hxxp://27[.]131[.]49[.]3

Analysis

max time kernel
1800s
max time network
1691s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2023 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://27.131.49.3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133407756467979312"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
3248	chrome.exe
3248	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 4380	2092	chrome.exe	42
PID 2092 wrote to memory of 4380	2092	chrome.exe	42
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 2944	2092	chrome.exe	85
PID 2092 wrote to memory of 4584	2092	chrome.exe	87
PID 2092 wrote to memory of 4584	2092	chrome.exe	87
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86
PID 2092 wrote to memory of 1432	2092	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://27.131.49.3
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ead29758,0x7ff9ead29768,0x7ff9ead29778
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:2
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1852 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4940 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3696 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3052 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1748,i,6300442218496389663,1792172643860065059,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c07d29fb3af2aab4f7ad69d65c029d4a

SHA1
af899dd156673eee95f5dbfb42a014f88e424885

SHA256
43dd1b0e20eaa85f6915885c0bf74c3e3c881e12f6925581eeb03785aff0caf8

SHA512
dad407eaea0c04777c3030af651b6ac30b8d701e011959d66f9e36dae3e576fecd1578a2812c42377db82ecb70e12c647c0fd98ab67a2f242e9c47caa1f32be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9284d8388ec35186254ff2e80923568f

SHA1
234210a51b1a54d128d988df14b6735cc80b8397

SHA256
5cdf84520d580c395888128fd68fdf41902693c89651d59bc42a4d90242e7852

SHA512
6aa720a381399847b84b0b0cbd4ae1b6c7ef70268e8f6308575e55654263bbcbbdd59e4ef309318679b210b1b6aa48faba0d7ac4d4422221433be808fd0de824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6c5665ca23145ea7c4cd7aa689a93f57

SHA1
2b57d305e0b7510368ea8938e3f8e788e54a40a8

SHA256
57791e4312d801b0505175baf1d7a2fd392e07db03f3ca0a42a8b04b4c8060fe

SHA512
9cb0b67c83d49334baf45985d4cfc79cc0dd7fe2b20953bab7f909e235ed1aada6e95e15ff734dff935edbbedb8be42b806da43ab88a821d4573286d3cfc1821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
27148d1622784810d88f0f943aa6139a

SHA1
5b1333e605b7b197409b89970c388cd18b2f3e28

SHA256
e1cb8074c477efecf0036f29a92c3fa7f46894908bc76d85271d2aa9d05c920f

SHA512
5ccf11ee7436c1aff6906ab0f457245bca5fceae4221fe341eb8fab630bc19495491611957b8375a9ac73dff407362ab38fdacf253ede516c3e73d7521d67b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
f088e7b3818a89e027278a6b4ce1e670

SHA1
2e3c58343f898aeedbefdacf4033b430de8b679e

SHA256
c91afa05227d4611c2f068031e7ada723e550abe2a7e259df35009a3851597ad

SHA512
dd6973acc099d8307ed86f52ec22173f8b861b4eaabada28d032312d59d400f08a5219f061978bb2f39e0f0b7a7057e19eda276949eab0a394766a54fc681157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
a8925ece8e4f62d7f969e3a9633def06

SHA1
0c1e8b5e0d5fec95f0083aabbb62f872d6965631

SHA256
878a74385a61c6252fd41e40d64c4dcda9140a48a275f69749b7b9417803558a

SHA512
bcff5584bec5f04f461809119bf50188500b1c43b51c3fea0a02ebb721c70a318a3f5075b457943f2bceeee7b4740ab21faa4333b7edf9a637d134c9e73ecedd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
268cee0907721d43f911706632ca480b

SHA1
288a01f78c267dd72957ca12433a2b96169e1e57

SHA256
f3129efac962b18e4a9efff1acb73a32497fabce6437254ffae441c3f131c5f2

SHA512
96f08b9c8b0ba92d832d92c61ac5697a4ff34e092075686bd49496af5a3b7fd7336da3447f99206f30899b74431b65dcf565b773bff1f6bd822e6878012cad08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
121dd0fa0c5f567ebd1c0285d4f33c90

SHA1
49a3004847352f3c459d751037389ceef9036efe

SHA256
2907a3c1608e1e410136912e3a0789636d1ae830228f134f8c80d0bb6176898a

SHA512
3b4daf322c15183cdc26d30f0638cf4ca8eebbc72912885b5b08cbbd0d292685f7754b5dbb74dd967c7680f737c5d593f96da7749eea97dc317256b07443910d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
269759fe947c3251f9572819c05ecd88

SHA1
7bd8a7285fe3f8369c6adfe0d20b70fa40119e89

SHA256
6e9302d144eee8e1f3983a6776d91fd10ed3b750239803f70fdeea21afaef93e

SHA512
7376fdf4c3100d455e6efdf151ef301d6ef6c50e87708b37a83c087e231da61fb997035c56ebc5bdbecd60f92bf4f318ef33931f47ceb2fb253f0d1980e1787f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit