hxxps://metaarch[.]net/new/review/5550/v[.]easwaran@jiopaymentsbank[.]com##

Analysis

max time kernel
299s
max time network
245s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
12/06/2024, 02:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://metaarch.net/new/review/5550/[email protected]##

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626324298806308"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
4880	chrome.exe
4880	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 4688	2492	chrome.exe	78
PID 2492 wrote to memory of 4688	2492	chrome.exe	78
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1200	2492	chrome.exe	79
PID 2492 wrote to memory of 1188	2492	chrome.exe	80
PID 2492 wrote to memory of 1188	2492	chrome.exe	80
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81
PID 2492 wrote to memory of 3168	2492	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://metaarch.net/new/review/5550/[email protected]##
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc2d75ab58,0x7ffc2d75ab68,0x7ffc2d75ab78
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:2
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4920 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4608 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3312 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4864 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5024 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1480 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3368 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3200 --field-trial-handle=1896,i,13281375104782758098,12025045576274074831,131072 /prefetch:1
  2⤵
  PID:2232

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\52f4fa58-bc1c-4d05-9b05-b6f2da067504.tmp

Filesize
86KB

MD5
339b48591325829f0433194833cf9527

SHA1
c5582760987b131f3f5731bb34a8d68be7923aa0

SHA256
3feec784c2aa2337cc5b1b0cbc30b797bb82ceeedd54a164e406d32af1de2595

SHA512
382992ad358a70ecf2245b80ff0eedda5dbeb9e8cf61f530516b42a49f6b7b4bf867d2233512993641b1be090af0d7d50e768eb5cb0f0d3494022774bdda0157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72ed40f5d2a929b52931e5554c832481

SHA1
c7448a68ab31e745b38817a73e2fba17a10556b1

SHA256
254a0f2bdd8e413a09f09334d0606d066317f89410a3a8627b3268aedf568644

SHA512
8c23da5d8bad1427dad1467cece4dee7b8f7ead6264471466a0562f2c636173b072c3a0e80049a7c3fc1be9a467453fd11229578315999f7777cd93030197e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8b8ba7800352f324dc522eee462a435f

SHA1
36ec3e4f876111f1fbb6c25798ba39b45726a983

SHA256
b7f3a67bc5142da43978b47255707060fb35f197b0ef1d5b1db432e8685fa72b

SHA512
ac6cd023cd7c3253ccf3c1d1c721adda97db1aa1c1c6c867b5141a7951cbc3d6d84a129956397b3f43167a0a9380237f3d4e69e934681360926982b46495da18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99b89545ff6a7a25563bb8fe942261ff

SHA1
1c40a826a93754acf95fce061401d6bb2c5c004e

SHA256
6076112c51530baa20e5d89293b2ed064649695f5dacfbe4bb92fb406d56a4c4

SHA512
45856a21152094b0eff82a1e06ca42de20c5f13d3e6ea9c908cc070aea9c2144ccc388c41265289dd3e912ab6dc50e54262407c49b34f07ff8cec5cefec66f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
53f1487071e2df2055826210e5cf9f73

SHA1
13712aadb30606ebfeed270fecf9517d3ad18853

SHA256
e485aa641546d9147c6ac86675bc4bc079d1e684e70b98c5a4662bde2035732b

SHA512
332cb36af2476619a6ef582db8cc866bb1c6966882fcc68fcf8a2e6bae068660e94968f9676d877ab025bd97555102479fb2abc2837cd27521c8116b01faf751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
e9cbb20855769cd0c5806a6f12c96f27

SHA1
85daba44c7671067a58c9802b08a6f213016c4ca

SHA256
b6d4be205289b315147e5ee25bb734d96730880a159c3f09755f548cf2c39d25

SHA512
909f3ed114e3aba3397d5cbb4719293f53dfca9d5684f9dc2d6ce97701296e519fd8ac059404ae9c638c835874281fb2820c962e87746de6c5dd7afb2b1f7b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e9a4.TMP

Filesize
83KB

MD5
f8aa98451b7fbaff5ace75bdeecc7261

SHA1
1ff29953602bfee82bfcb6194bec51fb02aa3090

SHA256
b093969f69c7729c0f4cebbd6a1e1206f2a30e54c4064944c18eaacf40841d80

SHA512
00c232ec1e0da4ae1fca4c07e030bc976694270c4149ddf9ec7a6e871b9d4854b661784b874fd8b6768e88e6126013e566aca9c55918a1c49935a46cfebbd277

Download Submit