hxxp://santas[.]christmas

Analysis

max time kernel
600s
max time network
583s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://santas.christmas

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 60	2896	chrome.exe	53
PID 2896 wrote to memory of 60	2896	chrome.exe	53
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 1500	2896	chrome.exe	87
PID 2896 wrote to memory of 3556	2896	chrome.exe	89
PID 2896 wrote to memory of 3556	2896	chrome.exe	89
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88
PID 2896 wrote to memory of 2596	2896	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://santas.christmas
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe45b09758,0x7ffe45b09768,0x7ffe45b09778
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,10252906740184714184,8742589609534196200,131072 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1876,i,10252906740184714184,8742589609534196200,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,10252906740184714184,8742589609534196200,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1876,i,10252906740184714184,8742589609534196200,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1876,i,10252906740184714184,8742589609534196200,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4848 --field-trial-handle=1876,i,10252906740184714184,8742589609534196200,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1876,i,10252906740184714184,8742589609534196200,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1876,i,10252906740184714184,8742589609534196200,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 --field-trial-handle=1876,i,10252906740184714184,8742589609534196200,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
b52cd21a599c5fdf082cb11d17998e77

SHA1
ec2a7d08d364e362bfd5493074ae90871b77047d

SHA256
0473ee4d1ddd651d95819a0f13571eee5774b54f166c9a4e28c8514851515ea7

SHA512
4976abc546803f4e32c25bdc455327ac3439853c3020d2cea371b1bb677452a91f6c11c542847f56b7b2093129c0ea34c1632462919588f6d6ec64ff9197269b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
311c3082819fca6fca5fb8b4350132df

SHA1
156ab424d60fc14bc63f5ecefee8970c866c2690

SHA256
beff2f9854a8525cf4c9d133f7e9a1f736ec4f69b28fc1216851b7210b517dd1

SHA512
8cdd07644081c687d96f46044103001ebaaf5ef74f6c9882c9f8a3de7eb5b6ee999b5c9994abb9124da58045a3ff2d7199d9bde11d23183cfb822844d5259edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
273f156bb9565992a624dc832399b85e

SHA1
eb120e0d51e81e6b1fb5688764790dda5e177fd2

SHA256
f9a829fbc8e066bd8f3a8df64238431fd202c5a94fdba373adfbd247e7851fa4

SHA512
0724d90773a9134c7f5221cde1480157bacde1a6030d065f4a795e462e076bea583709746e47e358e0002a15425bfdf5532cf5d4a4ccc1f52185b4d3872ad67e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cb1b42dc94b011aff4526f425bc0be8a

SHA1
0b9ef6655a63cd756e78ddb6c3555a5f8b803d13

SHA256
f321382135acb1ca82359d323615e6b2388462c3747436fe5f384a04073b815c

SHA512
6af7f91af4063a2d3c068b58230ea25e6bbca7a7c836fef22349f123da47a24cb78e414a1f6252b877512c73d91d187314227952a19654c50e831d998a45ed1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
20a84a76fe3f879b3633061b2f7c0f3e

SHA1
3cffdf47126cff99cf4854376fd5294c6a5e46cb

SHA256
46b445fea81d38637a195ad2c6fe0c0afd62bb80a42d776efb0a93d669769927

SHA512
bb9c4bba851de80578ddf7aa44510b815440df4db3de6284d30680600c3e91730b12005a8e94df7c63cbd414f688722888313b2637a3c1253e8f13e2edefc37f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e132decbb11b9d888bca9a63115bdd6a

SHA1
373538e8551b65d7452b016f4d22ba801a3c8f04

SHA256
26540a07e8ffe990a20c8c97f3a60b15ccf3232f414b77a6fcce479049595c06

SHA512
5a31405067e1a693f56c33d1f0b2933ab43f7a144a7b8048252a8715ef7954d8e87cbbb4b6286e2ceea45df373b2b91996ccda99ebf088470374023eef244ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1050d4f6f8f940a009b6fc672267112d

SHA1
00fd964e9787df5d051d04428482302ac5cbe17e

SHA256
3c161ca4d612cc88e28d4b92ded2e8b212a682a72e0b2829039d19b968cb3a72

SHA512
cabce07a7e74bcee23086b21612739b32de95a56a72c911b10f55d2ef5521e7e09f61771faaf5ec8e1fb757a624998e749ff80ee85e5769ca4901783fa70a3f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
74e0d46fbd08f50a57d9fc8ba44a237c

SHA1
c7309fbece6fea709d32abfbbeb8d49f7de9e5ed

SHA256
4b1f8464cba1484f227a050871e981ef28130134438af94c01214afa1661c77f

SHA512
5c60e741dff08c052c846c8833656bd7e1da88154116d96e3006faa3840c24eddfff9e99c05ad9554afee97a469f720a5f7165abf2b55565bcce6786bbc21f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
50a45ccf09bc1c048fd18a8a56d0f196

SHA1
1fc1b9ece7ab47de1bb10a36b9dcde617dc93b29

SHA256
0c20521fb76bdb34033e778bc6d3aedae9045713d5b5a0ecce690b2438e27074

SHA512
91d944914e03b209b2f8544e8f1a8dd5ce106a3b6ee8b191ca563ee51102bbf4593f483a34f110b936f4de6b87f42682bac2040d38a22b41bfc5cc90e18e84b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c376117e04d76f9ab224c93405d88bb9

SHA1
814daa00eeaaf906976e0d34cd390f724797b676

SHA256
4b409ddda3843e92d7ba42a1afff4a7f0a7c9c5d5c63d45266e1f3ba667d1c14

SHA512
8b844aa5fbf5c8bc11639c1477f21514c2f3182d9974142473ddccf33a66f099e9256ae75e0cced6e86b2a0e36f835db0d8287964561ba7f1b390c252cc7b387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
811335c084caf4e435ae7e3374715b55

SHA1
2934f84b7ea1222fdfc76ccc95705d4344cd6e67

SHA256
d21b5d6132fbb8e37f3cef39de00aa690e767b69b1a024bc57cc6b5d2aa3d7dd

SHA512
971c80987acd3f228f4d8161adb8cdeae5c48ce970563e4244c9e3291a936096a3128f5fcaa0b0de26f9d89857c058960e76f8bfb72be6ccfe46963ceaeda5f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit