hxxp://tfggt[.]com

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-es
resource tags

arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
13/11/2023, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tfggt.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133443592743794219"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2688	chrome.exe
2688	chrome.exe
996	chrome.exe
996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 1444	2688	chrome.exe	57
PID 2688 wrote to memory of 1444	2688	chrome.exe	57
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 1848	2688	chrome.exe	93
PID 2688 wrote to memory of 4492	2688	chrome.exe	89
PID 2688 wrote to memory of 4492	2688	chrome.exe	89
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88
PID 2688 wrote to memory of 912	2688	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tfggt.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae39d9758,0x7ffae39d9768,0x7ffae39d9778
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1904,i,5011995140529004446,1384026747339938699,131072 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1904,i,5011995140529004446,1384026747339938699,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1904,i,5011995140529004446,1384026747339938699,131072 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1904,i,5011995140529004446,1384026747339938699,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1904,i,5011995140529004446,1384026747339938699,131072 /prefetch:2
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4964 --field-trial-handle=1904,i,5011995140529004446,1384026747339938699,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1904,i,5011995140529004446,1384026747339938699,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1904,i,5011995140529004446,1384026747339938699,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2532 --field-trial-handle=1904,i,5011995140529004446,1384026747339938699,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
4d72c57077a6b347a96f2259552690fb

SHA1
b318324045393adda61a8a2bb3975d4a2c78d537

SHA256
0c3a739e9724485139c5edd00ade66a84c2048eb542649fe3bdf7ad0044b900b

SHA512
9f17bbf9efd2e75a84a3f3a95c0056b462863cea823c7818876dcb600ead8320c8605df5e90c46dce02719a46253e1eae14700dd6d478e62cf7acf1ee1561c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
4989e3b6b9aa735a41df4ddb24c89fe8

SHA1
5227c70d2402cda746f16af497c4773470841e72

SHA256
1846da8914985a41234996346f855a5d0f38fb1e06b4c0677b42b5b8f9cb7d9a

SHA512
c80950ba42e3d92e43a3a76f2e12774a9595e7e505148a40c93af0c59c05848af9c4bec414ea2044fc8f4e8a4ff6a2271ddaa89feb40172e0347e9240622e84c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
40dfa468c9b0d7ca83a33a2114a9b13f

SHA1
c8b45b257715ed2219b4c49560f71cb4cd0547ea

SHA256
c6b0889a4ced1b7ef26848833fed0ce8f0fdd85eff9e9e406932f6300159e3f7

SHA512
9acaa8861bb7211f9de06e64ce160f1a0e85da4109a5aa11a454c9d8c75a4940838b4964f1aae2493d883f437073039d9c00be533cf5ccced2941179206324a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6fecc7ae3badb83de30429311930bece

SHA1
5644812a1b4a2f9d9cb462273a265f4ea5fa1c7b

SHA256
e8eb0028a8f383975561df4631e5b3ded67840e722037291ab19c4036e16a375

SHA512
98289a45d692ade235ad745900e54da30de0e91a62d14f170f95578a6dd9b503c59b803fe3d30bcf066afc421144e71ef316073df4f58b29d221efc8c7637153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
62944258bec7521bbcd46f6ecd49c327

SHA1
983d36877f43d853f97caf17682c27276544b4ed

SHA256
7bbd3a0aacd594806db1b22673cd272c097bbc2cc46fdefc32528bc033bdc71f

SHA512
c9e31f22f0e81b31dd953313770dc587c25b6f4b96b277520e0332305bbf70e4cfc37e3fc1f503be9468800c2bf7500a6673692cabe5d50dfed784bfafb16b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4479489b91a00acd14519d826258a73b

SHA1
f4ac66a04c2527fa87d347c52ea81dd955c24182

SHA256
616ed6194e814631d3e11877cc26011670e260e70b2160be2b3cb4a00b5bf42d

SHA512
2299840bef7c6a7652fcffaebf33e168773bc59c59010712e4c61874e3ad6b41ac8bb825fbf5adcf51713bd14ae2f82bd8164c190036060b8fe1ff666229fe3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd68d5383eb69c1a8e994b4f0687bff4

SHA1
605c112ebd545c246518a1865f2fdb7428885176

SHA256
30ea0c16f3a4232380c63db87a1d156de0660394ad4f3bc930d934290af046c8

SHA512
e0fb4ef8ed6394852b5b76542886d2f5a65dcc3a77f03698e46db7f85f4ac8febcca0fde03cdd77d425db029f0c8b9b8a365045bc1fff4ecfabb1dcc5964133a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d974b52d8c27d9ebe3b18e6db9781965

SHA1
8ea8c217b24f60de5b1ce47e0955fdef2424db69

SHA256
7061d4aea192dc70bb6d0e8391542dbaaf3df05c3f3dd5c048cd2ed2fce884f3

SHA512
3e42569f030140ba214c00b1e25c483a07414bf1049da00bdff71e283a51b7256a9df27281b382b7e70b875e1631d8f45e7b7605408cfbf8fbdc5dac2f94e898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9e4472fb049ab3ead7f75b82bbd6f1de

SHA1
ba5d06cbdd8e5d80798fe58cb1b41b5c7afa7a6f

SHA256
27fb478df4bda1b42fa7f8ef9ac28fab16e55933e86b8533a646480a8bac9b16

SHA512
ea7987a0c3bf34aa8ab41086e6aa149b8449ad415d2f8da403c487d432307d2395b4243ca798bf94f311fa9bb133e39b4be97d8107f11ac8947bc319ab97a208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5214f3d50f84ae53faa6d9b23e9130c4

SHA1
d1a18995b7b4c9bc0c65f662a862ae1e496a3cb7

SHA256
06444ca5b08875980318e607169676249853f5e13023e31a55e286ee1dc01d94

SHA512
7a5aafa16c0739ab8d5ef2339dfe937b5a58c28ee2ec9c2f0f0986c4423911982d349ff641f981899c26cb2c3dd9a1b84e3c674bc00e2a6de954f392472a56da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
931f84bbba1c6c447d2896bd269f12d4

SHA1
e1e062825442c615f8f941d39daab6ec0d1b099d

SHA256
96e70f23d6ac16b096428a6d1e368ce3675929a609c2b8b91e52dec566f6a402

SHA512
24d8faa6f0167d6b366a0d4d87318b07b56a6acca0c0a12a6f866a8de4f44220cc8c6d022cb6b00acb97292a2f72c9df542159b986ef2e46d29b423dfc62ef92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit