hxxps://drive[.]google[.]com/file/d/1UfVK6seO5inrUnQZfi6GT-WU4M5evJn2/view

Analysis

max time kernel
599s
max time network
529s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
11-08-2024 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1UfVK6seO5inrUnQZfi6GT-WU4M5evJn2/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com
5	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678884235746653"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4208 wrote to memory of 4552	4208	chrome.exe	73
PID 4208 wrote to memory of 4552	4208	chrome.exe	73
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 648	4208	chrome.exe	75
PID 4208 wrote to memory of 3660	4208	chrome.exe	76
PID 4208 wrote to memory of 3660	4208	chrome.exe	76
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77
PID 4208 wrote to memory of 4220	4208	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1UfVK6seO5inrUnQZfi6GT-WU4M5evJn2/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff844239758,0x7ff844239768,0x7ff844239778
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1808,i,1728657930516722228,15353475611386424162,131072 /prefetch:2
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1808,i,1728657930516722228,15353475611386424162,131072 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 --field-trial-handle=1808,i,1728657930516722228,15353475611386424162,131072 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2804 --field-trial-handle=1808,i,1728657930516722228,15353475611386424162,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2812 --field-trial-handle=1808,i,1728657930516722228,15353475611386424162,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1808,i,1728657930516722228,15353475611386424162,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 --field-trial-handle=1808,i,1728657930516722228,15353475611386424162,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1808,i,1728657930516722228,15353475611386424162,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 --field-trial-handle=1808,i,1728657930516722228,15353475611386424162,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f512e44a2fb528ef5b87a13574a5bbf5

SHA1
41195b4655d76958ebe3d8e5d944f136a612a2ec

SHA256
7442ca997568cf7c805fef046c01190145117fead7519955d17d71fe4c4c4cfe

SHA512
17a3bff9887dbd45ee10507f17e9a4c28c1d790101efc4682eccee66676ba693efb673c3edfef696cf19365e6a108f8f0bc47fdaf4a57355750de6b9de4e0701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
677cfa5df223be14f1d0732aadbc2375

SHA1
77ace9f48a58cc2f48d2b55947872327c110db3f

SHA256
7105cbcf274e7dc03b9c7a1935ecfaeb3f174aa91cc5ebc15d7dc02a5ccc4d13

SHA512
e38dc2252af54a0862c992393b330b8ca84a788cf7d066159015c840c5eb0814bf35df19793ff307d4e7fae5df3e353738ba1db9e5007d933874e91becf11884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e18434865407ba5db0b61c686a310da3

SHA1
b253efe603e454ec2bab95b216984226b3034cef

SHA256
5c5d445ed2e0bad4653d05513f9606364933b257816de4b2773b33683c5d5cc0

SHA512
30986d61f39657e5af8c599730805b27cafd64e6a1061305778e2c95eaf280e17ee36c0849357b353f6aa6bcd6ddca870f662c726c1b07ae09376239514168eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
efd81ab5cc23984dc6cc047884929939

SHA1
e66ad2445d55715c1fca6ae1dcf744d428e96b9a

SHA256
810a087ad0179e4abd7dd20b64e6c1eba86b17cc1c31d6e5c5b7afd19bc64ec2

SHA512
0d30898c9fa9833c75b061dd397b629f7a7700d116e178f6786c2f4ee1c64c209b744b275e1bdf92659cd5baf1459c7470e8f2a4b9aa14d0b63f636d80730fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b55cf19f98a41c69592416ea3dd0fdcc

SHA1
5768cc7170dfee9203cd50c7c593a5258c69134a

SHA256
dbd48151a9a15a6b0ea45d2902c3dcde1f9ccc17e33420201c2df5901fc20ddb

SHA512
f6e1f80c180be0a26ce68a56f6f28456b9191dd0c6af6d27d52fdd640683040f435b2027b3e187d1bde004ab1b80b44d421d040a01f576e1d921316588d4a254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
acccbea838e1eaa4b56c1fb52b21aa5c

SHA1
28b6388b5e0a5124ff392df9b433824b077065b5

SHA256
6d8ebf4bb0f1286271c4d8d800c33440219fca608baa6ca3485946fbe8efaebf

SHA512
495134ff6fe366b82dbf7d3d3bf0ae8e994e6bec34cb48bb30d4e849554b4034da0d34f2b07f242c1e2a7a0cdfdde5076ea875086dcf5f39f31371acafd571b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ec111d65b279d28922db831f4d574977

SHA1
205358bf6e27d148deb8a6405af11894a2c94663

SHA256
7553f6f1f7252134c52decbde7c407b798a21f1a5961f60d1878a13e0566724f

SHA512
43f9ba69f5f5803b042e3318e54c8607505d6b94b89eb8f7ffd3f8e1c7ccce83fe3fbb76482763977f23744d514159bcffac0c8a641f7ea72549dbe5585f009c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8876e40d9908149574becb41f6d0a937

SHA1
9de1b449db35602ed268c1306eb8be4710bb1ffe

SHA256
60caf880c4d4b9d0a78303239ab91dd5fd33d77c239339872634743c3c53d6c6

SHA512
f0a88d59b5f815701e9de56f3787c463a2d215410c52832d747544f4d390c90113379aef081460a650ce0fd64f2342723a7d9699bccbc648497a232b21bf519c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96309785acd6d5afe90a586bbd0ead98

SHA1
5e0389a5a63594ca018f508a40071f7235a995a9

SHA256
96481ae4faa91ee1c8ed372b913e85ebeb07ecfc7e2aad2ce86e73acaf396d51

SHA512
92b3573d8d0383813b3b08711d2e74bc65002080ac3de08ad594f3d68503ba2b387f1303a3f18463d9f1945f0db8b0de68c5e5e1e59139ec60df9751c28f04e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1a562dcb5422b6d041665134e851906f

SHA1
f65da8de4dadd47c1e449973c155fc8ef2c1c953

SHA256
d5021a77b939b98f4502306bafc8458aba08466d07db5dd27fb1c7e2b6f19216

SHA512
1b6f77b04bc95c8df6a235bdef62880dc163f24e912b0fe970da9b8bdb2b5711088182c841cd63c704426cf86dd6ae90c5dd136322f259c3a887c925459b0e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a5f71786c5d6520f673ca5dc41699e4

SHA1
e343853d6f57af2a0ab81b18b317efadf003d84d

SHA256
219dcf6cae37bc5cf3d5fad2a10a8dc3a1949d9bd3d76fd5768316a0d7d93779

SHA512
ea606608ed675f5275ddcffc7ec0a46411e36e6725722f6d8d3db575125c97cabc8a7fdb4900804ba9b32f35bcb05acc7ec1d4cc81b8e7ca017b846b2314ddf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b3b6a1a202e6aa6f29f1ba5145da5bf4

SHA1
f86f98bff0c0aeea78dcc53862a8e42e95c44a53

SHA256
f58d4be9b3ca52875769f5e185e2a0893ea9423c3a36691555924ecf97c307e4

SHA512
e46177af0e0dc7356d86d729e92e39a6c89f54957091442825b3aa7aac95b6dfea4041f2b10ff4397e14a2f8bcd28c917ed26a25fc0ae99ae65f5760a2903a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
fef3a6b84937d2d5aa851220867a94fc

SHA1
682d25e45a5a9eca6d4c7267d1966e43a5e37633

SHA256
37f27e3c797fec6d24f3aa9ac7d041d9083cb71e9fcacb52d598932a75bf11cb

SHA512
0c7e5f86d036f723d0b2139145d6d0576e6e15c9f90d42c004861ae301a15f7f7bde95a5e8d53398664a8db4c6a3f6b94efe0a0dc6d362414d6be829d3ddf863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit