hxxps://www[.]harpercollinsbookpublishing[.]com/

Resubmissions

11/04/2024, 09:08

240411-k3wdbsgd24 1

11/04/2024, 08:33

240411-kfwqksah3w 1

Analysis

max time kernel
1799s
max time network
1799s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.harpercollinsbookpublishing.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573000954022746"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: 33	1288	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1288	AUDIODG.EXE
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 1952	4820	chrome.exe	85
PID 4820 wrote to memory of 1952	4820	chrome.exe	85
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 2076	4820	chrome.exe	87
PID 4820 wrote to memory of 4732	4820	chrome.exe	88
PID 4820 wrote to memory of 4732	4820	chrome.exe	88
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89
PID 4820 wrote to memory of 1832	4820	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.harpercollinsbookpublishing.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffdf2589758,0x7ffdf2589768,0x7ffdf2589778
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4728 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4688 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4676 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2556 --field-trial-handle=1840,i,7236361140102753467,17576395882883110896,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x378 0x4b8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d85cab2096746de87a7e41e5e0881cdd

SHA1
6b2bbe431f2c39609f8b7d3cdbe3bb49e5455600

SHA256
2f4d4ed79281f461172626cc8acbcd5432c527d123f779be9bb8d83a660978ad

SHA512
642a929fb9523ab33283d98f747dd8ae1f6ad37c43c0645ca0099bcf5b467bd5c31cb5eaac856b668fa0e25c1b709f893990417ee689777ea017ae1647615117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
061fa22de06900256b5cadd722887918

SHA1
a9d67b2ddcdbe16b54d28ed085e251559af54dbf

SHA256
bd64c043b60f06af8808aecf9722cccf1973916b6e735bce836e3189d6c73b39

SHA512
d40a6910326a2fcac0735cbf8d44940a6db6696c1efb27135d4780c795dd40f3b12533076c7df95df583e71587e5c68833acef9681b5fffcaaf22c3d980204d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
afa1b3fd7720bb601b8c2153c122c0f0

SHA1
72e1f38518b9dd0c984911882fe921ab87e305af

SHA256
46b2b6d31dd4fa0b89b9977b8601571165e6ee3937b8e37ffd1456af5966c180

SHA512
a7de5321e448f3749644552fbf4716bbfb515c98d3336a5fb6faee5f668c36eeecb1363adf30f5405087c0d76a3f7158f5f1bc799c003921b57de3b1f597a677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
92daf331b4e7037fea651e58e776b9be

SHA1
10adee8bbd696ead81171529d7a0b6e7cccf0f11

SHA256
1b4d89a94a4638c1ff21fb603f7e0d4e4cd8e0f675bd73480de631d0ae2d772b

SHA512
0dd9551d0da6d9892324d8d99e94032a28837bd34e197ce1cddc921858babad9c0d9ad0331b1b05873ddff34d1df0bbd7762d819298eaf386898ef922de1e780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4455a322b8b798f385969c6a7b7c7ad2

SHA1
f7b65c27783b5fef37272eb45ab8ff296c790619

SHA256
5334662fa728ada6b22689672510237700ce35a05a165d21e3a3c6ecff7d83ef

SHA512
ef3dfc37137ac93c7c8ad754c677bd6992eccfb3e75ddb879f6915902ae5862b6bc45e48319aafdd8963552eea7b18a1de4a1aa10c88176eb944de3634ddb72a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
354355014eb4f7b9d7317eacc91a0775

SHA1
4564c37a57efb732d023e62fff56e7386f17038a

SHA256
98dc0166f6e0c296194c2cdda8306d91a59fd46dd596e10540a020b1b63cf423

SHA512
740895d29e3a30c16b3ae454b2fad95ffcc40cf34ca209b9896a14f22925a4e35f95339a789f95a9128d7d0ce30920ac73d4ff7fdfc82d9fbf1fc1409d901048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e6d58d520dc21fd9bb68451f9ce2bcba

SHA1
f2111dab0aaffcde1c8fe96426b1b6da165e1e31

SHA256
4556e185a08497fb197a8e9c59b55ddc29ace7acc6603199d12bc8c0dfa91bc3

SHA512
b487a090a8fb8c6015d7e30234769571a7599a5bff034af5f40db0e7e6afd3f4f279814a92dfc4dd155d5dd888b5c822b5337f6b284a3ef7e315b89adc0f9d60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bdd5f265-7e2c-4120-a380-732c480988d8.tmp

Filesize
6KB

MD5
c1ac5d21b527b8e3466246e37fd90686

SHA1
b711165cc06bf7b913ba0feaf1a252672dafcbe1

SHA256
e97ea7ca6772bd6539135b3e2072b05fc9ee86d122df08d2e16b90d004b7e840

SHA512
890f041a0b5e7cd856621a6fcab9a070e9f1bf0e0bc1828744ad47c6963801d526af46bad7f78c9c54dd15b243f7b4998d88f351a166508e7f3cdefb647a0406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
828a35437b84cb45d9929e29df5367ca

SHA1
2841f40aa57d4e9920888c56be81a68f42532381

SHA256
b2525848926985d410e436229001ccaaf685a6f61593ad1ef34b85669235260c

SHA512
fdfa0a615c427d44f15aab18c738b6f4a26d4a71ff19a893270b4ca1ffa8ff62c9e81f859fdda72dbaca9c1a0e76787ac048dbbd1bf3c6bed657c598e3e8ccc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit