hxxps://gta6demo[.]blogspot[.]com/2024/04/gta-6-leaked-demo-download[.]html

Analysis

max time kernel
1799s
max time network
1788s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
26/05/2024, 16:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://gta6demo.blogspot.com/2024/04/gta-6-leaked-demo-download.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612137422289106"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 3944	236	chrome.exe	79
PID 236 wrote to memory of 3944	236	chrome.exe	79
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4028	236	chrome.exe	81
PID 236 wrote to memory of 4092	236	chrome.exe	82
PID 236 wrote to memory of 4092	236	chrome.exe	82
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83
PID 236 wrote to memory of 2256	236	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gta6demo.blogspot.com/2024/04/gta-6-leaked-demo-download.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff83ba1ab58,0x7ff83ba1ab68,0x7ff83ba1ab78
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3808 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4052 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3088 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:8
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2428 --field-trial-handle=1804,i,6312795745903721530,7494173591273443765,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
f89037fdf8448f0538f463cc8c43782c

SHA1
05d007a79edd981920f7530a4a8bd512ee810dcd

SHA256
4866750daf647545e57e1f02b08d35def16f199834d82656332aecc33ecd8f41

SHA512
5954c58f15f2466cbdeb22aecfe0db82067bcffe8fd604862a6d742bc82a2a73f0df397c3f76532f78cccfe35ff335862ba337fc940d593a9d3d2053b5d80024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
54a08c729dfa8569c040f7f3099e75c1

SHA1
c4bd761711fcd6f489816b221416913ad44a0c7d

SHA256
35eb90d32f7c96e3f56f30612194863aad90d14f6b23ceaabe0a6327028d300c

SHA512
48537f93b9511beabc99085d605fbd72c936703efdc950d78690b57d81febc57c59bd9ca00e9a275722940fb8419c4ff3f902088a9c843c0b795e52dcb29ecaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
18724ffc56a65fc3775a78abcb947cb0

SHA1
29f08e394d0e9f723b1bb001a79896d4a64051de

SHA256
95899d5aa1724567945767b04931c7ccddfd963bc4f7ed079119e2bc4a3f046a

SHA512
90f834b4bc6f225136b4b34d2d7b070a1728a40264379b6bd153ba671cda518ff72070f5ca6f2739e85efce3ab48c137697eef97af9c5a3c073cf85245ca7db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
db400121ba97a32f446e517d6f41c501

SHA1
82ebb55e9b7361c9adbfe722d31fb65051733a41

SHA256
a6bff56b94ac5c962e1024c4e09d450447372bfb88f54d4b920465947338f7fc

SHA512
359345a2af5a409a4b66a6c733addbc8fbc42383a86a625e5581269593b37d7c1ba928a5a189fee84f40a5794ef046454cfee25f0138fc74333470aca2697372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5e057375ab7e994311be06f0663226c0

SHA1
fb9cbf546784e745cf0fbe7c6c1e1dd945947aae

SHA256
c329a78ada7a2f218e469ddd72d1c67501580f71c0eb69b9ee90a3751a1f33ce

SHA512
f531f7847831864c9bd6936ceceafd09d5e226a77ccd86b3eaf76b024e4f6254dee59043e7a6a39ceba09fcbc3a5cd30e0ba3c0e78ee03b4735f76771e0b6cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
668c8629dade3825b3ca0f84bb3d3041

SHA1
f59e894e5fb17d37f0533b8395f501d907f02f52

SHA256
8811f385ed8c619d019e85d19a3a00b17b72b1a88129da98667ac2f608e698c8

SHA512
2292fa1af3d071cce0e1f5f4bcb93f899697fca9a1f6bb0dd2b6b402e0ea34f5051158b60f6c887dcc4599e128beb50b5895b0aabe9e0ebd4f543bba4d004755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9fcd4d9ee13883b37249fdd09caa7ab8

SHA1
91e99d47418a6fc4a5c7e88ec4c0541ac6de633f

SHA256
60ca1b10464a62b13e32eeee3788d415f3a7083e9722f03b542ecfd71d7f185e

SHA512
4e0321f0b3b05c090e47d1312cde08158c7d42bbafa2420dc9439801e338895d5414df6b98ae3ab3b17cef313e67de7c9abee149d6e4a582a8ce85bfa68026f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7e52d19a1f2ce46b51b97e78b299c409

SHA1
e307c7901be7cbcc2dccd660d1ec0404b3a3e972

SHA256
384c97525ed7bb1f486f69770ccd860b0d0e53ea315107a8c17f2c173dfa504c

SHA512
89961ccd670e9a846330d3af490b192980c2822cf8b9b4fb690f529435609bdaecad9f425bc96a6a341399dafc6076a5da702165bbf1813d1eaf9f70cb972aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
dc36996823cb4a71c2f1c4e795724e06

SHA1
be7f497e6e595355f038f24cd060f06d4b3e0eef

SHA256
96444af3f7dad8d8758ab00449ffd5cd9bb9802648dfd78c40e91ede562ee3c2

SHA512
968567a7e023ff4c6dfae8be583ef233f8521cf5210251a278ca494e9d293966b8dd15166316743a351b765abb1d074e612b95256515fc7950cefc812d618439

Download Submit