3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Analysis

max time kernel
1221s
max time network
1184s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 03:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MEMZ.exe
Size

16KB
MD5

1d5ad9c8d3fee874d0feb8bfac220a11
SHA1

ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512

c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
SSDEEP

192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133492441268433991"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 4560	3880	chrome.exe	104
PID 3880 wrote to memory of 4560	3880	chrome.exe	104
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 2360	3880	chrome.exe	106
PID 3880 wrote to memory of 1720	3880	chrome.exe	105
PID 3880 wrote to memory of 1720	3880	chrome.exe	105
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107
PID 3880 wrote to memory of 4012	3880	chrome.exe	107

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
1⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb0,0x108,0x7ff88e769758,0x7ff88e769768,0x7ff88e769778
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4688 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3516 --field-trial-handle=1908,i,6239936960008790231,13732211989662900963,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d209f1fcd79b5153c5c55dab341185d6

SHA1
9c95c0d6c4681d7e2caa52e637bcf8fc060a9e36

SHA256
b7dd5e1a4ce964373bd2e8dd53e77dfb99cdf366eb3e90f2a8cc59a073a2d450

SHA512
a6c16353d3e2cb1b1f7069388b6541f8991ae51e3194ac205a50fe008f959f7dc68b8af0dc2cabe0d1548e8138a27f34814340ab27a3798429bef332fea84b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
074c96ef232accaf7a30c3d9cf0cc831

SHA1
4a355548c921621e295b4e738d1367c3da6295c1

SHA256
8838eb30f9bb42395386dd53c0dcb4c450271bea2f8255e93b8078c6a8967561

SHA512
e710bfb9114a7d0ba6abd71e21d9101d317bae093fdb8639d355b053ba91fdadb481147084e17e0cace48a9077769ac1c6a8fe04e9a23ec51cf37969ae7e2488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
02f74f73aee3c2b3612462b0fb4b4728

SHA1
8c7e00a4db5af013a18c4c9540171d020474972d

SHA256
7f66f9e71fa343c4bd999f4a913590fd39308421b4c7cf829b029c18042c2491

SHA512
9d8094fe5caf20ad081a989dc594b4240a90867e81bc5d6827fa7513fade281e3204ddabc37a38f3a94610a0c3ab193757db2412f51969a361107e3b465a699b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2236cce880b238668515f1ad233f0184

SHA1
20589cb7181272bbfc0207ea88a42117becd1866

SHA256
09b9883b5661ab28d4eff37a2e5e9294d63738d1ee32fc5c83b2fd32854c89e8

SHA512
690ebb0983ff2e5375be53c41d20a63eb70fb89307fc67fb4bfe2411f9b3a61ac9f7b802f8e881e807fbe882b60dbc6c10945b3c01d52d2cd12de54480701f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dbbb8c0b77dbc6523e86ac620ba69574

SHA1
6322be837c9b52622f21ee0174345f360ac5d746

SHA256
be7a6852bfcbc84ee8e2c54b2d3f39a80528bd8d882b534e72616ca10ab803f4

SHA512
d3a2c47d3d0e37d5687e0fc75ffd0417e0e822450e105d41bb434d54989feb6e8eba18cb4d6779402ec22d84314a2d4d0f28487086837aa2dbc501da0e111f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
076ff396dc1ae17bec8d6f01339c3764

SHA1
65b5d2c25571a8feaad83266ead410398d23a258

SHA256
a004c33add93855b6f667b8020fbd95be0f604426e2c6871fe72883ea30c9d92

SHA512
8754671f61fb5d342d8b271ba416c21bb2fd94504179ff4ebc5db00f4285a794e9cc44c4d0713c588a785d6e291168e64e3ad9d83f934c4eb0630912f1c70d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
226KB

MD5
0486ede139a91abcbc10b898bdc69682

SHA1
44661bdba5684263f22c9efdbf912ab8dd227ed3

SHA256
fd6b28a67d716f4fd0e86470b94fff5ea8615a85c3e936c25ea7dfb342a031f2

SHA512
4211b454ead5613cd7a01ef10b7062044c02b7bcbad756c588a4cc6c56392dae651b54de76677a2f2564bd5687a9bb2e2c27d1cc1513a339176a9aa4778399ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit