hxxp://us[.]usaday[.]biz

Analysis

max time kernel
209s
max time network
186s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
16-06-2023 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://us.usaday.biz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133314059127686139"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
4216	chrome.exe
4216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2512	2508	chrome.exe	66
PID 2508 wrote to memory of 2512	2508	chrome.exe	66
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4132	2508	chrome.exe	69
PID 2508 wrote to memory of 4836	2508	chrome.exe	68
PID 2508 wrote to memory of 4836	2508	chrome.exe	68
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70
PID 2508 wrote to memory of 3720	2508	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://us.usaday.biz
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffc968c9758,0x7ffc968c9768,0x7ffc968c9778
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1776,i,16374682302554380284,15822113465402930496,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1776,i,16374682302554380284,15822113465402930496,131072 /prefetch:2
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1776,i,16374682302554380284,15822113465402930496,131072 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2656 --field-trial-handle=1776,i,16374682302554380284,15822113465402930496,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2668 --field-trial-handle=1776,i,16374682302554380284,15822113465402930496,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4684 --field-trial-handle=1776,i,16374682302554380284,15822113465402930496,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1776,i,16374682302554380284,15822113465402930496,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1776,i,16374682302554380284,15822113465402930496,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3092 --field-trial-handle=1776,i,16374682302554380284,15822113465402930496,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=944 --field-trial-handle=1776,i,16374682302554380284,15822113465402930496,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1331b7a40d6264a760b029bd42273298

SHA1
4b58fe8c4a2f379b653a7234e40cc349fc8ef74b

SHA256
ef508484419958cc4df4498f5a81d4a5a8ea9e4ba30abccd084ad21cdae95a84

SHA512
d7f7722cb35a4eb2aedc67da8f22d4a6e91acd1c24196da6452ff91dd5904a38553c0c31782f4b81844d476db095c9fe6f540af64d6719fbf20cd7ea3277bd11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cb176673de5b1ec5743acff2eea47cfc

SHA1
79a60b3d501ee8a527b1b95badec978cdfb2f647

SHA256
4b4b50d7a6ded031fa6cde251523e2fd3f3bcd83f3c9e9739dbcce17e3e99927

SHA512
c071ddb12814a918062c3c56f62a3a32115faa0902e145c89758c6b45b28c6f04e254a6098d1d28990e8816cc467179023b8e734fe52587e8d9c4ab91c7b9421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
775B

MD5
62c20a78a2da493229d7aaea7c719657

SHA1
b3facb4b159e7cb71f5880308ef64c1f0964153f

SHA256
6530760bc18b1866f15664b5fcf1e08b2c4a000fe190c5f899617757a64ccb31

SHA512
87dc48a7172e297a0365c1532b91c7eba80f8e25767733b4609ce8fc594231d102c14b81f0ea3e6c6cbeae1655b3052339078a2da7ee9ca0cf422f5253a5ef4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
b2bc876be661a82fa95d2cd0ef629a7e

SHA1
30666e1da63fa22ecbc2ea2651109d4d9f1e2e94

SHA256
3e4c5faabb660cbf12e7a57b84d59687b83aa73cfab86516b21fff0338834248

SHA512
f7cae6ff4143a922e41fab84b7e4b31b1aaab3aff063bd663a6d8304bcc33a010c9399ba1d93bf1ad7aefd68b967511b825bbc8b4e01c371201246c9c042eefd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
abc151cf1cb64931152763cf941bf1a5

SHA1
d5ac926f5268c7563c8c6941bf66201a99b57e49

SHA256
434198f208e50b7891952af41201a119a023d2ee687daef6434069e728229832

SHA512
34cb2c36e4075aa536a070b879c8892284cc5be71332535446fbd4994ea5678b0a1315a81182aa9fce7f287350cbdc235d0dc24e181c209d8baeb62a08ab2b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
76fb89e544e4d116272f121c53cddfa6

SHA1
ae3979b6c05f8e12f67b3236f4ca04815b61886d

SHA256
453ab1e8cb91685e7bdbc96eecba0ae26b2013198204a4f386ef49a43fa24c23

SHA512
ec5d76253b035f590a1607ae0cb8d6ecb4249410c4ba26088aa8ef45a02331df393826408e957518898ecb3dcd67fe88bd072f3abd414841663e26751d0f6e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d10bd401c4c1feb1968029d2013028eb

SHA1
85589b19f609ecf39d1de933fee904f32b24eaf8

SHA256
fe08bca8072184b8b15e8c991113f50462b139586516ea42495f000474dc15bb

SHA512
9bed039a41ccebd761447bb8be976e7f7b934db04921583c4b77694ab3cd4131e9ac5a09534182d69fc38b849f338eb01c9ac33ef0e7beffee999ff28ad5d2eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
241e1de34b429b0f88495bd3770b8745

SHA1
f28632ba1fb4d41786a0962c1ab2494d330270a8

SHA256
7e73c9fe81712403399c75a21929af5d75b5368c52dbb8254b16c791bf6b9893

SHA512
00a5edf14f23f42c563547a2595bd358fbe5561686b74e30ee321fdc68aad78b49ca36e7eb7b123b7f44808b0f37a042997141408c94b54e44d97667afb70fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4443b87523f22a333bd5378f2297ea38

SHA1
30938da8b9a3b5efcf3d674d6b911c79fdb0d880

SHA256
bd899cc9cc0dcf08ae8967b45cd3e63db47cf80f4f6622340cbad1070025ec21

SHA512
d7ad586fdfd8afa3006e5cd03248614c25adad1ad22c074601a1d55ec3075162500b440db51a251ec3bf3e14fb9b9196ca0a1396244497443be4d2fa8697ebba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
c049cf8c176aa876d1369f97dd657e40

SHA1
65e16324962dcf913c738b41e99e0527a0c3ba08

SHA256
d0d0b055ab479cf065640c42e53819c871a6d1be39ddf27db29e6878c12e73f8

SHA512
b95684fb6b6559c5628845e87a98d83d2521e5c654a8df38a91b01478c70ec3a1c0f09c23ac963a2201403b548771a0b144a319f44e4d5ba7acb1d99bbcef61b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit