hxxps://na4[.]documents[.]adobe[.]com/verifier?tx=CBJCHBCAABAA7lPz9K4CaZ0B0-rlZ7TfF7cJ7a8SlhLP

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 23:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://na4.documents.adobe.com/verifier?tx=CBJCHBCAABAA7lPz9K4CaZ0B0-rlZ7TfF7cJ7a8SlhLP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133487995872430670"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 3056	4676	chrome.exe	14
PID 4676 wrote to memory of 3056	4676	chrome.exe	14
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 4788	4676	chrome.exe	25
PID 4676 wrote to memory of 3512	4676	chrome.exe	30
PID 4676 wrote to memory of 3512	4676	chrome.exe	30
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29
PID 4676 wrote to memory of 5100	4676	chrome.exe	29

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbee589758,0x7ffbee589768,0x7ffbee589778
1⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://na4.documents.adobe.com/verifier?tx=CBJCHBCAABAA7lPz9K4CaZ0B0-rlZ7TfF7cJ7a8SlhLP
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1788,i,14052663788137553518,11387396996964134476,131072 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1788,i,14052663788137553518,11387396996964134476,131072 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1788,i,14052663788137553518,11387396996964134476,131072 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1788,i,14052663788137553518,11387396996964134476,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1788,i,14052663788137553518,11387396996964134476,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1788,i,14052663788137553518,11387396996964134476,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1788,i,14052663788137553518,11387396996964134476,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1788,i,14052663788137553518,11387396996964134476,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1788,i,14052663788137553518,11387396996964134476,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4568 --field-trial-handle=1788,i,14052663788137553518,11387396996964134476,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
4c63cfd52e8e8e0f462362e97d5559f4

SHA1
14b442dfe5559e1f497df7e0b64db68436e608d2

SHA256
192cbcb31aedd7669dfed9bf928df2dd48fce635d076f42a12089130f02d5be1

SHA512
30a62ba6db67c72a85bdbc3cf20d1c97822aa26f4e488b84944b63fe6ce7d6afaddd618dc26e43bad671e4cbd103b7595d32738a06b2feba1d83332fb31b7a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
603de702d1a2724741b4fe8573eeafa4

SHA1
a43b903e6a5cc77018955f410c7fcc6260995961

SHA256
b64ed5079a4c91f8fb63b1193898a23deb66af145480c73e602dde2ee47ff25a

SHA512
e7e565cf59d5bf9085bcb883ffd21c583cf29ab27c4ffbcd4e0c6469ba40119e65d08a016e4d01240d898faef0bd013ed03e5e95acd501a98bc1b7dbce198336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1b96a881a87256dce1cfd8f76274c85a

SHA1
3372860e40703218fb3db6966320fd69a5fce3e3

SHA256
03a555f8f230e3728b365ed0451e351491894c5d3db4c73b38d78d53a15f9df5

SHA512
fc49c04e4ae43bd14dfc4b1c38cd31e1c5fe3ff647bdb890513ac3b7090cb3762135a2548a6ca4c15df32d9a506a1dace0ab23cb43409bded853759788442c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c20bb9ae040f6f38f88e96a70e35d3db

SHA1
e5203c1ab597072bfc01be9f661b7a54ab8846c7

SHA256
c1939ea4e53c2981628e8b0f9089ab3f9f15c0d3bf7994f0d10c34fd66e953a3

SHA512
af2f92883005ee2b0fa1680068ce496d3c0bccbe931846a1fa43ed9f536a753f62c2838e706a126c812c6d1ba6a2ed44d8f18daf7b3719d0ab4e7cdccfc5f6ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c0281b94767ae69bebb2338f3c4179e

SHA1
36075ba3a34346ed49ba61208c4fbec2848a314e

SHA256
c676e8e26e2324d3822e7883e483830ddd73794e45db4df72313e8b5ad85ae59

SHA512
eb91622bd3d67d09aa4775d001a80163065e3be06932f4c27230718219799d07751f532c423e499ce21dcc56ac3c4833bf2c72d36fb74b53332add5eb75c8473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1192377525e153f6c102f9b1ebf0fa19

SHA1
a7f859859bfa4ffcf1e91d13f5d59b1de1799b35

SHA256
74d413d4b9c903ed2e531b22e5eb279e4dc36bbaa0a172c4a6f5874570f63139

SHA512
71ff5c5c7b51c7528b42b6976d1c2c9ef2e387a8640a18b9130195399cd759cc2570b8a7813db32566d72ffbc4af11521b2cac83b17cb1c9c90c2f34e5caa043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
3a8d13660758ac10e0e9ac0338872b68

SHA1
e32065b6fc660a1568284725760d7bd86355b0d2

SHA256
ad06148a67773b66547d4e1b4922a9aa4fdea4b23194aecfd50f6ec3d8ceb5c8

SHA512
40efce1faa001ca6885da566399bf8bbb6e77c1fab1aa581bd47841d88e64d27137bc7c68c45a834525e5f0d6cfd6a11003e8f558fee7b37d06234b99f2b1485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
59d4fa2f7f4ae044fd57a4b242ffbe0a

SHA1
fc4174bc505b6c4252d9201f3e3ad837b50dde70

SHA256
94ae6b010005e4961f84f0334cc729312621788de2f11e0d99108befae43bb44

SHA512
da872f217b951fe3c53daf9b291adafab32bf157013efc390211802be373632e4dc1d9a16663a7a3b1169990e20af2c4abb90812e6f8ce8fd5f056ab39d4a1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
169KB

MD5
0d1666751eeb5a7ef3f67d858a8910f9

SHA1
a033b68a96e36997a1c838036e9e89887284394d

SHA256
e5b786cf8c7aafa1fa1e36c3c651a6503df10e460e72f5a1fe28895ba10b63d5

SHA512
8de44b340f3124bdbb0b53490d006cf520677f42bc639d154677edb00e07bb043dfd3db2e625be7cd02d8255c8f7e58bdd7f327bd6c60e45496924a6e122c62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
b1509495c62ac460fb75c98f8f7b0d4f

SHA1
e598dd8cb7ae4b0c78a4b6f0353ac5d256c7475c

SHA256
45f44773dd069a17fae61c96848a1d3f0b300cef2c248aa031f8d741c981a6e0

SHA512
ad15594e85e26f34ad3fc0ff00ea026c927f0b96dd8e6c07d7c99df06394441b687e03296e43f69e062698e22b9d58e36e2521693badc15d2005d81d9b5b0045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit