hxxps://u[.]to/ah-AIA

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-06-2024 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/ah-AIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638810525357451"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3456 chrome.exe
3456 chrome.exe
4644 chrome.exe
4644 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3456 chrome.exe
3456 chrome.exe
3456 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3456 wrote to memory of 452	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 452	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 2440	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4524	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4524	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1356	3456	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/ah-AIA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82e889758,0x7ff82e889768,0x7ff82e889778
2⤵
PID:452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1920,i,15646376250584204526,16232833194094183937,131072 /prefetch:2
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1920,i,15646376250584204526,16232833194094183937,131072 /prefetch:8
2⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1920,i,15646376250584204526,16232833194094183937,131072 /prefetch:8
2⤵
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1920,i,15646376250584204526,16232833194094183937,131072 /prefetch:1
2⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1920,i,15646376250584204526,16232833194094183937,131072 /prefetch:1
2⤵
PID:3772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1920,i,15646376250584204526,16232833194094183937,131072 /prefetch:1
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1920,i,15646376250584204526,16232833194094183937,131072 /prefetch:8
2⤵
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1920,i,15646376250584204526,16232833194094183937,131072 /prefetch:8
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2804 --field-trial-handle=1920,i,15646376250584204526,16232833194094183937,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:980

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
ebfe55f36a532411659226624fe0e788

SHA1
ab5d22f3602b35ca8ff2c7cedb564b3227bbee8a

SHA256
bd1805c0362665bbbd93aafde185c1fe3eaef92405ed6604cf0c8ae20eea14a0

SHA512
2feb8b4f3a536290096d0500f2241d4b0918181a179e6f50275feffac762f0b2fa501ff9c44be981e8ecbbb4566fce2cc19de06e3ac7cdc833579736577ed6ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
1ca4ee2277f9ce3d44a1f45acd78b1ae

SHA1
f45c42c184bde102cc961cbd0ee449e733c169a8

SHA256
bf25e57946f40e98083eb4697078b369cb37ea10db39664aaeae69c91cad2068

SHA512
69594eca2350e038dfee464cdd29dbc43e55b9796935cbcb99a4c2b22e03b2a54f470ccb5b3fdcae80f77e13b25dad0eca807b2bd0990569e112c944fffaa2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
986B

MD5
1ab3dd2b71ec67572b7054117dc59b1a

SHA1
87c3d330527e6bf50b0998562c44fd68127227f4

SHA256
d594cadccda3516720641efad534b28ba02dba9ae15da89eaff728c3cea00e6f

SHA512
7867fb502deeefd978b0b5b6cdd6b9c81d34255599f64a1faeee850c8f55b7d2040a352014b3b628fdde6ccdea1c58220201b3b91d377abfd733734e188fa628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
537B

MD5
9310de1d02ee113c60d97204019fdbbc

SHA1
959d3e17ae4dfb4747e6a7b465c72cf670b7d1ab

SHA256
25c4f12bf924f2b2f2a26959d28a9e80f53075bf78f76c3947083828906187f9

SHA512
bd996650e35906b0a7a28e5e087e1be5db69b3a2dfb59a309d53a60564e1fc54cdc995a8bce6cf0fab9a077bd9afc678971e5b563f61cd8d61251f0ebf129066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b951aaf4830a0f4a0e526cb9c30ed6b0

SHA1
9fc681fa1d9e3a643898359964ae518c09eac214

SHA256
56eead42968d4da0ab24364aeb0360f9a95ebbbc8d2f05b332cd2c549e9d7940

SHA512
21d98b105fdb18e69f4ceaf4993326cfeb4671638be5318326ba2303d5bdcb2d470e407e6858cb1c3ed58eb618925c028a54d69a9500aa6b39281af362c5f279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
09b79e452b85ef93e7dd65bef70aac71

SHA1
2b788cf14da8ce446127e1af21ed188289e82420

SHA256
9a4576ff4133e66b488e3446513edf0a23b0eed1d29153f7f140129f289d8aeb

SHA512
bc669660ff1ca0a066bac28d2a1e2dce3d4833b6365927eaa542adbc17c3827548d1e40d1767d04c786b5005f6acab18485f3e3f090d838d5461e0ff8fa13582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b7e7a20122120fc59cd11e6ccb56a2b0

SHA1
407e804cde0b6aac8d67fa5dd01de75d1ee0cb85

SHA256
bda501ec7290d2489f07c009461afeac8f50971901d516c7522df38af1aee03c

SHA512
0ef2352f0239468b9bf12df6e45bc1f3578f93118d39235eaa939538d7b94379c1f12760a27fd17ae14831e56b8958e83f0eef79750b002eeaf1daf3c778dbc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
5f224ff9091ed384e0f122688a55008b

SHA1
9a3d1a733b8959ad727c0f21e296ad48061caa83

SHA256
dad963b86a3f4ec5ba0acc44e61dcb9a57d4cd5921417203be9c0c0d9e18837d

SHA512
28173b5edb0665dd5f35f4eb528623d400a36b43686093fb3d70f39ab3dec899531f24b806715d45093c0ea302d67ee558251be9a4e022efb984cf52f7650835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3456_NAGKHJERTRLYODBJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit