hxxps://is[.]gd/aFeQHv

Analysis

max time kernel
300s
max time network
297s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
17/04/2025, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/aFeQHv

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133894012695530738"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 1180	1176	chrome.exe	82
PID 1176 wrote to memory of 1180	1176	chrome.exe	82
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 2140	1176	chrome.exe	86
PID 1176 wrote to memory of 2140	1176	chrome.exe	86
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 4884	1176	chrome.exe	85
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88
PID 1176 wrote to memory of 5352	1176	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://is.gd/aFeQHv
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f19edcf8,0x7ff8f19edd04,0x7ff8f19edd10
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1960,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1468,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2188 /prefetch:11
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2232,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2652 /prefetch:13
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4192,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3772 /prefetch:9
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5112,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5116 /prefetch:14
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5424 /prefetch:14
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5484,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5348 /prefetch:14
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5472,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5376 /prefetch:14
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3096,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4648 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5436,i,15601213846111880172,12194350244965365990,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1528 /prefetch:14
  2⤵
  PID:708

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:236

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cc682b7040647bd504b783fd65081f4e

SHA1
cdefb55a8ebae520c5a0cc740db3bd1922485f08

SHA256
bc57a14e2187270fe4844b17c6f1f905b280f80a8c547ff53a3a45b10d2c12c9

SHA512
ae8ee346e687802b74325a82d30c406b9931beb91504bd6d27dbaccd32a593767ceb5fef2f23ef7a49308117e3065c723779c46d985c3812298f3efca857062b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
83fdb14ad70b51fd35d95de9b8fbc06b

SHA1
e4d84a53bdc433a4184cd3ab897a1cf716608ff2

SHA256
b97634655ccebd75d077d49e67b25961bbca07ef1ad823168d40f738b7dcbeb8

SHA512
78232705345a2a98b28ee3b5ef601d5f409becb59f082b4f5bf9170ef097d1570446e05b401886b6907cb0a22a4b0d0142f6a3cd773cf7389f4710a656e074a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a084be59eb73660a652537f40c5ac25e

SHA1
377f544a920ae45ed060d609dbe1a0259ea436f8

SHA256
dab22a8eba0617ee97401e8d07e71d316289628c190a74995464f613d7585d4e

SHA512
b46ccde7d72ed3764c6363aecc00ccf30b697c9a5edd97c63b399c108bc314697afb1efd9d54e0039b791fab44e66f8fc9a2684f338db18e51d3cca6e8b17380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
36aaefed7ec6a53098509dfdf845a2eb

SHA1
116a28d50286d216a39f16269c671d6c2c97fe87

SHA256
4598ac80a3d94780f1b4629484eecb6c4cdccab214a8c4cfe9fce321eea7fd36

SHA512
5d890d80539576c89f5c7be8de2333e1c83f37175050638b810abaf3d0a6fde6ac786fd1e8f6d6faee125a5702a1b2406221eaf890db5e52557d3182bdd1ed84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
ecbb17b40f3fa2f47598d697f8962a9d

SHA1
fa52153a474f5c73a2b1668f9462e6693865b04f

SHA256
cdc808d495e041cd4706cb175161716db7bcd211d72a69c74e29752059f90290

SHA512
628a7f396299d2a9697d913f6a7c06faa508ae95eecf99b59ab6be6005fb340d1cafa40be788c3dabadf3386f81803e04f6e17685e2dfce761c508ffb759ef4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
436ad0f958bee0a922ee911871697db3

SHA1
b0347d4a1e8eb79b6541ff04b8a1e264fae21d39

SHA256
f35901b361070c744a8c0cd8c4b1463a5d7257424c7728aa628e4716c9e8584b

SHA512
cca577fab7558589770122567034bb8f7c986d7ede48e36aca2f07cff074491d0c6e61c80c6fefbe6ff6e566de98a9a2bd4c579ad5d29502f0d676f126032c1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
e7b9f2b4671ede783ba8b4fd22d2a3b3

SHA1
6003bad4ef24ba5f5a03468810729734ef87a1c7

SHA256
aae7b81b0f19b01ed3adb1bb28d115ded140b1b52bed07d7d76d8a04129152e6

SHA512
2dbe500c3ed1985f03de4385e5bd28ab3bf37224dbb3de0af23c93d8d9d5330ade8b6bede3f4a62ac972040d25c95aafac1f600e9379aca2a60a3ab860da40b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
6d61e25663f5778add91d970703974c0

SHA1
fc3295b61330b0bd67cb2cb56c8c74417ac5138c

SHA256
20e84ace5e9fee6ec5d23402cda0477d43296b2dfe671cb75abcaaf84764b420

SHA512
3389f69df3add1194b6288221e3d9fa077f5222db993bec8ba0f74d895bc0993e5e6495dbd920f0c7ef9c522a54ae7fece9b7764042bae91cc9bc6b711d417e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
422b71cfc313300135066bf775f2d6c3

SHA1
2d6b6a0b73ffeac01344e9e54c2a3267199222eb

SHA256
08419bed0008e84073d94ecc5428148305a1821dd440fab8771aa35991c58e51

SHA512
35f5351e4ae4f7a73e5bf0cf844046e63e16edddfbb571adbc836a95ad824550c7738da022eb545500e6b8833bb7a04878091db5a963eb2948cee58f44fc94f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\aa1ef5f2-2618-440d-bd79-5740feab18f8.tmp

Filesize
78KB

MD5
8b641bba55dbe84466255e0baffc523f

SHA1
3d8b7d5b2dc03affedf2007c9aab519f73dd79c8

SHA256
ef0ed742860fcfe501cc068af81a7601241d8a02fb71488e394fd4d97489555b

SHA512
1205679135d83d4a0ad48af64ae3e4904e94265a094f4511e561db959e76891ebc1b3d44cc8654483ff3cc36dab752c247b74d0f591ae9745b0a86875dbb5183

Download Submit