hxxp://www[.]microsoft[.]com/pkiops/docs/primarycps[.]htm0@+042 | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2023 13:09

Sharing

Report Analysis Logs

General

Target

http://www.microsoft.com/pkiops/docs/primarycps.htm0@+042

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133409849763770222"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
3760	chrome.exe
3760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 2876	4676	chrome.exe	82
PID 4676 wrote to memory of 2876	4676	chrome.exe	82
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 1728	4676	chrome.exe	84
PID 4676 wrote to memory of 2196	4676	chrome.exe	85
PID 4676 wrote to memory of 2196	4676	chrome.exe	85
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86
PID 4676 wrote to memory of 996	4676	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.microsoft.com/pkiops/docs/primarycps.htm0@+042
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff79119758,0x7fff79119768,0x7fff79119778
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1980,i,3592708568950709769,9874460908970835252,131072 /prefetch:2
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1980,i,3592708568950709769,9874460908970835252,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1980,i,3592708568950709769,9874460908970835252,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1980,i,3592708568950709769,9874460908970835252,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1980,i,3592708568950709769,9874460908970835252,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1980,i,3592708568950709769,9874460908970835252,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1980,i,3592708568950709769,9874460908970835252,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1980,i,3592708568950709769,9874460908970835252,131072 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1980,i,3592708568950709769,9874460908970835252,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1980,i,3592708568950709769,9874460908970835252,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b983962f34a9ef373ad10cdc37e44088

SHA1
8f33578ddd0fd3cde0ae8a69d859615a0bffbbd3

SHA256
fa88bbdff617eefd34554bf04cc8ccfd5202bc5d8647feb5feaad3f9d60f14a4

SHA512
3beae65318f41168a45b7add43418a431d8b2243d765e5b179a41e43a8c9604540a72d0e755ad3b9b534c8d724ad72ae35998f3f9b9661285a4863b918ce418b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8e7b2a9644ac680801fcadff8726fa10

SHA1
ae0651fd2dd916f1cfe7b26046efda5e97d3d64f

SHA256
a4824eb05407bd9893440aa3d10a26988418517c02a6434f0ef71e04b1c6ff71

SHA512
ad34b211c0d5cccc7b8272f5df97ff9dc4ab10a31f80bc2a1b90729b7f8c4860397e31a0e8ed1d161ed5962e6c612a10e86d595c6e3f93b3d16ee11ea3da8780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
737bf1a2e337c5d10199ab15907cdeab

SHA1
13ab980a6b64b46016630a047b8264af410f9e50

SHA256
ee9257143c2507c7c2d9c69466a8f0b59958d751ebcd4a43afff73fea5039b30

SHA512
e810ae65f39c2c709e80d0b022d54062c272ec53d07f9710c4c2fd9037852d0bd05e6865c2d0efe09cfe1757e9c217b3828d92af019cf7d38ebc85deb671ec3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
68597afd7d7f7d58565ffab2d71176eb

SHA1
3b545d06f87e6a86c63059ba73a7d7e924495c5a

SHA256
88a112b5b09a5047400c562e968034a918cd6c850bb25048cf6994e0d620f14f

SHA512
e3764a61df334188d889d40fd8526b2b2a4c8676b8ca4e239ce9f7c958950b5081409647f3018c04d532d4846a05c75d504bf1192aa3a9db928af19a9d7a9887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5f126787a4ab4df2c1da7048c39fd0dd

SHA1
e3fa35a929e91f135e8f86c7f5152017e76c57a7

SHA256
21a5ec0f58944c470de7517e3e79c406111cad54ecf4e27e562587337d967455

SHA512
790c32f746e885045e6b9feb7e94a7d9eb698ef8ba6e1f0857f707ec98aed68294c5f7e9aa3b0dd9a645bbf78dbe5ff163112e0b2a02af414c456114c5b5e3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ba8393793a6e4352a9160f086b68b1db

SHA1
459e9151514a83241edaf1907ade072e4a472581

SHA256
0d2b74bd93cd691deea4a19a29752e13286896a211cac6944779ef0aa3b4c7ec

SHA512
01f724c1d147e6513e3378bcda356bd31b70746e48a3b32fda0027b8cce34dec34b845d2047af85e984ccd6e5b34266ecd87bbebefe61fd12d72a77f63902a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
f19f667eabadbb1ad3e2324a878eeecf

SHA1
60c40d74d7e651acc52d0dc9e361b845eae1cefe

SHA256
913b4ceee8e4447695d01e09953bc802af959a3eede77549ce3b2e452d02af3f

SHA512
0219fb8af2eed20527f07b06f925791042daf630df5a2fdd5ee2bd0a3697760e854810540607704d268e8013640383d250f26c7d4f0c06bfbab01aaf19577763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
21cca9183b0ece9566c406a281aa53b0

SHA1
a595a93249b869a1002cc92748714cf68e4826a2

SHA256
66d520c1414628f70773820928cb866fa5b4156e189c2b99eb627ccb75cf2972

SHA512
3adb92a9ef16caafc517ad01fbf8ab2b4afd1bc8ebec9157855b504ce917e89e95343a1536319442e6541664509a7e29b4d0cec37500ed0090c845118475d794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
4afa8733179715a0a7185f0d66d7c8ac

SHA1
6a985acaf4d1807152d053f6f7524c704e2ed2f3

SHA256
f369fc96a3eea508e08b203c1eb5dd4809b4ef355078c766d64cc92f342bb7b7

SHA512
f0d1fd2f62a527f029e506de8b241b016959802c9650003104802e72615ae8c6ac98a5766c34f64e19528d067e7e2202d5d853bd938ae7d6c7fdbfe999aa0d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
27385cac7dbbc57a751ec5730c51410b

SHA1
a3e6cf9aef283c015d4a1b6ec9a11c1a0ac64941

SHA256
df3a660fac838ec4dc3cd1673eb0f37227e6229fff17be515aa47a763397f404

SHA512
ad25f3e2fccbe1507d2b80258733e41aa56904611451965edda2f724db37b174670203148e50f584640b29bb62f65af3da8dd6b033b94e3a092d8d381c007c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
ac103fed2c4c8c32465e4181718af1cb

SHA1
df3065d7aa24da83fbcf08849eaece80275cbb3f

SHA256
d0d5f0a341ec3e815ae531532d80b4cddd69a8775e2b71cbb5a47059fefdcc77

SHA512
bd689e1d2ab0fd55ee1ae52a18e205f1bda58897840bac4f459f6599f8e499f4417131fe2f8e3d653d16840c0490c0d34174be12d6d18b140e47007f11d474c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit