hxxp://msdiufvm2163e59c4b67124[.]licita[.]ru

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://msdiufvm2163e59c4b67124.licita.ru

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289173464420962"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 3992	436	chrome.exe	84
PID 436 wrote to memory of 3992	436	chrome.exe	84
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 3100	436	chrome.exe	85
PID 436 wrote to memory of 4568	436	chrome.exe	86
PID 436 wrote to memory of 4568	436	chrome.exe	86
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87
PID 436 wrote to memory of 1324	436	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://msdiufvm2163e59c4b67124.licita.ru
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9136f9758,0x7ff9136f9768,0x7ff9136f9778
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:2
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5320 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 --field-trial-handle=1852,i,12391983398129724771,15012280544095043367,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0f994417-814f-4e3a-8acf-bdc28378379c.tmp

Filesize
153KB

MD5
294b58a46579a3233d9a7e0d6e1cdecd

SHA1
04126a1cef5e3ce221eb31d7b196bd9b3488b465

SHA256
d63a827603383b2bb363095bbd15f1d826aec032a73bb1ff12662c024f87e481

SHA512
e61b62555938adabb976fda4a72b42b38941601b54aaef412973e66bcb4945044437935f641f1378be49e90f6cba16d83bc31f77007d0b5ab8e3d8b4ca270d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
0713b9de110754682cd289e50cc53873

SHA1
90e6792d7762118c61c86ca9cec0b30908e06c2a

SHA256
7588993d3e4a1dd102eb64e59978c7f9be03212fabad1e51bd3430250916d7dc

SHA512
47ec2c4171d676a1369a280fb9d748e9952ef2ee98a8b4a5a615739ebbc0713f40dfdba5ff44e03a6f20cbfa6eeda285ef3f82542b371762e12d82f0c2d6cfa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
27aef1e39ce57f75e745fcf8c28fa11b

SHA1
640ce65dd9025c5b7aff8254b9a88fb8810f574b

SHA256
1a6a34c266b70479e4ea47f543b32d2262d98927ef66cc7665a3996b7d639bbd

SHA512
2232a035fd9480514565fcb8b13bdf32bc349b3d1cd83d20db3c091af4c8efd08d3354496550639cc89f8bd6640f2206500ae292dbfb00eddaf312af8ae32bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93da04cfb284467b1f9a521cb9c62a22

SHA1
8362d4a4834074a73ddba93e01b1aa2067384b23

SHA256
21e89d4967a38bdec623edd1b31bfd49a1f059f572ed5ddc9b0fcda035bfe3fa

SHA512
d96a17b8a3eb43d8f1e729c841d849728713e6762e7577d8179617d317f0e371d5dc6a67ae4a460a0149702006d6aa70be7dd5b37b56c0357bb781e6214a2474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf43e57320cf14c5b11ae58dfac5965e

SHA1
8a9765594716aa343f5a94cba3b429d5de3ddfe6

SHA256
5119c43c360fc7ecc79096d3118d61b0b270a3d6d7a8311812f96dc4322de66d

SHA512
7c0f0e6855e6e2bc728f10217ba1ad2e66c9ca2bffeb51c6795363b4ccb2b720697cc273fd2488d5b98e288a8523a9d0f92146a17adb8e4a40037c28dcdb69f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2aa17011129baeb2dbc84a9d9471e203

SHA1
40b3f010e464580fd02ca273891e05a39d16eeb8

SHA256
472cce062efbd4453eed8db40cbe866d0dd8cd0f53045ca34d05346344a67b2f

SHA512
272c48d0c3de48a8aecfed8336f0f55186598c912570a501f0ee1d8123c265e577530f1ba83d89c4484186328fba00fb79f4e00b09baf4b7fdd0ab75c4aa955c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
d235852bd1803818822ede117b1b6f37

SHA1
a42abd19aeee271633bd7a10283cfb9e15bdb354

SHA256
884ac5c5cab4ca85686798a80d3715d950378503209f2f3222c04443da220879

SHA512
3d47c79056b1752340845dd08046aa1095e41ecaf8bec78ea79a124fb80b5dc61e0567321eb18d756a3cbe277db7385910c2d533759ea18fe54ce73f79b28fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
6129d5f60fa22ee7c67623ab60ca56a2

SHA1
fb00cef9ba4de303c981cf5697177e1e970f4cd8

SHA256
bd839b512f8b4de48a6d268f98c0c3e49720be146ef16a6b943841f44b905b39

SHA512
3b5f2b77196320d2606a5e3f2fe2eb4a7a0c7dd37596dcb73b569596dfe2275f54432fa201a76fbdcf202934c26d55611e5d051398f002be9cdcc87c5ce38e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
d50667bb0e28c0b5e48fc848213c6ec9

SHA1
15bc78e1f2ed2e4d564b4904135cd6ef4036f25d

SHA256
726b5173ee8704f51245a785b9a57f994e0c6e9d81f5d25dc85d2250e5a5c72d

SHA512
b5a8ac86ad88ce73c9d825e095284719747e96db4960e87ff7a23364b3b5064328f9dcbad8730e245f9b45ae0aff9760281f210531cf152f153dee9c9631498f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit