11df5fa48739141035e2c1e888dae8f5db3993ffcdff0af0f301bf2f6e9e00ef

Analysis

max time kernel
64s
max time network
70s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11-04-2024 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

V7_Decompiler.rar.html
Size

26KB
MD5

1747b2dacf42315066f5cac3f46b6d8b
SHA1

121b3ff5ae62b13db6ec4fa39861c52caedfd653
SHA256

11df5fa48739141035e2c1e888dae8f5db3993ffcdff0af0f301bf2f6e9e00ef
SHA512

aacf78a9a03cfbc671272e5ae789614a3c1a572990eeebb642c2611505fa44acebae1c472f76550f737a75bb3d5244e49fdf7838460d2c2987325e2733c31a15
SSDEEP

768:Ww+A3O1Rmgjdh/impBLwS47DKB622XkgFvW:N+A3O1Jjdh//pBLnmDKB622XkgFvW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572779740651213"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 4568	4972	chrome.exe	77
PID 4972 wrote to memory of 4568	4972	chrome.exe	77
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 3932	4972	chrome.exe	79
PID 4972 wrote to memory of 2776	4972	chrome.exe	80
PID 4972 wrote to memory of 2776	4972	chrome.exe	80
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81
PID 4972 wrote to memory of 4028	4972	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\V7_Decompiler.rar.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe01a29758,0x7ffe01a29768,0x7ffe01a29778
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:2
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1660 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5020 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4864 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4680 --field-trial-handle=1856,i,15224390819770482912,8831707883523844389,131072 /prefetch:1
  2⤵
  PID:4904

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
6ffb73be730f9c22bbce0eeab7382d9a

SHA1
f078ed46b2d9339abbcccbfe55169b0a512506a0

SHA256
f0fde73ccb9069d8fda68bf0c644e52b038404f5834613007a494521ae49f10b

SHA512
957b002dcd99025670b87c34b196dca3e97405a7a410ad5c59ab47fc15aa9e78007d9a333ec74f83588ef7fca8928214355dff221827d07d745daac8ef8bac5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2fe1f1ec3625e8213156c2a0cde84746

SHA1
bbe5cf16ad15ce1ebcadd117fb0b0d3c5cec8be5

SHA256
e1412c69dda7548d7877a186e3d0aa115f3b110538f85661933b9e3ec60d716f

SHA512
193a66b6fed0fff74be7a78be3d376a32340db181606c7d4e97ef2f67f65c9f13e69e206d19d7559cff5a4d2191aa6c5bf3eab9dba8bf442e93aabe1751d37b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5afb5971bc9596e637a80085d8258aee

SHA1
e21647a67575490a5569e4a390fa5a84537de0e8

SHA256
c65ee2471c9cd0af114631d2fd7e137f5d6e1599276d3b93dfc52b5c558d9a43

SHA512
6a0a0f7bc6d15119dd49740cbcdb2b6ba46e03dc8221a372e7c02cae1b9424f53558955ab2a7a8774471258e282c0f975dd8f4eb140dfc9757b10027719b801f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
81d3644dcf92dbf23540a8a2eac44ea0

SHA1
a08abe4b802c3014c8b0bdf26a6b9ac44822e925

SHA256
ef7f3758650851bced367f6d2c0ee4d8d4b1400cb81bc7e9940c7bd6d900f608

SHA512
dd662ef5153e1fb575dfef57328945a6c68547c335596c58739f1dfacae6a21e1b05a7ff7e374275ad9992ec09b323075714330fb2f2225d2ed16311919f6af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
738a83cc7acce56f845cc4e2775b98b6

SHA1
00ea4b68580bc6267f58366bdb80bd315cee6912

SHA256
aa667d067007d5f375f1eb88679b9444feb9de8f9d7fa4664cfe4c6d33cc0af4

SHA512
74383d8eca6b50023e39cab46db7215a3732061ebae80b74caf5d158f951ea9e8f8ee9a5556f83fed9066d97d830742764d655f97d0c2b77bfa5b357755bec9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3e70c84b1a870f86955f961b749dc171

SHA1
e9d3ee28f9f7c41eb229f96361033d28b5443aad

SHA256
7e708f485ca7925a59a1885225f13fcdd19f635af8f5cda888eec142fda891b8

SHA512
435a68a43829d0d6d7203ab278e1cb3bd72ce7b08e69b361276ce8202fedc88c87948a6992225455b721a11974ac95d7685a835d7c9842acf53403eea7fbac5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
949730cd9dcef4e1fa698f31dc70a22e

SHA1
23a05e445fcacc350aa65e577b03285dcbc7ba0e

SHA256
838b3179a808f3754aea53d3e2c1b569131c591c347020eb41daff1ec901f701

SHA512
958145d1beb2b87e59854cfcb157398f2313a3607379a3d0025f908d9b8394c9a412f498b162a98328f39eb0dc1fc90db4ffdb402f1320bab7cc5593eed66990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
791fb51c8a731eb098dc755e517191e5

SHA1
413acded8f7570e42e7a65bf0dbc9a3d4ec9bfb0

SHA256
06e4aec59f5c64ebaf415f47b37a91d9ec60e5012524cf1b93880c1a47681610

SHA512
21b7a9cc5e1b58ed869f3ecf45b35e2b4bea16299856a36bb0bd0638e70c4ae3626e2c0cf8b581ca35fadf7e7c14f80ee1e5f272cf243bfef5ed63c8aeb9e4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c972d680cb7aa3216b8d5a84f856baee

SHA1
9bc0ffe4e9dbc0b853beeca89ff1563cbb38232d

SHA256
9bed39da6ee1bed55935510a78a163e6500213ec912f830dadfe0f1be3c9d756

SHA512
387cbc4242a2789f7a75bde952a58c715058a60c08780a576738ad7c51e7be2e2722f061b0a7e2942defa938c4b045cdb576c330b6a76863ad554e5200aca2aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
44726065f0453e126b187c6b29c3db05

SHA1
291021056fa153ee41cf29962b9b1c1ec43ab9d4

SHA256
592cdffc46ca5da5ab7c150416b74c1f1efab48cfa8c756d3358a25979bcde74

SHA512
1267dc5a5dafb0695f878742eaeb47990ac03ee1e61bd21f98b340cd5f40309b138d767e95c6e58363be4f922f929c44bf398aeb2d857dd3be819985fb37a042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
88ba73bd5d01b98d7175977c2b849bbb

SHA1
c6ace765dce64aaa17a5393e9b2bd87cad25f858

SHA256
5a6265625e64ac5da0e84380f45692370fab92247698ec29ccf995605d9c9e19

SHA512
67e65ee1314230e7eea41a4b9c7fc17c6d6011e85a65506e5633f6762adf48cbffb3f95467187a88effafc72c99526b82dde16887c75be354cb858a5dbef3a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit