hxxps://russianmarket[.]gs/logs#-7031526285964528526

Analysis

max time kernel
600s
max time network
512s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
02/07/2023, 00:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://russianmarket.gs/logs#-7031526285964528526

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133327308361610643"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
4300	chrome.exe
4300	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 2188	3448	chrome.exe	86
PID 3448 wrote to memory of 2188	3448	chrome.exe	86
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 1100	3448	chrome.exe	87
PID 3448 wrote to memory of 216	3448	chrome.exe	88
PID 3448 wrote to memory of 216	3448	chrome.exe	88
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89
PID 3448 wrote to memory of 5056	3448	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://russianmarket.gs/logs#-7031526285964528526
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4c589758,0x7ffe4c589768,0x7ffe4c589778
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:2
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4596 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4512 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4556 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=748 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2668 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1032 --field-trial-handle=1820,i,4756844305927497128,15575399489218632667,131072 /prefetch:1
  2⤵
  PID:1224

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1473323fc7c9ff477cb856f7bf861616

SHA1
883d8f4a8be1dd6579d8eaf6a056cae8c41e0c03

SHA256
2e640975a9c31496261ba0744cd053398fe3bc0247fe81b46c99dbf6ff9fd7f6

SHA512
dfd5f86c8bec8085714df82f97e140599f047b255447ea1b72614dda07341f0e54f51c4f2f4bc21ec0c50e199a1e027d5b9c4b34513b916a778ec38ed4a7882f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
def9f2eaa10c20217c3cbb2e1a91895b

SHA1
0eba9a2e1b0deae3d54d9252c39863eebbeaa604

SHA256
20ccc20c38037ced956bd976dc4e2bbfb7cc1680358598f7026b6f1f37eed8c8

SHA512
350eb6e9793de329260657c96187d8b6bc70344da78d192d0d4596442bd6b64c2084763e59d2b61972ee40696ee9bb011d61261e5f19bcbec37a8e0c15156ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6a43ad742fa82cc5fc39d96ff9e97a3d

SHA1
93be80a1dd9d1e23ef9965fa2b18a3b6a98f3385

SHA256
02d091d6b0ab4778e1a413e9f97f8d924ac51114c83a1a9eb32c07bafc508ca9

SHA512
fbdaead01ea1a3c1b8d0488a8f31935c8b5872b3ff9d1d50eeb9036a005a104e7d03b4804aa7bea23322cffbb0e6811be18d9f65854e9d202fb9763b6748d58f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b532965bd61e8765d3c49c905a30e5b7

SHA1
224507cbe735ece0f4b11af483a5bd33b7bf873b

SHA256
7865e27e24928ba0f252db4e7daa2eda74d879be0bcfb568ceaed5f7f6212a7f

SHA512
2769c0e05d72369a30b9542c82ce2de907aee8cba17a3b317c8950111210859cc39d243417f9cec08695a0543b094768e9e07bf69c781a8f2110e28cdd7a85fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
8766cc4d7236c309b3f5f7705e3d90ea

SHA1
acb0605d2d847bea59cb6b5913bedf22b8aa35cb

SHA256
592a2796171fc0f1b33422026ba811f2941b9958194c770282ebc145efa662b0

SHA512
0d592b817bd8b70506712695b6560cda1cd115ae575aaf17b56fc7f48c432b69bd97c704ca1fa26247f66250f1556681d782698de24dd21baa47ae1517452548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit