca8f1d2f72579442081c43e965bc4471885ac55f15d7c6bbc
SHA512

2b3a80060820cd5eed669eb52d6591e845140f65bef389bb1c5dba2b386f364a7818057e98c3afd63cdf9e8e67b16f181c0c97a1fdc2467aa703bbbd1d0cd1c3
SSDEEP

384:yBJH+0eIKtjuzdWGSXG+GDS3DHwKSGz3vmi+H7zEbRzxzWYFISeb+nTJt+CjTbM+:yBVegIjbGm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571570817341077"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
5856	chrome.exe
5856	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 4712	2968	chrome.exe	92
PID 2968 wrote to memory of 4712	2968	chrome.exe	92
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 1652	2968	chrome.exe	94
PID 2968 wrote to memory of 2496	2968	chrome.exe	95
PID 2968 wrote to memory of 2496	2968	chrome.exe	95
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96
PID 2968 wrote to memory of 1872	2968	chrome.exe	96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8b3d9758,0x7ffe8b3d9768,0x7ffe8b3d9778
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1244 --field-trial-handle=1880,i,14443252819314788393,10010115235373813656,131072 /prefetch:2
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1880,i,14443252819314788393,10010115235373813656,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1880,i,14443252819314788393,10010115235373813656,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1880,i,14443252819314788393,10010115235373813656,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1880,i,14443252819314788393,10010115235373813656,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1880,i,14443252819314788393,10010115235373813656,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3916 --field-trial-handle=1880,i,14443252819314788393,10010115235373813656,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3964 --field-trial-handle=1880,i,14443252819314788393,10010115235373813656,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5572 --field-trial-handle=1880,i,14443252819314788393,10010115235373813656,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2416 --field-trial-handle=1880,i,14443252819314788393,10010115235373813656,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5856

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:5484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
badaace939551bb5ef8e6ec3dae6c066

SHA1
cb708d0a8dec65e202e0e3ce86d1586d384a1d4a

SHA256
eb37e1eaf10ba148935b7a3a46ba18c721c54d56d58c19a351965670a82ce401

SHA512
2db23df9bedd1f7cd42da6bd21a1b2defce33ce73c2a7f978ebf2021de4f08795e07000b5aa3ee1869107bd26c03cc4aa38f3cc90a697cc0009db2159ee7d1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
885B

MD5
c019eb0451eb014ba5d5190f6c089a62

SHA1
3641be53bb16f5dc08669e5478eef170581e98a2

SHA256
03e4129888ae16cd0f4656644c3093dbfcebf6d698ebdca781bc80d1b709e4c5

SHA512
8c3a1c63e2a8cba33f8cbc2f31090d8a5cfadf772a37e7a0ea861d91827c503a5dbf570e8e38d9aeab25d95defc20a850782c75a428d32cf5138d5a9ad664582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
95bd289ec084f5350f6fca24595b0142

SHA1
1ac619a8d9981fa86a842ce02ed7cd927b654a41

SHA256
63758172b819d89cb0bacdfde6d2de88561b0238c4e66b0a24216f4f817aaf27

SHA512
86505de89dbfef7eadc06151877f14e438caff19ea73070d96a3a75786c0a2d61f578dac8344cae36353270d5b27f815bcaf29f6dabec0e4506dcf2cd71d5036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
b717960bb3338c068115f4d0c192fcb8

SHA1
1cff135fbf31d07cebaeeed744fbb41e8fcc5aec

SHA256
fd474908ac5b57bd0899ef0783d95067ee35de2ff2bec153b32bb1b9f887bd10

SHA512
a6b849c30d9676cabcd22551c27df6e505be2cb576b3b71103bacf60d5ce4f843ba9b35cd30d3665ddb5e96fc565846994aa2d99de544a7bb36bae14d0f55e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
2871526efd78d87c9e24423302e63385

SHA1
fba768a7f5a9a1eae47cb7b4071bc4a94e4cc9bf

SHA256
dadf8645f401b5d1c2f927c3aed5447dabddd8eec634aa40bba936194229e9de

SHA512
b580e91d62ced37f0b1286998b963c199247f55e0deb5384864dcc9a742e5da5be975c32b45c168448a1f52f8e386d3e7229a7fdeb1dd887ecf96a3220c20c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
e1cc4d9d052fccd21388fa58a41a695c

SHA1
68e378fa58a62ee092e83722002d662063cc6a88

SHA256
3636268ac048f344e6eadb85ea341d4b446eaf1af7b33d000036bce670231d3f

SHA512
d2daa382ac3bc835cf88f96a53081638ee34d1291231a91a96ba28f25a5fe802951b640b50eef3d8e89aa3f551b4f6d612ee972616f45e730f1e631937217aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
659b24cc0f890b0793958735a89bce7b

SHA1
8d68d7c0e2f0bfdb0fe9860b5b5e9666e2366ee5

SHA256
cc0d2a3f20f828ef98eb1d121bdbad3315707b589ee0b11421bf87b0f98b7656

SHA512
680027ead8f9986c35483f871b89b28af92f3b0e9e8e672cf5f759f2077e12235531d2f2525f187d820489498375eb5492eda5094757d20bce1011dfb17a77b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
da31ee77f71bc09037389f7b06d714b1

SHA1
a87a600b60f3846adf16c1d1162dae42502f544b

SHA256
8ff1b34569e0c1fc984f6e4655385cc8e6f26d067331b2670f532e4a0093616e

SHA512
9160712351b2509153bc84f7f25aedc9caf0c7489169649b62de06b3cbc7d095dec5b44a1fa273061c4dcdccb4bd1518be968d18a5000cdee3cc221bed817c81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d95c4f05840b5ad0a2225f5377ababe0

SHA1
0d39e783f355fe99f207f1d0cb0bb26387e849eb

SHA256
5d277311833aa6bedcb1aa4d1c9819ec14b4ab2836b82d38d631b14e3d6bec98

SHA512
f301052195291b13abf729b84e74c59cf0357000c39eb50372eaf88d764598098618ad8e453bdb92506786eb26d45a4549da7b9492a8610c28e823ff80397081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
6e4d1e96f052e6831e1814c1f8451fd7

SHA1
74fecd06af139531be7894d4838cbed8354ae1d8

SHA256
c264831bee1839427666b13a316bf1ba520296786e0920eeecbcfd484c3aa919

SHA512
874fcb16d3c73d2404bb3fe9658ff48e3af7e48480dd0472d4c39edd08fca5ebd2227fbf65312979bcc22bc2995e8c9c4a2743895184fd13842a03bc61274488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit