hxxps://doc-shared[.]com/wrjcd/#a2F5LnNtYXJ0dEBzY3JlZW5pbmdvbmUuY29t

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://doc-shared.com/wrjcd/#a2F5LnNtYXJ0dEBzY3JlZW5pbmdvbmUuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133455689272355342"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1624	chrome.exe
1624	chrome.exe
1004	chrome.exe
1004	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeCreatePagefilePrivilege	1624	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 4740	1624	chrome.exe	61
PID 1624 wrote to memory of 4740	1624	chrome.exe	61
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 3940	1624	chrome.exe	87
PID 1624 wrote to memory of 968	1624	chrome.exe	88
PID 1624 wrote to memory of 968	1624	chrome.exe	88
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89
PID 1624 wrote to memory of 4060	1624	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://doc-shared.com/wrjcd/#a2F5LnNtYXJ0dEBzY3JlZW5pbmdvbmUuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff946199758,0x7ff946199768,0x7ff946199778
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1876,i,11196129353695190955,16604728574859169163,131072 /prefetch:2
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1876,i,11196129353695190955,16604728574859169163,131072 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1876,i,11196129353695190955,16604728574859169163,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1876,i,11196129353695190955,16604728574859169163,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1876,i,11196129353695190955,16604728574859169163,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4948 --field-trial-handle=1876,i,11196129353695190955,16604728574859169163,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4940 --field-trial-handle=1876,i,11196129353695190955,16604728574859169163,131072 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1876,i,11196129353695190955,16604728574859169163,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1876,i,11196129353695190955,16604728574859169163,131072 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2872 --field-trial-handle=1876,i,11196129353695190955,16604728574859169163,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
f749d6608f5a24c5041660bc7b5ee8e6

SHA1
938fe4b6250bef6dae44e7861e099921a54cfe42

SHA256
b9a3310ac4375eae0a24915ef719cc6abbf2bcc4d19dc3a04e4d78d75885751f

SHA512
8e0a94c5480be62dad25dab0ecc2b7261901ea11ba684ed79573fb94031b178d2b57e5fecf5d94428a34c98670fc337098ae373fa28173eafb6085bba0a9908c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3ad634778192e1659075a5cbc615a11d

SHA1
6d6ffee7b4f850cd08b4a7a17cb013bd0e228ca6

SHA256
31b66890b85d49a221302f96e9922ca80faad4be0feeaac204c6e4fb394f1050

SHA512
a25c73dcbaf143523a952a4bf8de742af65f088f1c0c650878d75864ed5cc68ae36c490a164a69d1caaaf6225e05939568aa313f9c783c20765ef3f18ebc1399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dfc7d81539ab301a628672ca8edb8b0d

SHA1
b7a9bcf5c6e3b20a1c0c08aacd803a94e8a90930

SHA256
24965514abb36af56c9257205b90f0eb3a5862c1aa49febccfebc4926c4ff93b

SHA512
ac6440f28b15a77de6f6b31dc040d7e25b8acfa915cb4936a67965e1ba5a74970d0e1562f59bab654c60b42f2b382cbe0c7abc43f2a39a0b6be675f0686bfd0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1130de3c3badf691325e17cb206e47f6

SHA1
adf0974da54caed7122ea6cf31cbc53e132c0f91

SHA256
790e5344dbf77f3484c42cf2ab0934179eaee319bfe5d37d3ae541367dff48b1

SHA512
6c7fbe29e53545e9fbee7e0a0d90aea3e7985d30ca0132c0388f4b64c2b28dd9bd2aa46d629b0f9f0f3a8f965260031b9401ffac3758946e3be541df7b80efba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
867ef1ebaf03c265a54bd7d5f7c3d25f

SHA1
f6d3416ba3ce28bfac6932d88fbfde2ecffadade

SHA256
ed789bdc4fcd3cc1cb8033d54e8de986992d64c2004bfd4990d7e3d77f32df1c

SHA512
075dfc72555d4f17b4f86f8bc5672f85a5552272e0689c1e3bac8e60a680305a672760b8170d96685ad727fae8fa417829972c350d0a4861c559b46ad422b8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e2f104694bae788c04615a4fe5b85491

SHA1
0899a3f2ea9da1052e507f57f53a6cf64c6091a3

SHA256
45a65d13f9ebdaa443209d2c544afb67fd4d4cdf09d51af3a2e602b1894a939c

SHA512
7afdaccbe25f605cfcd4894148f4a9528c8fb47e953fc11aa537f393c56abcaa38e7a3fb67c93d0b200f8a92a501f10237b196f2d8525a98cb09a1d1afdfbf19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3188b42d12a32910d32d18b679ad1b8c

SHA1
8f6880ef45fa82c3667c064444395492c50338ad

SHA256
3e17f9f04883e420442877a3900e12c34ef81d8bfc4ffb6799378a9fa0d77a1e

SHA512
b9003e96bbc1d98a8c700c46f6847cc0132346abb41f208abf9b9316365b26efbe9bd1d8a65643493f250e42caf1c94f46550814e90f3509f7e7a4324374b70c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
13859aea684834e8d6c3c725be976c63

SHA1
89b1cc6bc453030491e654414d265d8294dd3dc0

SHA256
9bfb52184ceb089c36449c8eb1b2461ad840f006f09f42539c108f9ff178800d

SHA512
e478d004019f55962633112076f24aa710aedc147f6209b579ba7ea33d9fa81aab7381668ce4ccf7a7052642a78533468fdb025d43606cf547cbaf6676918b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
75c7b75e8e9e7b633a8911da443a0cfd

SHA1
bd681cc57a6cb875d6275b08fb1e7098121c44cb

SHA256
a1403fcb3e479bd5ac839d48aaffa576f194af694ee491927bae9598a19bad88

SHA512
d88e1e037c622f79f2f85af111d361c09ba583350e2acb218709370bf4d7536e74fc6c4bce62d71a2f0d15aa96c7566fa9c7913a9b6227c1baf0a0c5a25eb973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit