20a0f44d0d042b1a4d47b4e8427111925019a57c40535b7d05bac1a1177fbef6

Analysis

max time kernel
46s
max time network
47s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
17-10-2024 22:19

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

16239.html
Size

121KB
MD5

cfc49ee57e7dc942d0a002033790d36a
SHA1

15e09833786254116b3694b2e75d9f313d073351
SHA256

20a0f44d0d042b1a4d47b4e8427111925019a57c40535b7d05bac1a1177fbef6
SHA512

f28a173eed2062dab773300bf678992d19036992de1f0c501b64a0b368ba436966fd3850f06cbffc416c1209e16ad0d365b4b8c732ebddf9d34f06252ebccc37
SSDEEP

3072:f2Drw9EiERdXvkbwlFNjpGRV2I4594rQ9Hx5TqR4H:aw9EiERdXvkbwlFNjpGRV2I4594rQ9Hv

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133736771921405925"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe
Token: SeShutdownPrivilege	4424	chrome.exe
Token: SeCreatePagefilePrivilege	4424	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe
4424	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3440	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 1276	4424	chrome.exe	73
PID 4424 wrote to memory of 1276	4424	chrome.exe	73
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1940	4424	chrome.exe	75
PID 4424 wrote to memory of 1384	4424	chrome.exe	76
PID 4424 wrote to memory of 1384	4424	chrome.exe	76
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77
PID 4424 wrote to memory of 916	4424	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\16239.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff89bc9758,0x7fff89bc9768,0x7fff89bc9778
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:1
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4836 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5000 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:1
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5188 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1788,i,1101396368250880815,16725854000210947933,131072 /prefetch:8
  2⤵
  PID:1336

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4260

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3aec055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
9928f51eeb63044cbeb2e94194b186e9

SHA1
f2775cc8cedcc496fe6bcd17e46a852407b942d1

SHA256
ff31234600d7687e56eb65c2edaf86230f1e7cfa0310727918375f589f4e681b

SHA512
1e453ac78e08d6cca2a1167895e6953f2e0accecdac3dda9b89366c05dea7007f9987c7ac3c0e710308dc980dfb737c95c2e03f0f8da01d87625eec880698512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
3d681b40cf62d13ad67ed46e58d82667

SHA1
1e3f3a168a8a369bd448319211e4d48f041ee3b7

SHA256
03d1a88f128adc1437a8c1435413c05076f9ca72f68cee4663517fe054f60c42

SHA512
36fa53527ed150548f08a7a69fc0edb583e89009a3adaebf5ebdedaaa8b425fae76ec0f111ce6a6754f3d400d229f90240f7d728e717d3dac54333b7abffabe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d4619b57776027548429e003f562f086

SHA1
6e82ab57b15b419f1c6c0791fcd85acc3b208215

SHA256
2467f67d915931f74508a1e0cc90088838c7d9aec45f69528ab0a04e5b212e25

SHA512
825e3ae65af009affa7bb227e239cfb5abf2f333dc10f50482744877d58ee35afc8105b3e3ee798a538a42eee33a15d8980e9040c4e213349bfd7ea1508bb988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fae8707bad14bd9df6df60e8561cb4f9

SHA1
ee2cd807f50feb054451a5cdabbdf2f952f45256

SHA256
e99ab9d0e806e9bcfb6471b2d8b2f5e3ed2d21e701468bba05052b4037e70ac4

SHA512
e44a546ceb3479363cfc46e2f93b48e6e37b5a603ca0112760c1d17a7d83dad13a21b2bc49ba0cfb968716c37bce803b46078a398a86a58458ca4d747f41a468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a49e45a1838af3e57b25ba19614b7653

SHA1
1f605106cdd6a1e128a32f8ecf1c5a6e6a8c0300

SHA256
820222918d7071e225804a0655bca033962c06ac9b633a0e2565c32ebe5cbabc

SHA512
f431347579b546212eba1492710c8c163b18a43d5700f520383a68d0623411d3bc1f8f513f3fd93ff7c118b69c14f30d6048d4c887f91f742a7465cfe85ac131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
57222a11159a48439777fa895dff1ea0

SHA1
87884d2d864224ac636ccac6c63f585329b9a6f2

SHA256
716358ee8bdbcdec67c0e06aded263c6b7ee286320125d62a3820a627997a576

SHA512
ef337dd4d98689a1eea6d2807db30db9db1d006e0b5ffecf6458040e104b72e7014b4b41b933929b0b075b99fb2206343111947ba37c2316aa339055a738000b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
732c2f57f438e6ad4122dba34272c26e

SHA1
f8bb80785893512c8d88329a102594ab4c845862

SHA256
6338a9ec69dd95b64341ae30ce1d77d8d7b71312e85f32d910e3658bd1c45163

SHA512
487457a65db8d451057f5f164d886896749547cb4f9ce0986e0f5dc71436cadf32df64d1e50769e41196a7876b77d81d39a9e8766b07ff7af4fd4ad0c20c0bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
402333c5f83c535b272969b795dfb41c

SHA1
3d0965fd78fbfcfd7105e702f9a2e37aeeafa238

SHA256
c92cca209b5cacc249d73d5ba68d5c0356ce71048b06e093e84c9f003f8827a5

SHA512
6781227aa63f8510bd1ca0172ec7ac0d7c5c25ac934fdd7dbc6bcc5db3d66b2997fac14b453b6e19e4871f79b053ce958a9899b95e27ca3c83d9d5f1cf970ed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
810df84e18a0cea878aa22a7b500ce7d

SHA1
7c7e67d8a9338112101b49a71b95d572e14cff8c

SHA256
4aca6471de759a2855f58c8521643a10e824142c8a49af4da3bae007ee874338

SHA512
ec3e4bb1c958f73e9ab7c0c8f02e0de647f6ad46af785a92bb5b46bc7c847396a002812d8572a58d3aea5728c28c980beb8c955a909ccb7adf82550fc97229fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit