hxxps://drive[.]google[.]com/file/d/1FPwsdipFLFDJSjjxGVXXNIN4KerpuFbF/view?usp=drivesdk

Analysis

max time kernel
149s
max time network
141s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
22-08-2024 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1FPwsdipFLFDJSjjxGVXXNIN4KerpuFbF/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
4	drive.google.com
1	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688157706739862"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
3720	chrome.exe
3720	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 2880	4988	chrome.exe	72
PID 4988 wrote to memory of 2880	4988	chrome.exe	72
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 316	4988	chrome.exe	74
PID 4988 wrote to memory of 3692	4988	chrome.exe	75
PID 4988 wrote to memory of 3692	4988	chrome.exe	75
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76
PID 4988 wrote to memory of 5112	4988	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1FPwsdipFLFDJSjjxGVXXNIN4KerpuFbF/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd9b2a9758,0x7ffd9b2a9768,0x7ffd9b2a9778
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:2
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:1
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4608 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5092 --field-trial-handle=1828,i,12064061804281862862,9707912497516611485,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
c14cd4ec77ed3eb297e294360af12b47

SHA1
5f80822679586ff73df560c2492face1da5cfb7b

SHA256
32dd24eb0d95928c05fce508ade1d81ca0fc70cbb8ecbc1f6431bc45eb78a341

SHA512
678e567011de1701b410ef6970e3cc2f56be4219306a3a74d55f688da5d03ea40ec19d14f20b39dc2f44a9024fab3ee2933987b93c7750be758627e7fd62f02b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
776ac8e1127c4ae3b589ba7ddfc8d08a

SHA1
6ea070343b68c8fa0e08152811934d5f46529fe6

SHA256
aa244a5a8fa887d89f6c4bb57ca307f6716764ebaa209894bc9bb860e4d8036b

SHA512
a4a2bf4131bd6ec0597be2fda559eec49e27d74cb0e168ebd810672f79db7430b610012a5f759d3866b3a7c150bb6a3c474f66f7826e5f8731c0eb75a3478733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e6004545f71d933929a0cc6de9b5a6f7

SHA1
3d1e4c5d07d734ab9b7991440446a3080673083b

SHA256
b89116a51cc9cb339b14dda62e6185872039d39fe536e75b66fdf665e117cc9e

SHA512
5f186a040a280e75b2f83f3d806616b5d4339722f9caa2c9349adddd5eff12e401a26cefc4375510aa15f843c649904080baf1d5273114b0602911ad117a2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0b4dbc6a4ba9680c704c03e788a2e233

SHA1
635de7befa881dcaaa1ceec758a9808a0e675622

SHA256
0bae199d75f66506affa81841637354852d4ab1741e5c536ecf8c940bcfe4753

SHA512
d35c8fcc7d6fe41ea5c628eb93afd9920de8c11c298b4a04c7bd68081d9c2ffa7344d1b9f0ebfa0a3a339ffddab92553f60a9063d13c463c0e7dfacf1431422b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f2632b12763ea6e53b36ee89f84dd88a

SHA1
9b14b37b1a85bc7afd3ef60093b7f61e2eec7beb

SHA256
908f536636ee31f55d6836ac389a578ce81a75082d9337aab1e783506c69cab2

SHA512
78a21b0a1450bc8790098ff38f1e8ec3d21a1156aef0af64bf86c83585a5a0c26c844a1ad1fab2b0494e2bc80b0d494d24d48a9ca458747a06030b2c3c3d4c5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
53d665de4bd332731a99b2a3d4757e8a

SHA1
fc3aca64b39772b219cec6d4f5dfff0ef2783c86

SHA256
1b5a0daae6e24c5eb1d6290e612d906a13ca88353a9c2bc3cadf31d04942ead2

SHA512
5f507d489b4820800f1ce5984d4f15fc951fc2ba04bc734b80b928e99f970ec9e0034e8ece6a53548319e951cd743c6deb1e8beaa40bee933886bb0cfde5d88d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d301a268479151d88a8204f91722ee42

SHA1
50f90b083cf7b79a73e52fee4426fa912e762096

SHA256
58886bd42829ceb1f24dfcb8abb67beba8c3262a6be6e325bcd4a0f0eb08b5f6

SHA512
38b2de8b4df0985b2406003a00a7bc94772ab54487cc017cb07c6b654dfe6d70736060ce673004f12a6b8c3ef8be25e488a79af022a345e1411b9d0a8ce03e8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
00cd3786f9d837bdc90a6aa579a2bb50

SHA1
d23909006b3fc74ce7c5d06288e95bb0e00cd9f6

SHA256
3dfeef3e01870c3a4791f434cb86296e2fe8a1ddc2cf4327e0f128da190fcc22

SHA512
d9c0a880ecc5626fec9b98438b4664535e728fdc9c10ddfbf481919102cb95e3645efbc23c1e2cc030ccc696b13c20ef0408b124182f71b4a0e44c5f941a8c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
fc3a4b3d220ecaf0bac1fdaf7646a543

SHA1
661da5906ab60adf492c37a839ca2c80cbc706a5

SHA256
6ffcaf19478114b6d261cc93b8ad38c6d1fe1f03218c7c932ab3db620fd94913

SHA512
c407d1e491c3aa9387816a217c6f55348533c96d6b869bbd44662d25c51bad1f6684ff37c2a016af08c10fb376e40503e524f0d6b26b39e515a8ed8454aad79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit