hxxps://apiservices[.]krxd[.]net/click_tracker/track?k4x_event_uid=LR25EaJr&clk=https%3A%2F%2Fchainstrading[.]net%2FEmail%2Fverify%2FzsLLVR%2F%2F%2F%2Fc2hlaWxhLmdpbHNvbkBrcC5vcmc=

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2023, 01:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://apiservices.krxd.net/click_tracker/track?k4x_event_uid=LR25EaJr&clk=https%3A%2F%2Fchainstrading.net%2FEmail%2Fverify%2FzsLLVR%2F%2F%2F%2Fc2hlaWxhLmdpbHNvbkBrcC5vcmc=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133344612747016103"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
764	chrome.exe
764	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 1824	4764	chrome.exe	85
PID 4764 wrote to memory of 1824	4764	chrome.exe	85
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 1512	4764	chrome.exe	87
PID 4764 wrote to memory of 760	4764	chrome.exe	88
PID 4764 wrote to memory of 760	4764	chrome.exe	88
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89
PID 4764 wrote to memory of 2716	4764	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://apiservices.krxd.net/click_tracker/track?k4x_event_uid=LR25EaJr&clk=https%3A%2F%2Fchainstrading.net%2FEmail%2Fverify%2FzsLLVR%2F%2F%2F%2Fc2hlaWxhLmdpbHNvbkBrcC5vcmc=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8d859758,0x7ffc8d859768,0x7ffc8d859778
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3992 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3092 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 --field-trial-handle=1884,i,17801588129670696003,9871714612203054874,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\471ed5e9-796c-47a8-803d-c3671299feb7.tmp

Filesize
6KB

MD5
f8b61125cd4d0c414bad0edaa7b3d6d7

SHA1
f54769f762d0c752d9fcc3f5e24e7b5151d52c4a

SHA256
7c722e661c92f918a95752567e5bfd0d2c7fd5009e8f880bd1cc99a9283b87c0

SHA512
796e711b65872d1250b86f3d8c0e8f114bf6506bfcc718b5ff9f7af52dbdd0aca6c5fb83f6404f4a9334da0c245a226e5785a3a716398270e049787249e634b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
c63908babbfc58a6753f9ae379ccd152

SHA1
dc5e5d2dd0825b300019c005420207f9d9aa0be1

SHA256
8a13fae23bb82e5ed138c16aba562bf5f5188acfa1f8077dea2c39cc6abadc6c

SHA512
ca8e25bab547495690f1ce2ba6f44f6705d940290692932d39207ae0460a8a3d8d82adfb57f24a6d7e59c68c910eb974a5cb414b63ce5ba78a34debf49f6a390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
e5ff5883cb33927428609c4f9d2ed589

SHA1
bf328c56b857c7c8742f180043184189a6d30f15

SHA256
3cdb1fce35efc9a1fd7a8881c2ad90963399afa7d911545e79ecd95df4a077c5

SHA512
ab14969501daf4769c66cc3c249528ecefaae38c06bced3581ef92b56a61f9dfcd84bff45afe313c85326017f664b00e4655955b7c3d652a624809201e5cf08f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3b536d75403c5cc0536f80c8b586b87a

SHA1
f340b706089fa982bb3c98fb0693a50b33084087

SHA256
05778ec289c754e070b1d7e55dd8bbdcf5151500be490d78eb40800c30cf2244

SHA512
f0e47eff955168596f78deabcdf27211dc7047eeb7cca49ddca255eabaaac6a97300b293782c5c0746e3c59b9127a1d2b2fc902b5ef0b2c380f16736478508f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
aecd2331efb1acfa96ea11f0331f3cde

SHA1
c5234abba45a6e06bfc96ba7d39ec5f7e638ec81

SHA256
f05c6d26aa2f86d7d295621a9e6de61cb28b6301057e210e1f6aabe85c86aad1

SHA512
8ce061a033e925ea5072f7d41c6d1fa5055a120e86e09130864c247e4c0b78aee4171905fdf595c88faec2cafbb8b3ee98b82e3c563cdd39109c0fbf6eb384df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a1675b0affde353c42027ff6adb606a2

SHA1
19bbbb8e40041dfabe9007a588452ce30ac17520

SHA256
30f2f2e587a9c787229881b5437551ffc22f8ea50867ac20074ad90439fa2a3f

SHA512
eff9cdf7b75988e71444ef7d4a7b4c7e0410f3113d193aa04e18443406bb7e38e328fd5b6777a72e00326d267da8cd13c903d96f319628dfa911b0e892f1ac99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
fd7949df5c9d552106d8e3d6b399d2ad

SHA1
269bdc427ad59b69f0a06e79fd52ee88e596bc2f

SHA256
216a4300f4c43edb4adac6689cf1e23d0715874c7a1fdf36ff30dcf164c5729f

SHA512
3b4334a02075ab32753a28770eb84988118431d5fcd61cb714c15d28f1d36785c9bde6822dac9f31313cb337ac1c01b3f67048a5dc722e551b3f566e765ea08d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit