hxxps://drive[.]google[.]com/u/0/uc?id=16ne8kjMgSIMFWVKyfHUe_zH7qKqx8nxw&export=download

Analysis

max time kernel
1800s
max time network
1689s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2023 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/u/0/uc?id=16ne8kjMgSIMFWVKyfHUe_zH7qKqx8nxw&export=download

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133303497353406129"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3524 chrome.exe
3524 chrome.exe
2012 chrome.exe
2012 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3524 chrome.exe
3524 chrome.exe
3524 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe
Token: SeShutdownPrivilege	3524	chrome.exe
Token: SeCreatePagefilePrivilege	3524	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3524 wrote to memory of 1464	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 1464	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 2624	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 1852	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 1852	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe
PID 3524 wrote to memory of 3932	3524	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://drive.google.com/u/0/uc?id=16ne8kjMgSIMFWVKyfHUe_zH7qKqx8nxw&export=download
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d6a59758,0x7ff8d6a59768,0x7ff8d6a59778
2⤵
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1816,i,1280352277311355141,17213774348185735197,131072 /prefetch:2
2⤵
PID:2624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,1280352277311355141,17213774348185735197,131072 /prefetch:8
2⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,1280352277311355141,17213774348185735197,131072 /prefetch:8
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1816,i,1280352277311355141,17213774348185735197,131072 /prefetch:1
2⤵
PID:1316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1816,i,1280352277311355141,17213774348185735197,131072 /prefetch:1
2⤵
PID:3768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1816,i,1280352277311355141,17213774348185735197,131072 /prefetch:1
2⤵
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1816,i,1280352277311355141,17213774348185735197,131072 /prefetch:8
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1816,i,1280352277311355141,17213774348185735197,131072 /prefetch:8
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 --field-trial-handle=1816,i,1280352277311355141,17213774348185735197,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3336

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
91f4e8ea7d64e24d4d6170792cd218cd

SHA1
43af1a4a8c6e3ebd04fbff2f06b312ca3921f590

SHA256
8a5dfcf2320d88ba5bf8ab5cd415a849b4cb54e027bdec0372f1c85d61af4030

SHA512
9c2746734c5b8c0f80daf758f8506f5c629a43740c3f09f599d8deef729075c25fb8760813f887636d4cb0b2c50ee5fe47632b6b152b2f5a431a0e159c871e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
355729b1b85f568c2c6976882b99a46d

SHA1
34c1d609b739d96e1b157ebaf3f8473801c8e445

SHA256
67e95d164498138dfc8b69a8f36cae283df9070a73f07565ded9224175990d9d

SHA512
517ae11d30cb0df344f76496a68039f91a013c7fa584769a772e09481205a21f5546cc36540213f67b31e2ff23d8acab60b28c3727bb0433d5ee5ffbd9e7bd16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ef86c5ab478fcd363b392557d5eb7ae6

SHA1
fc246bb303bcc31a143737fcfd445d461d88730c

SHA256
722b6cdff475c64ce792e9d03cbd5d7cd8e74028d71e1c578dc2e5b62ba332b5

SHA512
0b62bbf282f6faea53718acaed8792ff6c67df0e645fae7594928ec72d96a9dffcdb32580d224907c36f55bf24e89f1c2e34fb87e4a20a90a1a413b8273ab742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
8322cdd9d04e386bb4d854c690e7053f

SHA1
805544b37fb1734057662f3979bfbce6c4248a7a

SHA256
ef38dbf667cf31aac34fe4ba4b87cea30b582d2923bbcf0fde918c708ce68047

SHA512
439d1933a9075bf175818ae4074fd96464b6f7993bfdbb8b89d28f2554fc15083dc7b7a34fb28e1fe03b8985b4ca049bc173f66a51dcd33b48c6cb3e3b47d38a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e9b874646db7025e22829362da10fb00

SHA1
1906c89a45d9031cf809f2a42d2cff8e8e49ba9b

SHA256
19f23d0cc370c3bed9622256a2f8fa0a27535ad25eaa54b28073d36cb733edd1

SHA512
dccfb5b4115b1bf9e72eef59147f923af347744731564c0fe94f7055e38aeb64f08b33d7aab63eaf7d4cb016cf1f4cc5423aa5bb5534903c00c56d43067e8bce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1c412f64addaa1fd5074e45cc10f31a5

SHA1
e8687747f4a601292dae007302513532f0c368cc

SHA256
8e2f51e0362ecb3f2c9f016e29540703475c8a7456419a1df601335dad68993b

SHA512
5909cd14afd57a93c1420cfa11a2afc6ab2a2f59b38a42f5e818801aae1c406963c5b2685c27eb1af2658a056cf6d0d866448bb9fa9d131aa38cd0b0ad75e68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ffcff11a90363b31da52c0660c4d30be

SHA1
e51197934e7e733b9366a8a2ac43dbb1a99cf7e0

SHA256
6c5a1c81af51840fcd563a21513db5ef691e5ac08fdc0279ddfb7cbd693e905b

SHA512
ec11e2e0528d453af6ee11936eee0806b164f168d71a5854b446e6c72efe3ac24d24bfbbc3c817d72cdcd998ebcbef7f1c7a7b794282d55b6430492304c21e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
158KB

MD5
59052c0dfee8f898813dd34d5a26a8bb

SHA1
fde01f2a63660eeedae14aad18d999736d9e6847

SHA256
b290106c1fd9d08809298cbbb182913cd52dade4a03aa7cd73a711dd0b47564e

SHA512
8bc4794cd7a9774db10819e3306d5477aa3abf9e55a3fe09ec51e5e6315798fe39439cc94c0756f236797f6a368cbace370020c8626820e38ebc56156879f047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3524_JWLSCEIJJEHUYUTY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit