hxxps://drive[.]google[.]com/file/d/1yjBXyBcVfvNYLwfGTo7Z2iGcX3KuEFFz/view?usp=drive_web

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1yjBXyBcVfvNYLwfGTo7Z2iGcX3KuEFFz/view?usp=drive_web

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133414654371512537"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
3492	chrome.exe
3492	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 380	2964	chrome.exe	14
PID 2964 wrote to memory of 380	2964	chrome.exe	14
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3956	2964	chrome.exe	29
PID 2964 wrote to memory of 3476	2964	chrome.exe	34
PID 2964 wrote to memory of 3476	2964	chrome.exe	34
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30
PID 2964 wrote to memory of 4872	2964	chrome.exe	30

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc068c9758,0x7ffc068c9768,0x7ffc068c9778
1⤵
PID:380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1yjBXyBcVfvNYLwfGTo7Z2iGcX3KuEFFz/view?usp=drive_web
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3884 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,11831991759628113086,13136968067867550239,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
2fa41e50b455a8e78eec2e4ff8218839

SHA1
8163a6cebe919d1f16e526a87dda6b6c461c4979

SHA256
b27b83d2208e0a6b9ad8610b0378bfa77786b2f192414f954510586a12140d66

SHA512
45dbb4b3bdbe191eee10d06ac245d09df2a7eb12d307ef45d685a7045c2c1c08b093677f3d6c7082108edcd14f778c83ab50530fb5b836b27f5e362188739134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2ab35c1674460003dede818b87a61797

SHA1
39eff47fbd1c2296911f556e4ad5daf78abf7b5b

SHA256
3280f0bf0d61606b8ab5fea16b03f1eafc0d2a342bd01768a2a33da26ef0ec4b

SHA512
636b197c2d7bf3fd873a0a2f2ff0bc4e2422dc957853e453aa96a73ccf4101412ba77ea64a5a7d5cecd19ff4fae8e60eed13d7a7887fa9d583585a5e726c408b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ddf4249be41421ea3a6400ddd62804a5

SHA1
9ed315571014a621fc4ee1bd0d60b703cc56e953

SHA256
b50c64b306320f19f4613df6da584c6da8cb553b72f4ef7c85b5e5d1af2635d5

SHA512
f497d4ac99bfe070ca53743fd2063aa30ad7365dd8124223b9f6e57b0b4b9069d40bcbaf42f7a22143d46428927246d44ea26ccac8964c5125b7bd7b2a4b05fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
897907e2928fd9c344e1e00b94791f48

SHA1
aec3a4c26deb2ff5233fdb3af845ef2ed10c456c

SHA256
0bad9dbe0a59aa518c1187b4c9ceba71e9e09e82fd32977faa6ca2dd9cb40f8b

SHA512
12d24bb3aab3deace2dee2c8339ab8f677a458c5ec0e18860c6f910bd48a7f9c695f330439001babd154d29b6b473edd5ed6291ca1dd2a72fc4d50e245d46aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c56a75d9e7eb02acc83f537f43259f89

SHA1
dcb409052cda1a10241db4626696eae4a01d392d

SHA256
92164631b107139635ade1a38634047ad7ce68fc2c5e2ead44dcc80c55b6384e

SHA512
c63f700a5080266860b4f841de8974341d7303bc03e95a2ba8a7c3ec0ea58abe42d90ddfca4418720960d319636a352725eae0d916cfd263ef779d639eddd908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ffa94f1847ef1bda49bcbe55bdcc85d6

SHA1
e991f19caf83bc5a5200cbf058d43ffbd5e061ff

SHA256
6f1426910736cc44f91113f381e651eabd67c7468fd9b30536ddf7a7ab6dcb17

SHA512
0c4b20f9bb1c0d10b625088bac4980d8ce624dd5ddc6d2765d045757907e0fdbd2f021b9e20844bc5768c1b726c79d39654025d8c1f606714b831b55758c47e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
8746f64d1b62cc28a50f7f4595ae18a9

SHA1
2b63275b88ad159eb3ba01312bc6793e4640b3a4

SHA256
e1a258f02b1067241c3ca8c8109737348dd50fea6a59cc59692370881ef02cb9

SHA512
0531ee398200969d343c2346eac74ab7c2b50ea50a3c754fd29d7bd69b92ff4e948f88213b8ed49825b6836bbabb040fc624b935cd4538a0798a03324a3724d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
13b346d7e06c70db97adeaea5f2fa7c7

SHA1
2348896525bbec4d2c314e0880422a7f524dce5f

SHA256
4b163a1571f2d343c37e241bf2cffff8f4368961d46c2d4dca091be0b78d78c6

SHA512
f4772cca1989a3b9856a4ea7f0e57b70dafebe395f1256ef17d015d919a18e85c5e6583931d2adfb957245f68c19d445c63a4a853864bb4821fec88c29854218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
bfddabb0eea3d84d9b7090db1727597a

SHA1
31c3156a8560d7999f23aa5feb8bb8c459d273e5

SHA256
0dec3e97147a6ead61ed17917a345a4be25517d62cd5f33ca48e2b5d47b07780

SHA512
f35ab15547cd46cf2dd5e94dbd40edcea72a3fdfae90ebd5c81f724a53af46fe898544ac0e16f20ab7cf687936de4f062f9f65f12973c33ba8562a31d79b4407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
68f9cfbc6f2de874341f00530054db06

SHA1
016fec9b12f821ada9feb40e30eed8e905f83409

SHA256
1cf2c449e999b775973fb21915b004be5d6a128451719ac693c453f5a013a19a

SHA512
8de99ce327dc8e876e81238fb4f1dfb3af697ceeffe2599ca318d9c7c9e4b24394feb72c041a9f952255708d2c69cbaeabb1624fc1d6e6ccad1e43bb98ea3f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit