hxxps://putrefiable-graminaceae-47595478bdfc[.]herokuapp[.]com/b?y=49ii4eh26or38dhpccsjge9ncooj2c1g60o32dj671gj8ch25gh748hq49k78t3g78niutrnesn6ssjdcdnmqrbldpkm6obkd5nmsspecdnmq8g=

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://putrefiable-graminaceae-47595478bdfc.herokuapp.com/b?y=49ii4eh26or38dhpccsjge9ncooj2c1g60o32dj671gj8ch25gh748hq49k78t3g78niutrnesn6ssjdcdnmqrbldpkm6obkd5nmsspecdnmq8g=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609163875795204"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
3988	chrome.exe
3988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 2548	4900	chrome.exe	90
PID 4900 wrote to memory of 2548	4900	chrome.exe	90
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2120	4900	chrome.exe	92
PID 4900 wrote to memory of 2196	4900	chrome.exe	93
PID 4900 wrote to memory of 2196	4900	chrome.exe	93
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94
PID 4900 wrote to memory of 3440	4900	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://putrefiable-graminaceae-47595478bdfc.herokuapp.com/b?y=49ii4eh26or38dhpccsjge9ncooj2c1g60o32dj671gj8ch25gh748hq49k78t3g78niutrnesn6ssjdcdnmqrbldpkm6obkd5nmsspecdnmq8g=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe70919758,0x7ffe70919768,0x7ffe70919778
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1872,i,3192703955531168434,7112868042149939588,131072 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1872,i,3192703955531168434,7112868042149939588,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1872,i,3192703955531168434,7112868042149939588,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1872,i,3192703955531168434,7112868042149939588,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1872,i,3192703955531168434,7112868042149939588,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1872,i,3192703955531168434,7112868042149939588,131072 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1872,i,3192703955531168434,7112868042149939588,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4960 --field-trial-handle=1872,i,3192703955531168434,7112868042149939588,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1872,i,3192703955531168434,7112868042149939588,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4220 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:4836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
238366d2ab6e14b7887f90f1dc661663

SHA1
6e7f90325424b617d9b16a0b8a30026ff09f2427

SHA256
d24822a5ce79033373b3ba0411fc6cc5be6e8deff06070f20b4957f44457cacd

SHA512
cfab4aa5a66a633bfc783000e6c392a6d46e5c9f6ae7d6cb6d7f0949767ffd87c5f0485e45ef491a6e39afd1115d99c3c877c740324cec0f2ea07ba2f717d632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
804eda299d5620b8d24860b944184338

SHA1
062be9e56bfc64d3bd89805f677c28fe8d48d561

SHA256
942f4a850ba045a44c1f8f79a03d74de772e72bcacaef1c4f2893b7e4e13110f

SHA512
931a5577991c5d25e89ad1896ece842be7ca3cf8614f0c7f79ad1bac435d3dcee3281c68d0ad47f4d568037b970429ec6899365ee26898c0ac07db4b8dca236d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
421bb8cfc0bfbfd0a697cd825e19da1b

SHA1
31b74080e1e2dc87204fa776822ea08509a0d197

SHA256
57b03ee1995ad530c80f14b7d3bca3e56071afe76537c52c88af0bc332a4ae81

SHA512
8eed45b9342124c9dd41e7403c9cadd13eaf0c96720283e4184fd25fdac649b913c00dd1934b766fc9f6cb27502c0b41a6fc9ea1124de4956d34633d0c548010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d10d90936f56e9cda34439b360695e4e

SHA1
80971e1aa547a4de8b0c3081695341841a6cc379

SHA256
db15c0a2af4226f8e124210cf741d6c326724ed153628a64a6929679abce4ea0

SHA512
333f4547b42907249005969804eeeeaba3779d0e1f0a49945fcbc8ad22d28a5a6b1ac9cf7380c30e35d2711b15cc44016c72a2d2ad2e383228d74a191091e17a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b9621e3a-a258-40df-9d0b-d6afb9fe60e6.tmp

Filesize
1KB

MD5
8e35f0f212428010289b29b00bdb5921

SHA1
d103c8d95176f76b392df84a1f527db31154b93a

SHA256
d7fa14f78a1e6416355edc93c0b6283d035310f773c9f7979358358fdc4abcdd

SHA512
3af26f9e58069cac7078d84efcaa26aa214c971918195fcc36ad69c6590627522c502049532d9bc9a80036f03ed52b51d52eb3c5645f52f7058892f16478fc22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
27788f19024da28f345da24e81e0ac87

SHA1
d348f1768f03b24b150e19262556b23dfeb8e284

SHA256
7f28ac88f64e953c8f3b8217841bc5c3a1e0cb7d67dc64770b95aa104292602f

SHA512
5b2f7153d6e693221b31ce6605a3e313740e28a199eaa674229144e07d1f8413ddee0a63afac28c45438fb985b710095f9d81bda7b07220073e116e0f0ebd0b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3152d7c19980ce789cd64704cbf03343

SHA1
643976b1f8fc4235c4876e9b87fe952ad8a4f275

SHA256
66eca9d7aee685b6a434d0c30f55f6e0eee6a104c871ff9fdc7db0ab52aab8ed

SHA512
c6266a991b76dbabb0decd749739ac80d2ddad4ccef3e9e245c7f27352758897f5244f723a5138edfe4e6f78dba3fa0babaf6c11affc9a58cdc120e26888d8cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca7e880fe15cf0591f5633a3aba0f12c

SHA1
ed6e1c4392ea40b9a10ea20abc6e0b3f013745b6

SHA256
d128a1ef0e3affcb8ef15b64a4c3935efd09fdc4f52c65888350aa7277d57c0c

SHA512
80320998a2288244e6488baeb5716c853a0a129f85da7ce9cbc2a0347bde67a09ddccf723590b50772aba903063907d3367a355b9a9693fa08692373301801f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
b59ac118d201235bb08fd97e52408792

SHA1
a51cc8ada6ee40573900d14dffb59eba572ac33f

SHA256
17b392c7c15dc37ef758b3549191c32d5642106f504038a7a98ef21ff2940a5b

SHA512
432b47a5c4f7258fed527a3a2f43741e3ab4b27f53b40798dab2b2af7376332ce5642f503c7047215e4a99018fd161b2cf2766ea1361b4865891dc1358cbd6b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit