hxxps://manulife[.]nucuw[.]rest/?56=4Yotx4dHJpc3Rhbl9zbWl0aEBtYW51bGlmZS5jb20=

Resubmissions

02/01/2024, 14:56

240102-sbfgssaef9 1

Analysis

max time kernel
172s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/01/2024, 14:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://manulife.nucuw.rest/?56=4Yotx4dHJpc3Rhbl9zbWl0aEBtYW51bGlmZS5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133486811294867080"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
4640	chrome.exe
4640	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 3592	5068	chrome.exe	59
PID 5068 wrote to memory of 3592	5068	chrome.exe	59
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 1676	5068	chrome.exe	91
PID 5068 wrote to memory of 4104	5068	chrome.exe	92
PID 5068 wrote to memory of 4104	5068	chrome.exe	92
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93
PID 5068 wrote to memory of 4016	5068	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://manulife.nucuw.rest/?56=4Yotx4dHJpc3Rhbl9zbWl0aEBtYW51bGlmZS5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xa4,0x108,0x7ffb79159758,0x7ffb79159768,0x7ffb79159778
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5116 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3084 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5384 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5616 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5716 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5648 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5252 --field-trial-handle=1880,i,17499961983408922187,16891217515978047060,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
2de0bbd03d0e09cfa33a46044982a403

SHA1
d860d907494913cac15723744cd5ffb9b273236d

SHA256
ca1a744dc69712da68a260374ed2e3b6890d4c1101b69b9863ade9fe873f4f10

SHA512
5e972406e18b805ba12b9bdada62cb4b9f59e2585a85c4f4e05ca711f1ce62f7ae0ab344bd478ab23d96141cbdc48a020f82cc6e51850f7711343ba663cc3b15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6821498f378cd815c9b7ac0df2ad63fb

SHA1
c62a9c75390216af8efb2eeb95e8a8b203d85b43

SHA256
cf8e3af288b6c0d80c7c48ec93c6caedfdb93661c1e54c6760d1e4a69826bbab

SHA512
f843db4522277b35f3f37f348b08e3852440166193589ff8611580c11075cbd04ca94daa4341b42f8f3a0146b0e341fcde8707e58b482b0ec5439de38ad75107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5cbd58fc2765708fe532007a6cbfb2e4

SHA1
5df23f0b4d6891d25905ac9798f54b41c31b6d31

SHA256
c798e7c49007373ff3175465058f3ee63f3b69c35fe12963c48934b2063e50ee

SHA512
8d0c7693a6b4a9b93153b868bf96db9a9a25be80eb9a634b48aa1a2d80a46cc0fec6873b265cd9e4ba028b34efcbf5eb4d0fff70abe2d0352bf56678698dce64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
67d2c87741f235ddfc00da1d7761c704

SHA1
5b1ec0aaf7472f3df9019fb4a7032fc1233c1110

SHA256
e4c3c7c948d423dc70b38d7e6bffa77ce09bac4afb58e2c239411acfb316c466

SHA512
190a36ef223a7ff8984b1600f0364ea84270562d7359c825d0e2b9916f27f51d483899ae6831bda687344acf6de57204c13d91b960a93f0c86bbd257b9f20f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b03946d1cd4fc3b053e6509cce43a676

SHA1
74db2d4a56dd1fed5d663ec7faacbf95a2f5d290

SHA256
448b914e3681ef5f389315a767a3633d0d18ddbb852ab44aceaa1aa01e107160

SHA512
4527b56fe01b2041fb4411119c2e48bf7d03b6872ee11b872b1bea8ea24bac602b0ba75f788c14fc96ae8751206412bff0dc9260f1cc56d43e8a4cbd1accad70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
54f905fcf3ae3fd01582d4b3e4a244f8

SHA1
1b2e268b87bd2f33199cb055627a76cbcce02266

SHA256
d2b70effaf878d1f2b9801d334ef23777536c15b6113c62e86d764657928350f

SHA512
383c184b07a4b0c186c90796d80989c8d5e9cb68fad81187489a0296d174173c23de53483eab099912603a679da76fdbee7db53e87b6059cf8f90bcef9ebd7a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit