bcc8812a2385f7a4db7d7633eb5ce0770e5cc3b5093873fd3e0a7c239f8daa1d

Resubmissions

11/04/2024, 06:06

240411-gt1pxagh4y 7

11/04/2024, 05:53

11/04/2024, 05:51

11/04/2024, 05:48

11/04/2024, 05:44

11/04/2024, 05:39

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/app/js/block_inputs.js
Size

789B
MD5

b5b52c92b90f4283a761cb8a40860c75
SHA1

7212e7e566795017e179e7b9c9bf223b0cdb9ec2
SHA256

f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544
SHA512

16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\services.msc	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572877037713179"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
5340	msedge.exe
5340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: 33	3956	mmc.exe
Token: SeIncBasePriorityPrivilege	3956	mmc.exe
Token: 33	3956	mmc.exe
Token: SeIncBasePriorityPrivilege	3956	mmc.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3956	mmc.exe
3956	mmc.exe
3956	mmc.exe
3956	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 2004	4876	chrome.exe	95
PID 4876 wrote to memory of 2004	4876	chrome.exe	95
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 5060	4876	chrome.exe	97
PID 4876 wrote to memory of 1972	4876	chrome.exe	98
PID 4876 wrote to memory of 1972	4876	chrome.exe	98
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99
PID 4876 wrote to memory of 3020	4876	chrome.exe	99

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js
1⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa8d2d9758,0x7ffa8d2d9768,0x7ffa8d2d9778
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:2
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1808,i,17382445971026953117,10146330389431879841,131072 /prefetch:8
  2⤵
  PID:2532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1920

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault93383edch61e2h48f2ha4fbh60cd3fcfa552
1⤵
PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa77a946f8,0x7ffa77a94708,0x7ffa77a94718
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10067375544811680119,23584142631395687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,10067375544811680119,23584142631395687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,10067375544811680119,23584142631395687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:5408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5624

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\fbcf6bf6b20545d0b6890214da736097 /t 1300 /p 3956
1⤵
PID:5920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
14f874cbecb8fc1f2a9ea5a99dd77ddb

SHA1
248f0ba1132e807ded7a967c49ecf284bf443b54

SHA256
874c4d3ec7c115cb8603b66ad25215ab5a8c022300f89aec6744df5819bb6c34

SHA512
b38c7cec786d71a8135a6627c08c425b0268fe94684a57adf411e2062bb3e76e1045165cddf88644fbcf5c08db31961d499fe889bc8e793c0997bd441c906d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
377fb8e02640314dd582885e4edd5f07

SHA1
0ebb083580f0cf4d3ab2f22898e97e48d1c3bd7b

SHA256
4bf8c93e12b3ff0b626123a319f6f34bcce80550a49eed46c40efeefbecc6bdf

SHA512
0496db799f94a1bfe46552f292f1e7b6fc98d88a98aadfd8426a44f604b66dae228ba408ff8990e35535ab1c82f021605419643dd225f2b4eefb9dbea90c4471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7fda5f25a6f79f4a3e46e6af3fb70e81

SHA1
30c277af52723039cfcdefaf7d17628d9c82b2fb

SHA256
849ac401c7d39817fe478aaf13459d20a56321f2b5c8ddfe61b7e8ce9da55ffb

SHA512
f210cc302355c3653a0ca69ee733848528ab73ad691752890431e04843d6bc449419c458c7cfe6f59cc1c48244661be67691e104a45de0bed9c91ee5cd0eabac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b60e79dc-21f5-48ab-9517-813225c2ef8a.tmp

Filesize
6KB

MD5
8ebc83b404a2c52fa36feefc704d98cd

SHA1
c35974cb9e2cc5b179b66a92950fe97f67e7ab35

SHA256
52a8a053e5f1cc8ad8584e979a7a7b2e88dbdb093d49050212a90bee9691dd99

SHA512
4725236c08e374f03645bddb263c27054c3d9119a38f41eaa8062f7b6582daa4e0cde0aa2955afad227bec6973d0bbc1cbbea152a3b3b5c1411358bbd7cfee9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
0fefa176aef15f3a0c9ec0d7b3aa5625

SHA1
7a3c7b7327af24a5ff864066dd6882b2db4cf950

SHA256
1b51fc86bc0cf9b03a79c35fc68d3919c3378aef1897b6d892aa91ce84236a1c

SHA512
20654f6b777f206667bdfb582a2ac43c7857e9ec05b566d876bdba71b70106f5f61d8c0fc21062e882d17ed57b5ab893a35ff57189466be03fc256ecd69fec1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\71eaccbd-1fed-4368-9715-d6b190ee031f.tmp

Filesize
8KB

MD5
2a7cf88ae15ced90e0defd6ecb54e04f

SHA1
3029b435ea786f4ea44606b56a7da33c8a0a3d65

SHA256
2c16d05a88bdc10adc6f79d5d227f47aa3e5df79b1df66ae1abdaa039cf39dd3

SHA512
cdb9067e2d36b9381fa1c323c5a660ddcfaaadee3a2cf4fc661b7d550c3fb3102db733fcfa63495c63e582858eb2103ab58a015efa5e745ffd0aa41e644ee753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
963c4c8e354bbd42d4d67709120c44f3

SHA1
9c36bae43b4b6f903c786a6cbdf02fc0c931347c

SHA256
f0f357b7d7ab21927ec2e8ebeb0f554b44e8cdf80ded1a38096e1572c392040b

SHA512
54f000cd1b4089cba56e9373f8d70bc60686b82c2501af6c1b727f87686c31f82cd0192da6def0dbee6309bfcd8c21c2dacf7ddd6b5b9f34db6890888f0a5065

Download Submit