hxxps://1drv[.]ms/b/s!AjXPmmpU3xmIe5ka6OM4LlMgMyE

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1drv.ms/b/s!AjXPmmpU3xmIe5ka6OM4LlMgMyE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133434220463047401"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2288	chrome.exe
2288	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeCreatePagefilePrivilege	2288	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe
2288	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 4932	2288	chrome.exe	84
PID 2288 wrote to memory of 4932	2288	chrome.exe	84
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 4564	2288	chrome.exe	86
PID 2288 wrote to memory of 2868	2288	chrome.exe	87
PID 2288 wrote to memory of 2868	2288	chrome.exe	87
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88
PID 2288 wrote to memory of 1604	2288	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://1drv.ms/b/s!AjXPmmpU3xmIe5ka6OM4LlMgMyE
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb756b9758,0x7ffb756b9768,0x7ffb756b9778
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1876,i,12680734300002738959,16999896104649636623,131072 /prefetch:2
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1876,i,12680734300002738959,16999896104649636623,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1876,i,12680734300002738959,16999896104649636623,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1876,i,12680734300002738959,16999896104649636623,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1876,i,12680734300002738959,16999896104649636623,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1876,i,12680734300002738959,16999896104649636623,131072 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1876,i,12680734300002738959,16999896104649636623,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1876,i,12680734300002738959,16999896104649636623,131072 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=964 --field-trial-handle=1876,i,12680734300002738959,16999896104649636623,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
b1e1f51ebc2df7a3e8eeb7cae15a663f

SHA1
e4d86b9cc382b68dca44ffc3b01bb2e30373ce41

SHA256
cf931f8b26eed4c5a067ba08c843ca1a5b1b97199d0423fc1a921c35fb9f7406

SHA512
0f3d938c3bebcde4a29605284c9f67f6d7fb78db83039217e6a42765a9554ed0d851dc1834fa51f93a190fefd2f5649a3966185e79542896ae9512876b2c421e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5456498b-d173-4525-905f-b1c45e487409.tmp

Filesize
2KB

MD5
618f6a8c4b2088dcdbac0f565a5dcedb

SHA1
67d790479c12fd64f54379eff986d10efc7a4185

SHA256
dbaaa996ce3784da89e823924e247f1354417257a3353a15ffc838696906b359

SHA512
2db5943227efee703b2c5862be09ca1b6f87a515f9b0d8e3edce3f990661629103726d1067fa964cfcdf9f6f41b28d783b9f95c21970bbb5f35bfc8f1a3e5f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c8923edce7b49f8d8dd0e9ef743ac71c

SHA1
127f0cea73929203316fbc36d2aab271868ba2a4

SHA256
26437b84e62908a920c1285745af17422cdb803b5b72ee94fdcf8f68525ed886

SHA512
89ae78e2fbfed5ab2c7eb5edd71af1d00153cecbf98601dad35bfee190b3f5c77737ec60b8bf5c2913753744c7c58035590f154d706726392364178d55d15159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf989ee1a0a32e00f127a710a9ac4f6b

SHA1
fc809c29079f959a597e8c4483b5ad21d5832c7d

SHA256
b5bf2934969431a9f53bcd241a30cce8c6ef790d1255ba16b0803a6d37637819

SHA512
3cba3f2914eddce27c9816e1a810c8925661332d2acf4b9118f2ec5b373859d81b66e5b6a7ec2409f0f0c18c13a70b7d682946c5d7a166a16f30805d3b613ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2cdb1e2196036c495afcce7201224601

SHA1
235b2626917d747b2f3b8a82384206f1847050c1

SHA256
226e3eea66eb9be7e48fb8dd719ac21f6f6ea4e1c3e2cff6fdf6adf9d5fa9a79

SHA512
8187028acec5f1042fac275d709c2352a646642de4f640df1d1764bcd93028fad99118aef69224d51b9a19bc20baf4eb0ad4b2483a90f7cc0a18247eea3ff9d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
26dd0668480f682392903c4e76726ecf

SHA1
2248e07cab02e8bd0b3964e6ad78af7d95bcc9f6

SHA256
84bdf7bf3c10ab4ee14bdee290771181e16bba0d7e882304f4b1a8e3770951d3

SHA512
b8cc28b61ad1c72633d17cb9114a3c5d3a37ea76138ada033dd70001b5e806775f445f9eef2b703510741bd8d8f7d4e58971b414bfb6f164cdb689f89f174e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5b2e0f803235afddfef5c227a1975c8d

SHA1
a11e566dd0b8f8641854a7b21c057328e07e1db2

SHA256
ca4b7505708166b9c7f933ebd4e3f5c3fb64317e5aebf6af1999f88186352ba9

SHA512
058320f34febd6f98dbd928afb42d4b5a418ec1b252b51f849e51785b831673cb747e737b53f41a5452d140957fad01dcfce01f278153d5dfd6b59cef37f9c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5412ca49cae9f6f0323fd43439bc3c97

SHA1
1e7ef91f4aa46d54caa9afc6a52683d7987138f8

SHA256
b4ea81e8fb6d288fbab34d1e53425997819297faf9e92f34277f180f69b37fce

SHA512
861b87a70d719e7870ab75dbd9b6948a338a911c796707a5be760a0cb346be5169a5e52a5f1364ded92f8c61113560365464fac8864289a0c178ddeceff2a870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
41fbdc99e7ea2f0e357d8bb5cb9b9fe5

SHA1
845495d3934a4e217eaa33055af2b32703cc4382

SHA256
6a17264666effe74637fffb866c52b4700da448c015bc02129660ac4770f2227

SHA512
7da54483a5c91544440a2db4fb376f6f2a7048ef350a29c0505d673ed1d2a813412858cb056da3ce7d219a94f1285db2e0e85bc7daff182f8802f1dec542f422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
abfb625269796ac387904f11b22f47d0

SHA1
83b598896af1c051daf417232f2c9cf3b45c4ef4

SHA256
a78a71f71747576df6191c34784a7a9bc6d9c43a528d547fe2fb8301b7a3ddc5

SHA512
f56d37849a432e8c683a805f4d166c47b6acf09030618f91dc7a5fc67296f447275df1594e488386bbe0119761b1c8cd8af62a5c523eddb96ecf7998b47447be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
c8f6cac52b2cb443e54c9889de95bfae

SHA1
104ba747a7b65e530a96d64b0026e116ca51afa6

SHA256
10112f0024cfd55c63a6a45d7b3cb1c0ab1ad62879d650b2af2e70eed974fbea

SHA512
506422054f0fd88183cc1938aa573e2d941b7b627f53e85b1c4f25c76b29ce3bfcbb575d771ac064225649079e4fea52fcefd948cb1f595456e6a57c76d2b513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit