hxxps://corprovea[.]com/?consultation=YTJGdWRHRnlMbU52YlE9PSxZbUZ5WW05eVlTNTZaV3hwYm10dmRtRT0sd3dpY25nbmFr

Analysis

max time kernel
150s
max time network
155s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
26-03-2024 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://corprovea.com/?consultation=YTJGdWRHRnlMbU52YlE9PSxZbUZ5WW05eVlTNTZaV3hwYm10dmRtRT0sd3dpY25nbmFr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559475345262419"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
1600	chrome.exe
1600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 2680	4584	chrome.exe	72
PID 4584 wrote to memory of 2680	4584	chrome.exe	72
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 1336	4584	chrome.exe	74
PID 4584 wrote to memory of 3892	4584	chrome.exe	75
PID 4584 wrote to memory of 3892	4584	chrome.exe	75
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76
PID 4584 wrote to memory of 596	4584	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://corprovea.com/?consultation=YTJGdWRHRnlMbU52YlE9PSxZbUZ5WW05eVlTNTZaV3hwYm10dmRtRT0sd3dpY25nbmFr
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8c84e9758,0x7ff8c84e9768,0x7ff8c84e9778
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:2
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:8
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:1
  2⤵
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4564 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5100 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3768 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4652 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2924 --field-trial-handle=1740,i,14479655775597156983,15496844882953732471,131072 /prefetch:8
  2⤵
  PID:3520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
978e94f8afaf8bae567222c04955e2c5

SHA1
202863090314634912c9bdea10e57bc2a5319c40

SHA256
f969c1971c4c8cb1b9f0edc38b454d55e851cfe9207054a3a925346feced95a8

SHA512
b8a84bbce7d846db7d4dd5b44eee79512f3851feec4b3a1b1ce1589aff74801c95055738546d6960520980e469b4784d07da11daada2629ae176448aaad06691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
718B

MD5
d958d1c2fa9941faa59c4d0b6b2272db

SHA1
0fed602a3d2fd55146dde9a41d284d0a5f26ee23

SHA256
a80f4a9fc215e05acc4c4a7740a2802953374e34aaeef4379f6de183af42dd9b

SHA512
82a57fad21fb9767867010d0e5303b276f6560261d5b60a73cbfe2eb6250e4854c539bde634b22e89ff8e4bfa10cd6d58610137babddc8ad3a2c8aa8e0dafc6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
2195d05fbf51ab9694c2a05c582fae52

SHA1
6434033e450fcb7fbf756794780d8bcf0fa2cbe2

SHA256
7be4cd1cc3ca3809b7ab1fbe08842c8f48ba1a3a7ecb4f2011f3b64bf2add39a

SHA512
2e0b946f2054818293fecf0a508ca1b5445804f287f7fb3223af4f3b963e85eae8885de3fc6d1c6f8928a4cc0d29aa96bcd4d21bb00e821dc093209576a7387a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
9049f2c470ab2e3b0d9a84c64595dd7b

SHA1
97b6f968b3cf582988e87b14ad7c16c4193aa6de

SHA256
33741924136848b8a1b9aaecabc1be68bdc982135d487f5aeee943c3092ca09d

SHA512
01c407f701f6dfa4003022d402f3898e35b416b2df413de831faa69c9cee603352b6bcd702dfa2e7a9856c6c0249273b20b9262a30434f3a10dde9399c334df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0def9942c924fb34a06458a5698067af

SHA1
681cf3b2b0bbb1013a99da5f7fae0bc9ddc23467

SHA256
ec457082a79530bcd31cb0a4e50b8f550413383a886969ab7fdf43a8c9883640

SHA512
a86e543667a7ba6869861fc9b9afc37063d00da4d28a5c9bb9c40b42beaf38ac5a52eb476b948f85b906303a074a2d6b63582228adbb97834598637653a571f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54f126fe7a1efa730c621a75e8c07159

SHA1
9efc6885881fe90976e4ba50c5d157655628d596

SHA256
9d2a53e4909c9cb99cf1783588e812964bdbafeb2d3b4c4708a806d0c7c5f9bf

SHA512
d0de0344654e41f0537498e3f816723eb3e9c777a6541e6fcdd1bc9b9cc0af34f04ddcec6497c18a68e55bd3b64ea52de3510265595d7f06ce55c63167aec988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7286e3e864d76523ce4cc36c3419e31a

SHA1
2a281be81b2846fd9f17d3723bd22d0118aa79ed

SHA256
70358d17545366c82504bb250405e731328d32f4fc3acde649be8c2944cb5a76

SHA512
07e1c03afc4d16c122250595109e5c825bb67c22790da147bcc500ecedb362e76d199dafc1eb93340f7066e920ed857dfaf09d8a78fbbf19d7017eb0d83f84d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
81b10aafabea1c4ad6c97431ea6f055f

SHA1
557f6ab8ce93952fb821f6e1ae0d8c1f1d4fa325

SHA256
4629f026d83013ba67c2dfe00105e2dd5dda1168b389261b0340dacb88870861

SHA512
20cfacd6590781bb43a076ab790885df2e61deed67bcb98cc67cc2a9a38c55438bb7e3b79419842ce272b8224d89c2bdf143f0fe7c8732dcad345e2bf81a034f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit