hxxp://tips[.]fbi[.]gov

Analysis

max time kernel
86s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2023, 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tips.fbi.gov

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
23	api.ipify.org
26	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133382919391206382"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 708	4604	chrome.exe	63
PID 4604 wrote to memory of 708	4604	chrome.exe	63
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 3368	4604	chrome.exe	85
PID 4604 wrote to memory of 4648	4604	chrome.exe	86
PID 4604 wrote to memory of 4648	4604	chrome.exe	86
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87
PID 4604 wrote to memory of 4896	4604	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tips.fbi.gov
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac9229758,0x7ffac9229768,0x7ffac9229778
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1820,i,10453081356358210269,17146353648859992109,131072 /prefetch:2
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1820,i,10453081356358210269,17146353648859992109,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1820,i,10453081356358210269,17146353648859992109,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1820,i,10453081356358210269,17146353648859992109,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1820,i,10453081356358210269,17146353648859992109,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1820,i,10453081356358210269,17146353648859992109,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3820 --field-trial-handle=1820,i,10453081356358210269,17146353648859992109,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1820,i,10453081356358210269,17146353648859992109,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1820,i,10453081356358210269,17146353648859992109,131072 /prefetch:8
  2⤵
  PID:4900

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
902e39c305633be67d3cb6162d996a00

SHA1
4f06788b841ba91d7e7c6256364a89320458e76c

SHA256
705d53183ded9a66308d58ba2f57912f5c1443c6ba9ac7e1a7261e4984be5b52

SHA512
c426ea65dd553a0f10d38dea671bd33d03e3612ddd2fe56cc886a76aebbd1d4d93e956e9b60958f02ef128bc4c0f480c4e00dbb8a65753714ec1dfa1b30fc8ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
52c0649434b523de3b76a2a793c8a5a0

SHA1
22f55b4996e2b17fad1a726841519556d2980719

SHA256
9c3b26551244d69e082050704ef4f5c0e88e0676b271c89d90e4466fb23dd659

SHA512
774872c39f3783061600f1845dd7efc3999411e740baedb582b6af3854197455266860c9c7d05727c05896dad243609ad1aa46a0c3537064cc7d3c6085e1c313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
537a041f7101d90b39302d02416e2f36

SHA1
c61b5f94491ad6f4da1fc3315edfdb282b0473c3

SHA256
47d4654fb857c49f0fbd7d42b7b1a69edc7557cd96a3a66dda8bdcfd5c4a6942

SHA512
b464a4465893bebec1bb0e064ba28adbaf13df447db8dcbaf8a54ab43d426bb8b6b28183a1b40199c956aa70de2420fab5c3729bce347a515b46c46e7432dc3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
169d4b0f65c822745ed35275f09b7637

SHA1
68bfcfc4c8ab3b75180ea8ff099eb746d9453c58

SHA256
e128b08bfd637e7bd3447bbaa909a7b77ca27048d294756b7f43f87aad8a8888

SHA512
de80e07d692947d835363e12cdccb9efdf32798cde7f3389fada88ba99d1e43c7890c6eee08124bdba3f042af84dbe254832eb9812d357811a841c6883d01bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4b5e5fd09652c0444f31d1f042eaa027

SHA1
0c4386ef7ed07d10e3db944574eb17c34ba711b1

SHA256
7fab741bc66ff184db2a432c53bb34ad5baa147f3e0ee3c36d7928f2ad9c8b92

SHA512
8a69a6914fca295fe1af1e502bd7c377c38d7fd6fceb9019a101d66954fb5d06b4abb1530ead29dfb3582ea954c24c4c4c2a2dcd1f2a6f0b7854ee1a24dba921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f869e63fdcd53a26d83a6095d145bbd2

SHA1
3cdb5923cde315c1b732530317e38d217482a127

SHA256
0d483a0bac7e1936eb0950676a6d653ccbd834191fa888e37bdcbacbf8651317

SHA512
81f1c416d0a9759471ea9ee325e982f47ed64eb12b087bfa829ec4351ee73ccd94c7e0c13006c9e97bf0b5706f964054a5a44431d5a0462702d38582e619e5b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c5120a7be7f6cb3fd65065a731703745

SHA1
7a489357966e64b05ee0eb0cca7c874cdd362008

SHA256
14a8cc92edd43c0340c24ca00225c6f6d5c0a7a0544a1a097cf15d185ecb27bf

SHA512
567c41ef346d87bcd07e41eb758b6c221190e3ec9b5079e08541f7306fc2162851be4dbd9365f4dbb9bac62c361342b4a84a5937b450c0173524b3f81bfc1fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7932c98ed38cac6e272ca050221d6c23

SHA1
f2fed66ebaa643e9cd46f0551f943f5f75b33352

SHA256
724a0d881d9af471a1a013a170f71db52a7cf40d85d0cc080f37a197910993b6

SHA512
e2afcbd4330a70ba0cd901d7416d2b4b52b797faee3c81e921ce2a52e8001233e2e817cc9e5eee7782b82c44a61a7a9fcb8960462ebd29a33eb73ab99bff494c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
b671d37776e1de18037ba20f9cd7a774

SHA1
aa16adbee46f32e4d89c75386d45854fbf603091

SHA256
75a1f349561d630444e5c5ea0c6a22a8ee7615c5f61ae64c08534756d30eb817

SHA512
986aa003b62bbce6d8864f7087888b4bd549372f115630af2b000003f596e54ff62bc8f5c986cbb5ea29713c39d45342b234e5fd8363bacdcbd23db0d0efea8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
85d0c40044a06542ba0503ef319c418d

SHA1
5dc672c05f31e501f589b81d2b18d93800b39773

SHA256
5b7efe47dd38db9c1401997fc184a8ffcd99ea09c933afcd0244d080273f29d7

SHA512
cd8c514966995b3603e2005408949f8e0cea4fe941c4a2956fe8e09d616db8fdc094053951cd10142c32d77467a68dc1dd8d725435b4f9b477bbd8e36834b8e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
453e345b030b83d22c59d96b5c747448

SHA1
3b34b4520ef53027162bb1b2bc62943cfc181e31

SHA256
afe006cd63717d1f7478553d0fc355c0832ff3f41c9bec2d7593f5d1430716d0

SHA512
5af54ae12299532d100faedb12d6409630630477b387570c67dc1abfde3c453bc87fa1aba21f8736b4efad09cd10ad1edf963b2a73ed4d5cfa65c45301c2d829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit