hxxps://emails[.]bestsapcbi-int[.]com/Cl?p1=68eb165f-4cd6-4826-a819-15d4150b1967&p2=496882973

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://emails.bestsapcbi-int.com/Cl?p1=68eb165f-4cd6-4826-a819-15d4150b1967&p2=496882973

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584226013624071"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3808	chrome.exe
3808	chrome.exe
5824	chrome.exe
5824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 1632	3808	chrome.exe	92
PID 3808 wrote to memory of 1632	3808	chrome.exe	92
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 3056	3808	chrome.exe	94
PID 3808 wrote to memory of 4760	3808	chrome.exe	95
PID 3808 wrote to memory of 4760	3808	chrome.exe	95
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96
PID 3808 wrote to memory of 408	3808	chrome.exe	96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://emails.bestsapcbi-int.com/Cl?p1=68eb165f-4cd6-4826-a819-15d4150b1967&p2=496882973
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff987a49758,0x7ff987a49768,0x7ff987a49778
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1836,i,57402660191430708,5906166585002905029,131072 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1836,i,57402660191430708,5906166585002905029,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1836,i,57402660191430708,5906166585002905029,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1836,i,57402660191430708,5906166585002905029,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1836,i,57402660191430708,5906166585002905029,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3668 --field-trial-handle=1836,i,57402660191430708,5906166585002905029,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4612 --field-trial-handle=1836,i,57402660191430708,5906166585002905029,131072 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1836,i,57402660191430708,5906166585002905029,131072 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1836,i,57402660191430708,5906166585002905029,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5280 --field-trial-handle=1836,i,57402660191430708,5906166585002905029,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:5476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
628af39957862e6e9b5d29e73f393562

SHA1
7ce6e16eec19bfb870ed05d8f4e8285bebc297e8

SHA256
10db2fc94475d799985eec07727e936da342ebfc458e2e9560437b182827beec

SHA512
88f6329d9f26f9b1ed66a98050a4c85361a6ecd7ab7eb1689e8dff729d04e5b997eb842921e91e6f2526241671b0cb24a45c450a04c9a79e1f0c52a58bb99492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
15fa419ba17c3d126e5f5ea4a7b7e673

SHA1
c9d48d43a5ee5e925ed4ce3b097da9c1d393f8ae

SHA256
093925949e11cc3b7992ce5b3f7474a646b6130e2823a18d31a28cf8d4ea2517

SHA512
177e57a069c360cf483fa9b9b0e6461542b3cc956954723919936aac99b1aa220bc9f6b0915c253e7731e951a1c06f8a7405c901aa919891bfd5aa682d1b4405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7eda7626c6403ef646a2957d6cf46b0c

SHA1
243827d4f6ffb906d05e4b8222c43c7286f41331

SHA256
9a7bd7305e624691bc236a7c90f1f6caecdc21ca86ba487b9660b053e51de645

SHA512
2f6f2b40029470d7be7d392d50a33227801b78708814c073bfc5460d15e4169bd143b4845fc6b8d0404f7d7f28798a479b7c0a60b4947f6bcdb64e5eeaf64990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c305c3c034c6980aa0386b0a1af04e04

SHA1
09fef3500b993df72a6fdc06cd1a79769ce2f4d6

SHA256
232e66ee9deafa8fbf1faad92108a2ee401537e962ef498d91ece4a313d5ef43

SHA512
ff32e8d65e12988c310efd42401c0b556d223164ae18dee457db0bdf1b4076e1df68a9de1a7973ce3fefccca35abaebf0ac6f93cf3a745751c0d68531f8034b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
174514a702736e28e519000b2ba12c29

SHA1
3987507a7bdb1a1673f172b58b8ac8eb8d916bfc

SHA256
cc51e0d354204f32793e28016dc01f8528f87b8c3ae11116e2174afad9fe8c01

SHA512
fc06145c20fd5636fc986eb68bb862f5e20bcbcf75de33ca2505b1439ba41ecc8368ba6e3523dbcc3935f15f7239872c72ec55f7308b2c6c36c510cd6bd26e9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
096e95238d04575dffa9d8f8ea0cdbe6

SHA1
af4b67eaa546d768d65878d765f2794f81084381

SHA256
52088efde2fcb154aee308766143f9a67084f6c87ceff4f9b3d35c83c54ff92f

SHA512
63830d9a4e1e75466eb4db84115b594db14e301b34d429613c5dfb3cbd06c25e2738cf34badf201ba6e8de1000ad1e8b04a71bd2572f1da6e69765f1f9504c53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5469e499ae32c18029c86b114e55d748

SHA1
4c202bda75c1771fc5564746e7c88ac918b83b4b

SHA256
9beae6397225331bf12a14e461918fbd9134ad98a7bc02f05f0c3ce09de9b0c8

SHA512
bc0b192bb8b1c291f7ff6f5cbaeb778f52211f1b6992cb0b44f3906f4fa489596ec43f7ae9ef3af2e8484053d3256c49f3e76a1a3df78c25192bab67b106f30d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
00af3a2351feed1c002c29fdb804ab40

SHA1
b5b3593ee36d95df645475d01678bbbfe1f1eb9a

SHA256
669d2d9dee1cab8768e78af26fcd3a93f56dd4dd1f7332d252c6ddbd4fe87afa

SHA512
8ba9b4d9368f733fa05f01204c5cf0fb853b18491c5881ebfa6096bdbfea23750c2841cbe462770ea5f5c3d9d53bd5c56b4bedd603c8614f6f555f6133958c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d23b1806d240c9d63b74a1e38cb94844

SHA1
1ffd22fbdcda39173657ab699c2eeebbf68e05cc

SHA256
d838b0982cca01629709c7e2583f6009d63bcf99f877879429dbbacd7f76cfa4

SHA512
79c49d41cfe69a41654ce5f26b61b33effb5a4af4bab6e1600cd082d9e0bf1b05e096da92b058dc69f5a2aefaf8d0ea7e91b1f0ab5ca3dceb7ae71aeb6197f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e39fe44a2ded10cdc0b073707a52fd11

SHA1
2d0d6f504a17c66cbe2fbea53c43fca17d2b6f1c

SHA256
2569e20d682ad357b1309d87d60ab5cfe5ffcc213bcbb81072a13f12fea3d8ed

SHA512
0eb002f6cc76f83d04d298433057bfb48b3692cd65b79b6034de630bfa281c6b77760cbd1ee20e7f6556b074bcbd26ff5e23328ecc5147ab168e2bdd4b8a1f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2a0582ae686bf072a80476adba344e29

SHA1
8985730482b212cbbb033348ac1c756e47315c3e

SHA256
7714e5a2f7cd5bd3e18b8f4cee6a62fb64b080f83973c4aaccf3384b2f2b2996

SHA512
33cbd960413ff895ea42e50d14b65e19333895c71b4bc92a50e5dcf135e5724962495cdb1c7de83b66264c3b21746d155bb019c69c66f980b61e04c270972ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit