hxxps://r20[.]rs6[.]net/tn[.]jsp?f=001Xo6QeKDi-G1Yg_YcO9yTcMdbBnRLrppYYN1wlQXPfVzdeD4_EdtxbQm4mb2Dt4dyMXTbf6YTl-6ieXTXQvZDaULH6aufmVL3cc0jf1NgzsqGEutje4CRwfNXkX1TotkkiXoZzNrOAYE8eqsmP7ZH1Q==&c=1zPvZKQ17rYly49MN_rMySmYDQbRAcz6ONOm_FcY1XV3ruZsaiNTcg==&ch=-fSJpymgpSh5A28SNWcnLzw0LI3AP1qxsA3KG-LiiOSuPLE7qfgoqA===&__=/simona[.]foglia/c2ltb25hLmZvZ2xpYUBhY3VyaXMuY29t

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 16:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://r20.rs6.net/tn.jsp?f=001Xo6QeKDi-G1Yg_YcO9yTcMdbBnRLrppYYN1wlQXPfVzdeD4_EdtxbQm4mb2Dt4dyMXTbf6YTl-6ieXTXQvZDaULH6aufmVL3cc0jf1NgzsqGEutje4CRwfNXkX1TotkkiXoZzNrOAYE8eqsmP7ZH1Q==&c=1zPvZKQ17rYly49MN_rMySmYDQbRAcz6ONOm_FcY1XV3ruZsaiNTcg==&ch=-fSJpymgpSh5A28SNWcnLzw0LI3AP1qxsA3KG-LiiOSuPLE7qfgoqA===&__=/simona.foglia/c2ltb25hLmZvZ2xpYUBhY3VyaXMuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133505868090778853"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 1216	4848	chrome.exe	71
PID 4848 wrote to memory of 1216	4848	chrome.exe	71
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 2336	4848	chrome.exe	88
PID 4848 wrote to memory of 4836	4848	chrome.exe	89
PID 4848 wrote to memory of 4836	4848	chrome.exe	89
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90
PID 4848 wrote to memory of 4736	4848	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://r20.rs6.net/tn.jsp?f=001Xo6QeKDi-G1Yg_YcO9yTcMdbBnRLrppYYN1wlQXPfVzdeD4_EdtxbQm4mb2Dt4dyMXTbf6YTl-6ieXTXQvZDaULH6aufmVL3cc0jf1NgzsqGEutje4CRwfNXkX1TotkkiXoZzNrOAYE8eqsmP7ZH1Q==&c=1zPvZKQ17rYly49MN_rMySmYDQbRAcz6ONOm_FcY1XV3ruZsaiNTcg==&ch=-fSJpymgpSh5A28SNWcnLzw0LI3AP1qxsA3KG-LiiOSuPLE7qfgoqA===&__=/simona.foglia/c2ltb25hLmZvZ2xpYUBhY3VyaXMuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ba879758,0x7ff8ba879768,0x7ff8ba879778
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1736 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3760 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2812 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 --field-trial-handle=1592,i,11436367909875610682,1288242479618761848,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ab63539bf3f512d4be26521cbd61df5d

SHA1
5b1b09dbbe7ccf4c7d18aae53499621ea6220c97

SHA256
0807cab7e5912e88b4b016ae0ffa25c2c66138b0a2479eb17ac157eba6909cd0

SHA512
c1a55b2db8205d00fdb88eba13d4aedb4d5ed19f115db35c5323c639a37ec096dcb833f5cf955bfe8bf8854503cb8f80446b11b34798f80ab1f4bd494d55d94e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1427d66117aba19445455eea93eda502

SHA1
f3a6590618ed7b22682dfe8cc2cb23a655b2ed96

SHA256
6a83bbdfab9260ae48783eba667141367e7f6391c59996cd4ab966f2697e934e

SHA512
8ca73180763579f0c160423b3bd6830209f02ad3f2ca0fa258a21a01b2072992d308e7e28440fedc6ad981df8a73971234aeef06ee0a007fded7b136f387d42e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
bea8ceb22372359e361d7821e2d731f2

SHA1
1257a7ab84caefa15080706372b77f5b7207b774

SHA256
30c196248356238b80ec01de3728bb32890ec422ac04b8f5afab7edb8b0591e3

SHA512
6f56662cf25e1487a6d478c2a0a5af64d2baffe512d5c0da88ddafaafe3ecfe34b8b86e5c1e0dba39c0f40bff3a43c52654267d7e733949d925332f1235f2373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
492d4eca644e0f750d66e84621a4af0b

SHA1
f75c3d1dbc01e027d2efe442addd108497e9e906

SHA256
4e2d2d9b39510b2787c42a00976e44f1912143eb4d733ca54a25d84450984530

SHA512
a55f3cfcd0dbaf6d7b12f58053f8e10eaba72ef50d708aa39f6817ad512e32d6d9ddc28d793b13039506abdc6a6413599e2e895c2e75f8e4dad327afb062da09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
49ed3891d60fa1ea68ea1653d6179436

SHA1
7766eedcc80be6c5dcdced175f73bbed5a8a1c68

SHA256
709e56bf1dac6d66ef315321a4743d1d289bd4e53c80fa8cc004f925b5a43f62

SHA512
2dba54efba71d96e85059b0878350782779f803895a962856be8c8786092adcc2d1191eca743d7d3a576ffd381508eb379934e4e2e21c0c1a529b7470b4e78d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0cb121fb37fb094cd7a1fc388a3f7c39

SHA1
9806fa586e47c70468c03ca7d65e8f1d5eb117d8

SHA256
13f61b33de707640b42dd2136a9b11916e1c37c16d52388171ce94ecbae3ca68

SHA512
4eb9c29dac167c989c54664d4e45941aaad2a92b728eec28be7de302df48634b29e44c9f660e3ac99bc7355c49e07e6989834a38e4d33494279f6b861c3e089e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit