hxxps://gem[.]godaddy[.]com/signups/activate/MS0tRDBtQnJ1NUd6MGRVaVl3K1YxRkhaZ3doOEpRdmZTcXBEMHF2ZVhOeUdNdDFJa0EvSFoxSStoVGVyTTR3NjV5RWVUcE04U3JKUmRtUHJSSG1RV2pheTkvMlE0U0djWFhLWXVBPS0tdWp4VlM0N3BQZGVIeTFzYy0tU2hxV2Uxa0IrTmJqdHU5bWRETUg2UT09?signup=10182056

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gem.godaddy.com/signups/activate/MS0tRDBtQnJ1NUd6MGRVaVl3K1YxRkhaZ3doOEpRdmZTcXBEMHF2ZVhOeUdNdDFJa0EvSFoxSStoVGVyTTR3NjV5RWVUcE04U3JKUmRtUHJSSG1RV2pheTkvMlE0U0djWFhLWXVBPS0tdWp4VlM0N3BQZGVIeTFzYy0tU2hxV2Uxa0IrTmJqdHU5bWRETUg2UT09?signup=10182056

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133493228030029160"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1008	1964	chrome.exe	88
PID 1964 wrote to memory of 1008	1964	chrome.exe	88
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2228	1964	chrome.exe	90
PID 1964 wrote to memory of 2360	1964	chrome.exe	91
PID 1964 wrote to memory of 2360	1964	chrome.exe	91
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92
PID 1964 wrote to memory of 1492	1964	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gem.godaddy.com/signups/activate/MS0tRDBtQnJ1NUd6MGRVaVl3K1YxRkhaZ3doOEpRdmZTcXBEMHF2ZVhOeUdNdDFJa0EvSFoxSStoVGVyTTR3NjV5RWVUcE04U3JKUmRtUHJSSG1RV2pheTkvMlE0U0djWFhLWXVBPS0tdWp4VlM0N3BQZGVIeTFzYy0tU2hxV2Uxa0IrTmJqdHU5bWRETUg2UT09?signup=10182056
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe176b9758,0x7ffe176b9768,0x7ffe176b9778
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:2
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4916 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4620 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3056 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3760 --field-trial-handle=1920,i,4519524018200010469,9225078446356137208,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
212c27645b0449d7ac492448f58eea85

SHA1
470835f32c0d4b3ab3fa335e2e8eb6bf4ac6200b

SHA256
57014187bdc6ad691c748618fa5ca3479ea59e965ce0f48ba16f6a8669091d56

SHA512
51507aa0f8d987d81747a290b9d502b3c61e99d0eaf44a93dcb6daf3a6d553c8cb2fc59b359652816e673b624ceaa4d406f8671076b72930cb847c1b309fc044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b58eba4270b8342395fca819fa790734

SHA1
f5b8b4de54c475a0ab3bf6188aec4927aff3ada6

SHA256
897740e516c7f75f52570af9ba53a3fb20c2c8aaad9044b5699bdd8b8b0a80fc

SHA512
5f579d85ff6f92b767d78702965549a521e222ee542a3bc3f8c12a6fc93700dc514910c4fa6a4d088a387d807dd2a6b4f7853021d5fe4dc1c709f0d2d00eb43b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6dbe39f3f1772cdf9cca26ba628e2aae

SHA1
3a70a1e6d0b128f296a8355429eefc2fc21d0035

SHA256
7586c0d8ea0d3eee2710d2b51e75d2a9fcc7095292d3b8b93aa2c92970f78586

SHA512
21ab7b84630ac8bcfe693e20ef901e99a2d455d53d57d7160fe07f653e17c79172dcb3b9798ff0f01a1d80677afa0eb5ab70aefe906b3edb06abd7ba9d278857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea8639d89a16064f53dfe18ecacbb331

SHA1
eef085438ab6bea51e38361b3d7b4a14ca6b0cc0

SHA256
df19db2c2f563836dd5ef7fe57fcd01a7b5e9f9f898d4dda42444d9d8bc82350

SHA512
4edb7de4478237b370ecf9e48589c73a0383822bfd24b1f8224d4995e7a7e05aad4edc155f00abde5794e9ae64a430b9cc4fd01269b2ac90c8511f5f161e3bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5446ea3da0fa4934fecf9e51bc4dc9eb

SHA1
ff1564dd5a6591c066eaceb756177c99b3fc003d

SHA256
53223acf988c6ca1439f9f0ca666a7dc1e28716820f8132ac8ef171ec6cbc273

SHA512
dcf9b64d7f4b05d267fda67ebacda09b5bd839b3317250f8f1c0334628e111789de67b006766d7993c5e4768822cb60561a51ccc87db9b2cdf03145b96c24abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
8129c0283bd3de7ddc1b1c23fc059201

SHA1
ead85af0cf0f49ef233a408dd9c745f7545e3277

SHA256
5ed63c77ab6903b9bbb40bcc092c22970db6f20b6259dd775bd6889386cc3a5c

SHA512
17183df5969b892976f8df58b6598fb85e38636a77905c7014aad36234c9be992eed84d5d42f69e81f8def290e4d1c5f29ed70807d5a5031aad69ad078ee2db7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
3ac9b626eb5801ec2304efe754589589

SHA1
c27f4e56f874c058858b6c710d11c7bd98ce1b27

SHA256
d932fe470e9367f9d1f5cc23c8d81cb30f413eae912ce748f5b6be6b1a4c6199

SHA512
8340489b5eb2f8fdd32e1c3b7d75d51af91489371b63e3a1ad81dc8f10b2219d1e14b88d2dd3b948fc7c3e34f9ce45db8b1de00ffb1f568cffd56c180b586008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1f659469bbf88392aeb9f94db1c846ce

SHA1
4214bff45c15a1b20c62b595d66393ca543647fe

SHA256
26baf4febd8dd02649e103d5b2e89ac7f53680b02661369c2f810be7b52678da

SHA512
c49cd68eff83b4e053aa079e388cd278578892dc15636bff76ddac324c132153de62f42629727779e4891376c1e0f11f431a5a3979b94790950436f350db5da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit