hxxp://www[.]winzip[.]com/wzgate[.]cgi?lang=EN&url=www[.]winzip[.]com/whyuninst[.]cgi&param=dsi%3D1273%26nid%3D-%26ver%3D21[.]5[.]12480[.]0%26bnc%3Dnkln&osbits=64&wzbits=64&x-at=nkln

Resubmissions

12/04/2023, 14:53

230412-r9kczaee2t 8

12/04/2023, 14:47

230412-r52rfsch84 1

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2023, 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.winzip.com/wzgate.cgi?lang=EN&url=www.winzip.com/whyuninst.cgi&param=dsi%3D1273%26nid%3D-%26ver%3D21.5.12480.0%26bnc%3Dnkln&osbits=64&wzbits=64&x-at=nkln

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257916639134730"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4256	chrome.exe
4256	chrome.exe
492	chrome.exe
492	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 3620	4256	chrome.exe	81
PID 4256 wrote to memory of 3620	4256	chrome.exe	81
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 3652	4256	chrome.exe	82
PID 4256 wrote to memory of 2956	4256	chrome.exe	83
PID 4256 wrote to memory of 2956	4256	chrome.exe	83
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84
PID 4256 wrote to memory of 3432	4256	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.winzip.com/wzgate.cgi?lang=EN&url=www.winzip.com/whyuninst.cgi&param=dsi%3D1273%26nid%3D-%26ver%3D21.5.12480.0%26bnc%3Dnkln&osbits=64&wzbits=64&x-at=nkln
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb61ac9758,0x7ffb61ac9768,0x7ffb61ac9778
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5064 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5488 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=848 --field-trial-handle=1820,i,5293438349755214147,394715997354251181,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4588

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2bfbe207-3dd6-42c4-a2da-af5dd0cd5a8e.tmp

Filesize
6KB

MD5
08a98898cc3c5082da0ca1e33e55c043

SHA1
e1bb03f36b724c6c4cd48196c7e2fed171e24274

SHA256
cb823133d7443870cf3bb8eaf979945f12a583b0db0f97a187fd6c8714cd5bfc

SHA512
a7a7bd91a37bd37d0079c1dfdae4664a4448f62062556b6bc1b07cc7b4071ee182578b331e53e3637bfd3fdd50e206f65c6c5d26fd50774f1b2a5a68cb562090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c6b01c526808a91a607e7249936d601a

SHA1
6c31f70a5576e9a457a0fb29a6b4014cbb24c775

SHA256
c7971f233746658a6380a7aea915116ae2104db59903218fa1f6aeebd14dc680

SHA512
bbe4634d282b9bc750824b4332152c90eed6b02aa64e202e4130ffd11b582657ef681c5823beaefb1b4a6fcc294721fe1965d5f8b65fb75f7aaf65488c4c8e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b792231c524f5f5dcbb31dc27c309f9d

SHA1
f52dacc99bbf1d42f92f28aeded0c4d9e1e8c01b

SHA256
8ffcf959ba2b586a3e028e4a6e3dd23d45a713b5011c4755cbf9dbabfdb93660

SHA512
2f4740b10d0f7c1ac261b2529cedc5d5c102bc8571bd533ab0367cdb7f3e03a2855ed385acd8b0e9dd221a38c40d855566857bfd2fda8598469e4f40bcc31194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
33244319af5dd92c0b78762472309d1c

SHA1
e1b2828dc4ba5208e983d03b72d00227171b4c82

SHA256
1117f5c8a363ef200ff9263a0b5639f8ea281433e6362a95c6307595d72fd51e

SHA512
3dffc72c5a61eb6b8814fc99e03aa7c7da96981112565af6335340622bd8346575d4c822cc1069cbe85c8b0bec957cb90f5e254dda5df78093dc625138142d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
126ca7b23e8cd1dd35f09710d3eb7828

SHA1
ea3ed28989b35f985c68d84cb8678b381f8bdc3b

SHA256
e2a3b66f4fad1f23d4972b293bbac190286dcbf3b856c24c0a28dd01e769b329

SHA512
c08306c6ef700d1306507a8898e7010bd25df67678c2480854818b26528b6a5afbb974af207e94b8b581ca5a1792b038175859582f7b9e14eabae82c2d0dd2e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a2fb3ea0cd243c24760e3ee007374636

SHA1
eca846d698cdebd2cea574c6dbb8443d8ba42929

SHA256
0b36c372fdd3dabf239abff6bcab08928cefb12e479b40cb38f5a840e16519a8

SHA512
6c775c7b78bc7af2e68c59329691c58e8781070a6b2d91734117f8dcc1eb462781d9b803fb47a780f1b9acde833c98177f377a3e2b40aeae5008ea71e939e160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
7276226eda1adcb3b999484013576984

SHA1
c5137ab684c9e32ef97f66d10730226d15275b97

SHA256
52705efa0bf5b5abf5fb8cec04a5fcc97878c768848b51f555ba3c8ce74759e9

SHA512
23d6af2411bfebcb877f8378298c06761fdcc64b2efe2e1aac1b796452e13908ea61fdda7043034dd8bf6e84a1ad71c4e18b9f3282c1b673e2f0c6259454f92f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit