hxxp://Activation-Xceedcc-Xceedcc[.]activationsmailmicrosotfonlinepage[.]com/?s=a2hhbGVkLmVtYmFieUB4Y2VlZGNjLmNvbQ==

Analysis

max time kernel
87s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Activation-Xceedcc-Xceedcc.activationsmailmicrosotfonlinepage.com/?s=a2hhbGVkLmVtYmFieUB4Y2VlZGNjLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512510252330953"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 460	2600	chrome.exe	84
PID 2600 wrote to memory of 460	2600	chrome.exe	84
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 1440	2600	chrome.exe	86
PID 2600 wrote to memory of 4452	2600	chrome.exe	87
PID 2600 wrote to memory of 4452	2600	chrome.exe	87
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88
PID 2600 wrote to memory of 4636	2600	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Activation-Xceedcc-Xceedcc.activationsmailmicrosotfonlinepage.com/?s=a2hhbGVkLmVtYmFieUB4Y2VlZGNjLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d43b9758,0x7ff9d43b9768,0x7ff9d43b9778
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:2
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5352 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5448 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5188 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3092 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=744 --field-trial-handle=1916,i,7259238520422229363,7134560688002900814,131072 /prefetch:1
  2⤵
  PID:2960

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
8cec90855f64514b570be4c3510516e6

SHA1
84c58be50f9570b20717372272d33c56dfe02871

SHA256
ae6917ae2b40d5383f7c310d814d59f5ac488a4778c87adccc749eb19358b41f

SHA512
11497db2ba7ea5019b8ac1b732c8700bd26d62528ac176d772b701b7851a5a1c0c3cbb15b2c794bc3cb2056c109670f83bca32e7a5ce8866ef9390506ba8d420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
306c08eb660f0acc2ff1fc2e4b49eed4

SHA1
571e4a2c623232ef0f98f919d4547d27fb106aee

SHA256
64a7efb2bd95eccee3d678f0ffd0e11e3d132559ce9683ad09d073db7df76589

SHA512
c8193bbba845a3061e054f2518febcec0c5d821afd7ffead7fabce701702cf60f1132cd9dd336750defae8e77076182a9eecdf04db3c09adfac15d245aef6899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d1860f2776419c40b4dfbb4d9fb9f109

SHA1
e7d2a7d0fd769d7fa4279f69d441b2090afb71fa

SHA256
e3d9637c1aa9f06504f353e95955acf1f0052046805680033c27c50b49d5ccda

SHA512
af3f315fb7522ba63e08080a2e72b240d9097388323e9fae199ab553fd541c74b1ef7f379ef4cf77bab4e8a9a873aeb79be53e255005f1d45d6ff8bbed4d7ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
1bdeb3f13732cff915151f8c4074af73

SHA1
1fa495cd08a0381b8729d512c34bc979e4e70e93

SHA256
045b35e78a15b420cecd257617eb5abed74e845b100b98187a890472ff956de1

SHA512
38feb172e1b63f7aa149329c155a8bebfa79238ef2ae6312718f8e86f896d7bf02b15c592fec160b3e431b7c8eda10db88d39edac6bddab7e71c924af7e8fc84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4e090894c8f69fc70129ae0070460011

SHA1
b712d749c0b3bcb2f8bb20c0355dcf09a1403d1d

SHA256
068577552dd08ab5783c1ea6d5ae948b0f72d37b4a97dde0dc736f23bdcec0f6

SHA512
a310502bbb0545808c6837e2324bd5f22330db1fa72f72d6d333c14cf32db415a323b8831bd87d1ef91e9e04ae8a68718af57235a7ff3f35db0e4754144b8d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3ef59120e2d5723b10ce82eb4279ce6c

SHA1
d6df489b0c754255281bb9a975576b3aa6bd7896

SHA256
c9231416b1c48843418a7d6ff3180f0fdb7f922c91b37b7df89502ba0eb62dc0

SHA512
6f3f77cbc3fdd82005f3ad76a1909d192ebe661fdf49119f703978640229de01e61383da045a5fa365a4defc065714270fbf9fdf368f812a6f80a968085ddf1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
58a4c98093d686b5bed82be7a1e32359

SHA1
50a2ff19ebfa7c9f606038355edb53eed821f03b

SHA256
fee4b25b0965796f663ce0f5dfcae4f1f373cffc33739522bd00c44cf3bb1996

SHA512
582ca5e1dfa9d548bba2cf495493c481c8b4c3a83a762dd69eb67815ca0bf79481db9eadb211ee4d6df4b9407ef57fb61c333c6720ab5c1f077fa9f92ad06b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
da3fcf0876ed5247904d54d634bb21d5

SHA1
48d244a5984c075136bc26e53bc617b0f366c303

SHA256
a0711e84c5c136b5f56aac155e6f56d6f86ce90f88601ef12f0f27e9efed92c2

SHA512
7ced631669ad35240c81f733718ebab8a4d4e1a96cb80dd4aa57f633a6c4dfaea589cad4c2476da72c943df0819cd79391234ac347b287d2099208ba0a214ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
28da8d9be94de1cf3ee12f6e98d6df53

SHA1
5cd5bc1fe634e03d6ee0d3bee1d2a1714c4d979e

SHA256
2eeb2d36e7b69ebca592cce37f52d6222851ced4bc81a7e65569e54238284b50

SHA512
91210426c2f1157c70c8ce7621bd64fb41391937ca8322e3c6ad6dc10ccbf97375bc577bb1684f79ea0a7f5bc047a88c9671310bb7a87adce1a1b5344380a250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\de1c2ed9-f8c2-4bb2-a71a-4d31d341e879.tmp

Filesize
114KB

MD5
e40b122cb565c64e846d522ed14f09c1

SHA1
e58beb7c403921381c72396f39de096191f8204c

SHA256
4fa5489f553a0e46bc649e64f38a51bbd43ede6b306cd4f85d896d9d2642a698

SHA512
7e16965354fe6de3fb9a4648de734b1588eb27d0b63fcd24bedc83e1b25189964987f721529b6d0a35247d10a4f5ca237564638a03692dd865edc128a148d23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit