hxxps://s[.]id/1GmbQ

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2023 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://s.id/1GmbQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133263325115438513"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 1588	3752	chrome.exe	83
PID 3752 wrote to memory of 1588	3752	chrome.exe	83
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 2420	3752	chrome.exe	84
PID 3752 wrote to memory of 1236	3752	chrome.exe	85
PID 3752 wrote to memory of 1236	3752	chrome.exe	85
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86
PID 3752 wrote to memory of 3236	3752	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://s.id/1GmbQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd8e59758,0x7fffd8e59768,0x7fffd8e59778
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:2
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3936 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5544 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3932 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5084 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2340 --field-trial-handle=1824,i,5454835654015425528,15572260776252896410,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
afc272e4d16df7d0b68e96e59dfc2b0c

SHA1
56ceca9077f3bcf01c3394037906211bfca5bc81

SHA256
aa21ff4ee80647c0c228b484cbf8b5efa4b16e55b9e39dbd0e5097ffff5040a0

SHA512
66225eac5e5c529af587a85a7c6190f1eb8370b769e455e5865fd8ec469316cd8c8c087c94431a1a0c67f8614d1115913030cbce2a8fca07e51e68cc13c8115a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a3c828f428a7ac23a0ee1f8e16f437f5

SHA1
93ecaa411b866824de777b4d3a6e7655c9134d35

SHA256
781bc15e1a14699aca1b06989f3ab611af829f37c50162c17e90f996c2829909

SHA512
f2afc4b2f641406ff396fafda58b27de803a9c3879adaaea0402145fc3d99c93aabe51885046aca9a67981b23fdebb3ab88bd1e55bec24cd5596d21b4a31eb99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
c1202b5a4aa10faf23e16d223b65c5ee

SHA1
9b555763f6107dab43579425e7e287d9ec3473c6

SHA256
c1fb71e4efe54615be7d8b2a9cf91720c3eca522374d5acaa95e15ac18ac9c50

SHA512
3177be58bffa741c5381bdca5d724c57126606ee62d5d1828000970a7512318549142e617fc2bee1908b4ececebfce21d0ad0b37ac5163ae7ebd48da3c659e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
62285a2fd0ebddefa779e0d093b1e42d

SHA1
a333c3f20b200af02167597a088f695c7390412a

SHA256
c0ef0fb23db792eaeaf310ee9ddaa2c1d62f3501bfd118bea4e7404da66dc8e1

SHA512
e8cf84de376b41502f1157eca3e59c71de70f05dc86d54a93341bc857281ccf3f269e8ee97c84710e247ee7f9afc306bca6b0d81a7212be12a45ace2983c584a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a6568e5a522e8bc0aa26ded704a53000

SHA1
5bed84d3c5d460ea03bd9aca9effaba2723c5271

SHA256
1d6b5c6f4c0fecd41fdd91b89cd2de09edb077a55fe20cdd09e250a63802faea

SHA512
607817fd4e64e39854c921c5d1b1ae5e76e9c573c6805d7f6a49c2a00b802fde4af9642b249918182d86a90292d5bb4258ca463a52c978f41b7ab96b0f4fad45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5246cc1962f8cd649a0e724249e7dded

SHA1
3c7933c914f138f5d42c2d8d35e21054e2ebb939

SHA256
8d323855fb9562a80e88fe3c4455fc76e827df961119cacbb6f424f45714c08b

SHA512
77cef0181566a286e653b98ef897080a22be820a72760beb7ac82fe127d65542a5d78621f3a75ab21d4af3853de3e392ce09353a02905a093fd2e1ef09a173c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
66d370a054b39428f2dac3ae1a0167cf

SHA1
0d3c042aeff12d8b41b980fc76281efeda6257bd

SHA256
2906d24bb4620cfdb3e4b9dba0be34f157e4ecf592585da609e613f458d47d77

SHA512
d8d5353aa62328373fac73f9612a655222148e70b424ec5d5395754c4d6fed44a26aaedc0c3b2433b54590d21b14904e52cd785cb7c0449923255c97d74c28a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit