hxxps://malshare[.]com/sample[.]php?action=detail&hash=e8c4231db55021ca09e9e80c0e5376d92e6f61fde673ef428d9b5b7d7fb48553

Resubmissions

04/10/2024, 22:05

241004-1zxpzsyemk 6

04/10/2024, 17:48

04/10/2024, 17:12

04/10/2024, 16:01

04/10/2024, 15:22

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/10/2024, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://malshare.com/sample.php?action=detail&hash=e8c4231db55021ca09e9e80c0e5376d92e6f61fde673ef428d9b5b7d7fb48553

Score

6^/10

discovery

Malware Config

Signatures

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725315135894437"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
752	chrome.exe
752	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 1664	752	chrome.exe	72
PID 752 wrote to memory of 1664	752	chrome.exe	72
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 3668	752	chrome.exe	74
PID 752 wrote to memory of 1064	752	chrome.exe	75
PID 752 wrote to memory of 1064	752	chrome.exe	75
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76
PID 752 wrote to memory of 2788	752	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://malshare.com/sample.php?action=detail&hash=e8c4231db55021ca09e9e80c0e5376d92e6f61fde673ef428d9b5b7d7fb48553
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe8ff39758,0x7ffe8ff39768,0x7ffe8ff39778
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1748,i,8398491202650616720,3717587476101373473,131072 /prefetch:2
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1748,i,8398491202650616720,3717587476101373473,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1748,i,8398491202650616720,3717587476101373473,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1748,i,8398491202650616720,3717587476101373473,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2824 --field-trial-handle=1748,i,8398491202650616720,3717587476101373473,131072 /prefetch:1
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1748,i,8398491202650616720,3717587476101373473,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3828 --field-trial-handle=1748,i,8398491202650616720,3717587476101373473,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1748,i,8398491202650616720,3717587476101373473,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1748,i,8398491202650616720,3717587476101373473,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1748,i,8398491202650616720,3717587476101373473,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c90d527c125a647924ff0c3f2c3323b5

SHA1
d6f45af46990c4390e613f4588dc7b0ef70f08a3

SHA256
59a9c4aa5cb89dae03388a374718abeeb48973d19184294cbe79fa1daad2266f

SHA512
70fb3cfbd11d19ce8ed10d40e30922fc545a7fb88cad42be884f3b86393f7a1e95610ede4b4168b75e9547d7b3d3c84331c05547d8880d06617fdebcbad25ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
dbbf4d3c163abf7198fd655125c038eb

SHA1
a742f38702e681bd79b29ffcc0f03eca7e206bac

SHA256
902b83a74cb0367ece756bea6588556dc4afc378c32ebf08b9818b3be1f3e55e

SHA512
5e6fc42cca3a23b59871e25b0c5e0c5baedb9d2784fdcf7174b975d4d61eb7552acfc1037605d427dd864c3a195ca4c01a2be27873d1a2101019956ee46f95a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
858d3c455a88f0ae4aacb0cd70699f6d

SHA1
9a72e6abc11781a97e4e2c58885ca6166892e752

SHA256
80f1aa0a5bf528953f9e05f5f5acf463a5d2d1b9196e915fc390da091fff12d7

SHA512
02c38e6c68c64d4d25abbb9a499148f16ddfa5ed545ffe47e972f360dc00ad32ea1c2194b39daf4e90f0feb9f76545fad53613a8b7290f75b4554f193c287e69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
05af0746c0a5a78c56f713a1ec744c4b

SHA1
def20a7372918799a31fe7ec5c1e4b870f02ed6f

SHA256
8ac13121a0c7069e36edf760684cbaf903518282404295d872ea43f90f2b52a9

SHA512
54771672ce8d594783160c52fbeb647dded72a55320dabe87315b4ca8d0ad591064827792559d0e2bea5165879f955e0d40e9bba78115653cf3982a70df8187d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3e72bef28609d07bfa6e70f8e225c147

SHA1
b5253d242e5d696b05ed72922ca6377bb712a2a6

SHA256
40f3c9a17d871fe1137007dc3d213bed785ef70c630fe0fbd437ad0fba9971f4

SHA512
fa785ed2d6cdac11062f9df768c049d89cbc29c8d8536d117921cd9e7cddcae61a10dca974ea7aafd6e6652e8f77407f526c2d659c6a30d87863bb01c2c9af44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
5252c537fd5933247dad0e17deb14c64

SHA1
4b2b771b0d922f17c37b19b88406cba9f6a06a6a

SHA256
660294a577cba96621e8cd326f556b2fa4d937d19bd210d40747e0052320ef4c

SHA512
787b8734c30fcfa43838666fe7ca6981e37f7396fe72010c7e28b8df4d48be32afa23d1e0bc08d748e5c73f451da257137461e88781ded24bd0141bf34de18dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d1452f7489066512b88a46837dc56d0

SHA1
df59fdf1f40ed5f8f5d5ddf90b26660ed9087c84

SHA256
a2989db9c6a2a7a5ed82f198ce7bfb9b99d66dac7bceb8a9c887da51f9de74bf

SHA512
c1edfaa7f755cf73f2299cc0db54d96483f98e275a6f28f543c601ae70f85d858c3aef7d2f4ace73a6eba9830441cc6817b3ea7abf8b93040eb0d1c6491fbedb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9aad2d94c1c7b37c6b18f216157a3a4e

SHA1
190abdc5e4306cb4aa8be1cafeabe4e7bfc38446

SHA256
cd34e295f1c1fa57456d11ac4aa921e76ca015c81080c551a435e0b130baf133

SHA512
314e0f9b45bbcdd911d55884bb6485b3108b1d9c2b6443ba9817e2753c861addfc848a2070e86f6b61335867e32db83bb4123daba2f297208d8517d615b2b0a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b37dc00fe762a3bcd2193cc374cd59cd

SHA1
664d81fe279c71eeb9e37f26107bb866d4dda5c9

SHA256
ffb7b69456f2452d190a49f2a74689d30f5e10dcd8f45e4fa3143f4cd2db8975

SHA512
cf18c1e84ba86c08328c243e4b19b01f163db9908ffe8a3f4e51bfa664fef46eb95c9daf32a24039be8819d8fd0cf7be3fc6341c35ec68583c673ec78be50aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
4b39ce429f6ca4faea2018448fb496fc

SHA1
5e2131c23fe939d3ad77b9747969db560c39daa2

SHA256
6d6600b3c89fcd2f01931a0d52bfabf56e298c0abfa5162aa1b61a9e9c5641ac

SHA512
29a9f2234bc832390a65ddf98887d5ec5af30b6e6badb1380cb2a3a374092c8df64c0c062340d77efc6b8297bf76962d19e7bbc63d165bfe4bfd254dc800ab64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit