hxxps://lol[.]zip/

Resubmissions

16/05/2023, 20:56

230516-zq4aqsce86 1

16/05/2023, 20:55

230516-zqq1eabf7z 1

16/05/2023, 20:51

230516-znevcsbf61 1

Analysis

max time kernel
1799s
max time network
1687s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
16/05/2023, 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lol.zip/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133287513863565140"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
944	chrome.exe
944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2136	2624	chrome.exe	66
PID 2624 wrote to memory of 2136	2624	chrome.exe	66
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2052	2624	chrome.exe	69
PID 2624 wrote to memory of 2604	2624	chrome.exe	68
PID 2624 wrote to memory of 2604	2624	chrome.exe	68
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70
PID 2624 wrote to memory of 4452	2624	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://lol.zip/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcb8829758,0x7ffcb8829768,0x7ffcb8829778
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1640,i,14815227692332183580,3409845982959434824,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1640,i,14815227692332183580,3409845982959434824,131072 /prefetch:2
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 --field-trial-handle=1640,i,14815227692332183580,3409845982959434824,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1640,i,14815227692332183580,3409845982959434824,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1640,i,14815227692332183580,3409845982959434824,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1640,i,14815227692332183580,3409845982959434824,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1640,i,14815227692332183580,3409845982959434824,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1640,i,14815227692332183580,3409845982959434824,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4612 --field-trial-handle=1640,i,14815227692332183580,3409845982959434824,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4452 --field-trial-handle=1640,i,14815227692332183580,3409845982959434824,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:944

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4136

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6571fb9c411f6d760756ee6d604a9c11

SHA1
537348506e64dd0e475d91ee7bea02f1c32758a2

SHA256
c15d14544d0efd74486c35365381013101c49e2b14e97b74c50279c7e3c0b64b

SHA512
c7c0f83e4dcb4c5750003a07041f13a644e054d4a23b74495081da87ed7cca140e8208aa1a5199bcac46c266b5284cb0cf6675d0f7919565697e8c166d6df3a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
871B

MD5
12319f2d9a81ce20ec2495aefb7aa824

SHA1
ab7f34f7a8c18a34436be19d7e5b51b23ba59b85

SHA256
aa3fa570da5816c5ca34ce4982719cea9730d2f4a3f7577d2dbda7a3b7f6aabf

SHA512
626a46901f5d95b81e78d2e95d519340fa8a675f7a163ed619782d3859bd01de50ab27b493e06ac0616be7c8881027363713ac012626c68117fdfb19a499a13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b3685ca69b36547528a4926203ee9aba

SHA1
e9e2811b9745efeae51d88cae9a83c8462284c65

SHA256
c6c2907a53356c98fc8486b4ea0f8d61cfc61eb932b00e4545f616a92ed44bbb

SHA512
e24d82b007e834659a2c16c47f17ccf09bc11713697082deba629155302c0297f1473ccba46783f4a4fd4658b632f666738c3e206634c715604795a8eb5f639d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9ce49271712f7dd6c5b8b3c5c631425f

SHA1
eb8b1aacd47dba354d793eb2f1c3e4a9b9224abd

SHA256
cf501b2d0f0737982c4ad0afad91fc275fb32aeceff5a2fb90872d26f0365215

SHA512
4bf12a6434cbf879fb19b1dbbcb10ef24cb57abedaa20df6737dc19fc22d886b4fcf6cbd9ab13990e5f9a2d8fe43dc873422e1d5754c598803b1e83aef14a52e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8b9fdbbbb8d3d804d2a03c7e5c73af6e

SHA1
8f2387031f7c291ebd19f2f0bb5c5d74d009c799

SHA256
54a8c3f5f89c5c58a533eb4fe2412acccc7fa5948020d97bc5549ef9d4faaff8

SHA512
f1458323d638de382600d8036b01bbb1160f3d13fa16ddf16c8f89e90e6fb7570540dd71314cb40eb8537ede5864c0251792d2bddcf0c554b71ad6efc085a3cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
41a2369a0dff7a903505c80e44c1c2cd

SHA1
c8cafbe563c5b66495fe0a878ca04331b95995d5

SHA256
a0bb494c24f91de66b88404599dbcb2518e776cd6c6fb2d4fc2b3a96f6a71d6a

SHA512
c596cf84fa035cf03a12f6819e233d667305f3d5dc747595bf24f2957655f438e52f76005ed2597c09a5879c4eefd348fbf4fb9363efbed31a2fc43e5112bd94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
40df822829826b780a58ca6287f40d1c

SHA1
79fb0f7498f4af0fe0e01a0d0201b2708a48d468

SHA256
6673fcb3720bfc885c8289d6508f7e9508fdd9511fae1811ef394ad470e5cdab

SHA512
9cb9ef6e3e78e86780b7cf5d49777a4153ce1b0da4ac4821020c9cf62d7c7f6f62a363eded6582b2645655f690cd33c9a64fef9331bad5713b5c08917d3eaaa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
5bdc938590bf1ddc9ac0604f637bfddb

SHA1
0cf05533ac79808b4073b9fa109bf69d55236d91

SHA256
20030e847f1e5486e6faae4224d29239513bb2d2aa0a86fb68b9809c71593f78

SHA512
0d1d1ca4f300c60c36db250bea0be34c9c0963e0e4a9474d6983c458f6646857fed0cfdfee6ff6756f8728fba136785a6fe0a9b83fb5ee7e717436c49be72262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit