hxxps://n9[.]cl/

Analysis

max time kernel
299s
max time network
298s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19/08/2024, 03:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://n9.cl/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685102345104026"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
1248	chrome.exe
1248	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 1536	4764	chrome.exe	73
PID 4764 wrote to memory of 1536	4764	chrome.exe	73
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 1488	4764	chrome.exe	75
PID 4764 wrote to memory of 3752	4764	chrome.exe	76
PID 4764 wrote to memory of 3752	4764	chrome.exe	76
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77
PID 4764 wrote to memory of 32	4764	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://n9.cl/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8074b9758,0x7ff8074b9768,0x7ff8074b9778
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:2
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:8
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4608 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4776 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4660 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5012 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:1
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4944 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3780 --field-trial-handle=1896,i,5231199986036150299,1059044531769918351,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1248

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
e80d80060e4eb371065529ddc527461a

SHA1
bdce08c6580b462cc0c24f0c15de3b3ccbcd30b8

SHA256
12e805be0ab40858cb167c273fc081eec58806f04ad7ce4aaa3cfcd5feb21c6a

SHA512
bdef14cbcff059493c0b1885c768dfc63fb0f7816650c09257bcf87868c3f753e5f0c31be040f295d47a5fa8b75589ddd08a0b8ea8c07ae1dfbfd511ba00c483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b7a440cbd762b5c4d178c38f1d74961b

SHA1
3c2173414849c9ee128a8c85e162fcda06365e6f

SHA256
6e505606912ca8be18e25328e909e8e6c0801074933e306a9e92f2f6b9217577

SHA512
38476a35dcc08cfa80f33592dda6f4d82fd2411fd2e514f14545d9dc41557417d98ead15ddc287d0182b6b3827e947e51b5d8aa9c1621e822a0dcac9b915c9cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
d5f7fbc4d1a24e95c8cb6197ac6e2fde

SHA1
7320d4bb49118734df37dfd4b5978b9d5e6c9c03

SHA256
7662e14973c8d440523c3d309450faff948688d18c65108b6296d3cd64e87163

SHA512
b816d6036eb246825f9ff35262b8ed8f3a200c8c651a317bab1660e990489618228ef132e0c191e0f0a376ebc18c3c361e44f3bdfca7dbd664c643f52779be73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b89efdc242f5c1129f21bfb8e8443244

SHA1
319a049506a2de69fc203c47e2c041bee8e7281d

SHA256
27df8733424fa8221711de03850862dca5dfb11fc7f6fb306dd0a1f87b508c78

SHA512
9974167bf2475980e7bb3510732b950cb6fa4d38fee468459529c78d659121e58f30ac83890247a968777be51298e6bf2eaa17bb5a74490e673350abbc561745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
69da129375b0b8f661519fbce49b86a8

SHA1
8458d68ea6795c4b088370a3f76c67a4d0e13127

SHA256
d9e08e9ea9b84e0f6c90795295afb62fdbb9b9e31e54c2a9ae4ea11b4368118b

SHA512
920a928d98fc79cb9ce81f55032e1d9359d656c8a71b74dace995f334c9fce98a59859ea6c2312c9f099955ac0b5dfcab16eec51e1592ea5ed5e674a86ca7845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b857d683198087c505c046309d57e5c9

SHA1
1adfeff5b0ae6501edc3ebe23017108bc85d1a33

SHA256
c6029c0d4ae5bdc1215b2a5cc50a9fa46f51a56b136d356635e8660fb6c0b216

SHA512
0a9e80c36cdfa00b511b40fa64e296f3057ae29f3228aef7032b257e6abb7b27d1153971e264af2880553081d1460e91320a282c443461efee689d749b86c57f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f08cbe331b847a22bcda94493c04452e

SHA1
cdc9adba5b0f160ac7bb74db3584dda8ff6cdb48

SHA256
803e6b5351e4f5702ade6c990f4ef6345e6213bcc8004ccb83757f1558c6b9c0

SHA512
9429c395b0a0c934e2afd35bf3e2e8544b4139e6559568ecb34b61b41983996351daff7e097c391dca0e85aa866d46e7b443206609341cedc56fc3f9d6c12418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cb5e.TMP

Filesize
48B

MD5
0b9fc5e286b8fec0d0b748866f79cd90

SHA1
cd71c5bdb01f3c51ea6536d3b43b84cbb3f3a25c

SHA256
611adf6c7d8ad6b48f184331a814791ef9f68789a6dee474263f2e0dde530fc5

SHA512
7066112eb403a455c3bc086886849a07f2803ba03b96a3198fafb0d9c63ea30bd2a5cf2e61ff9ff880308fa50c6255a8f718ebaf86897bac401326ab20e7bf90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
c14e433c14d33fcbe986ca92ef0d7498

SHA1
88bad23c2babc3b69eca4f7d537cd09cecabe33d

SHA256
aca0a2acd195fdbfd0fb8dcad068518fe2f38e125b611e14e34cb515d9f0fe53

SHA512
e7ccfdde72e21a37abe5beb98d57da5945a6c517994c4b1559965f8a880f47065b20a4c6dd9b8a362e25f2278816730ae3716928d72ff2b2f2b8fb88466ae61e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit