hxxp://desktop-assistant-sub[.]osp[.]opera[.]software

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2023 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://desktop-assistant-sub.osp.opera.software

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133267531615185809"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 2696	4824	chrome.exe	83
PID 4824 wrote to memory of 2696	4824	chrome.exe	83
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 5040	4824	chrome.exe	84
PID 4824 wrote to memory of 2548	4824	chrome.exe	85
PID 4824 wrote to memory of 2548	4824	chrome.exe	85
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86
PID 4824 wrote to memory of 2728	4824	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://desktop-assistant-sub.osp.opera.software
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36c49758,0x7ffb36c49768,0x7ffb36c49778
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:2
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3972 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3348 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4832 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4480 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1816,i,8179202479463080165,10031522020994413871,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3432

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\92f5152d-7cc8-4471-81ad-a217ba2b17a1.tmp

Filesize
15KB

MD5
c2ed197c04e0320cb67dd7f614a129a5

SHA1
59e4af97a7da809ce32928a4a0810c50333854cd

SHA256
4fd005237b3b6951135b8a8724de0e938a447f6bb5e48588cd21c4215ace7d55

SHA512
92971f099f2900ba88f70fea50e45f257ce8ed888a9c6b94691f4f367373d8925a05db9301a72010e9c8e6f089a4cb58aebdbec0b4effd464529be2a066c80b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
882B

MD5
def358762a3db9ac0f54eb6f49cbbd9c

SHA1
0bbf4fe7c04fa615f701ea731cc3ec00dfaf66bf

SHA256
8c6a47a7317d5ae5522c430eb59525c985136b2e8ec86a8e50258187db5400bb

SHA512
4b0ecf30c38a3f1f94fc80dc6925fb18dbbae346e16653cbf7523f01485d678c74ed9669c56b37c94b40199d803731dd27939010e4621768e3c33a40c93b8506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b11df886bb840371e73b6349492cbb0d

SHA1
6df71359af382c0a86b7d661a41b121c53eeb5d9

SHA256
a06ce606d8e0722473fd3c567a34148256250c33ee9a2bd474ef31cee3a124ef

SHA512
6b052463738687c62b642813a7cb6c87657c5499e4e7135962844492094f97f08ba41ce910458309a24de556ce9224be222bdac548dfb07452bc2650c68ab096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2f6534a557e6ca0fd09b2ce26b13cb17

SHA1
96036b7644d156f79f7756a3e05c513a5168f42e

SHA256
780c40beae65abd7aec285353e12a1f2a604daa4a29443a15d47b700ddc9732f

SHA512
7bf31d5936bd8994793d94909acea4ff3fe987e89fe6c1628d5bbe617ab0d736cb98d82ce23894a548700c5bea618d7c33542fa541a918d246d87cfddf4533ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
1d01fd2fe05efc64a9d90d55534cedb6

SHA1
d25d733231e5e102d41e9ed80096b2dc2d408cf5

SHA256
fee4675bb5234d7b1bc593ea4e47d747c85d7aa71da450fa44f0734a8529d63b

SHA512
a9f93a51e8e03eff2fed82bcbb7586ff59db019765ad41dd11c0bd005d3d6055af5d2772ef4bec557d502976600d74c5073745c9a0ccd659da810597f60055aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
08acd3c6f712e3619770d9b1cb5a97bc

SHA1
cb13a1e29cf56e8d1076fbb4fa8df50a6874ba7e

SHA256
8d830175797ac138e8bb9b085b0445d4602b8c1b40729234ee987a32aefbe44a

SHA512
bdd7fc2263fb9152b4063a20cb22a11c11e87e2ae001aed4626902f3d9da5f4b45aaad87be82cd3753474ca73ed8f6ebb80d7cd39d174de23232b128a36e05a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
3b94f53991307425df88db5086ecd67b

SHA1
c67d62821416c9b48ce4788fa7c8ed96e56faa15

SHA256
81f761d57802be84d8453ce080ded0e2c1d8e055dd73028cff6bbdd709875782

SHA512
9c0d70595ad43d1e9199cbb5f022b6507e020af51375231fcb8b52a25e0bef1ea895e704df76c07f62346ab5222941b2d1c3c2fb89e54e2b78ba693833f6d28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
d0ad9ae40d9e86c1172d14174cd4bc2c

SHA1
f8629db77f5872392062fdd36392ab024ca1659a

SHA256
3dc65e2a350368bf946f77a3c0f709ca591fc2853da2b7ce8473a46614ec1fac

SHA512
08208e84306dbe8ad5cd1d0a50ed51c1ce368679367aff0c55b39cff9ffa8943954acc2b8a567a31dc6a80af748d9c0471fb75e99a96998e1afb007c67c78bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit