hxxp://www[.]lmfs[.]org/

Analysis

max time kernel
149s
max time network
147s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05-09-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.lmfs.org/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700236918281266"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 4660	4496	chrome.exe	74
PID 4496 wrote to memory of 4660	4496	chrome.exe	74
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 4936	4496	chrome.exe	76
PID 4496 wrote to memory of 216	4496	chrome.exe	77
PID 4496 wrote to memory of 216	4496	chrome.exe	77
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78
PID 4496 wrote to memory of 212	4496	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.lmfs.org/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbdf1a9758,0x7ffbdf1a9768,0x7ffbdf1a9778
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2624 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2632 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4740 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4864 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3064 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4728 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4844 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3180 --field-trial-handle=1728,i,11697134406525540806,15523696048264824511,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
98KB

MD5
c408f36f69f7a718646915176b2ba5c3

SHA1
cc039124e3641755184750bc75f3ad59f2885b7d

SHA256
274ca3964179028ec92cb4d3fec42184fcfe496ec65ca23d6106935437acc49a

SHA512
e5e80644f3fd3babcf039bf1207f9868153117152995b7c97a5afb5f40147b9651093848c8fb1243977f27c91c508a026cdd6739a658af593429708eff935c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
3275cb7fe4a3d6d34b9273d05e052105

SHA1
40ba4f6cef0d6f668e6194b83d6fbfd477a51292

SHA256
6202df396520986a0fa9f22a16a556246a8a247a9f5661efaeb1a67a05af0949

SHA512
e58fce15fa7d2e4a3306b534b155556e402b7ea6c0103a4c3e2d41e9bf395d6b05cd902a7837bdbd75a4074c36f16eee473a6bcb8aaa8b1f6fd69e0ab06c9baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
949affe4094a7a2180422be62f7577f9

SHA1
e0364d20505c0a2dd79573b63a0c11a6ea95ed69

SHA256
88655bbebd517576eda4c57985636e68da23fb1831d78da947f0acdfa2c6621c

SHA512
8eb3ca4ee2063cdf8784665597333ebde9f1aa2ffc1a604cc9e67dae6a8611ef6f44ab62278473a7ea01a53a7bf01450fc934bf298605e4019ae59e193807482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
258a9e910e39d3521a760843956114e9

SHA1
1b60c3b70d3ad8c7f90cb233abfac1d8db93453a

SHA256
a4cf1d82cdb436440eb823172a8fc4859f155188a2a71dae319621e676950567

SHA512
a71cb378f002fea6741b335eb51bf1e1fa4ab2dd49fd9273c98db30545e9807adf060bfce9459391cfed2cb3ab20bde4c365db3cdb9e9112531620cbef72457a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c4c0eb6758785760a59ddb0b7e7e866c

SHA1
914b5b5151a7b91af4a48ff02a88eb8e1b36ea2f

SHA256
e6ca3772f3b98afef89e193878183a527fb3e85e70610855a7a983660f48e4ae

SHA512
7d04a9bd029c1d069572b89ef7fa3350daab6a5b83ddfe64d18744a460aa222717700b086a0f2939fdb348a40ee6ce1277afcdc08162c9a1571ee96f16049cf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d1805213667b75941a955f5fbab3993b

SHA1
3353ba718c4b3b2b060f3f05b40967214f5ea122

SHA256
ea27396c8f8dbc1fc705d90dd51fe705d21cd50035a97a7ecacfcc43f01cfe73

SHA512
61ccf3e1f17a44a2d534d7b72218cd08c53f795bcab096cb97888af6b1c17eab31fe6715950282766f31ea4fdeb24c74e24674f714c4f2a3b947d3f287d45690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd5a14a1b37b3704612e00851434ac64

SHA1
01d1c7093b3291430e41e93486bad36b743f518a

SHA256
c9784aeea79897aa3de505c4519acb76e4c2ee774e8fc559adfb5693899f18b9

SHA512
c471ae56caaf0b9dd3225a4b1faaceacd9343ad00cbe6c3f2dbf3a9e246dfc3ffd15719cb56dd2c84f778f0b0d938f6cc3e6d2e869494b1addbd9f9ddd9a3a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8d5be93a6049b1557b322ef52295e6b3

SHA1
c90a1bc110953627749a7316c11228819c7716a8

SHA256
c0230235c1ac025888e05b757bda9a735491463c3022ac4758a453a4e3a1eda3

SHA512
746174525c9979a8ab380cf91f619b73ad036efbae18a1f7c7412a5b290b67d2fb4c58a6d1bbfcf44c6f74a50ff1a89dd3ee456c81e4dc0d7067ce2a1b1380ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21b38d34273144b40c236659eabe3322

SHA1
5b71e0f6bea2d5bcb3171f183d22dad55367a115

SHA256
641f3b886275019f23c555a85501030ef748db90c3598a815197edc9aef8b6be

SHA512
3d461121eeb6703321ae79365360ccab06dd709f56018680e3ce7f05a7cf0369afa8ccc94afdabaa8041a99bbf2614120cf14a09bad52c29f6e01ca2ec4e3f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
b50d938193e586bd46cd0f5346d5703e

SHA1
b890796e508bac014e8914214d174a00bf99f70e

SHA256
969271d0c648c6fdca0aff1a7a31cd6581425c508d41727182a290a6fd8d919c

SHA512
69ae0339cbf4bd10b0341c090a0978ded9d777f72e171ad2adc3c3f2d38e73994940fe1016db371664a0c6f888d3d6915310d40a1eb551112334cf1d24f9b8c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit