hxxps://secure[.]avaaz[.]org

Analysis

max time kernel
150s
max time network
151s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
27/03/2024, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure.avaaz.org

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133560484457595891"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 4528	3456	chrome.exe	72
PID 3456 wrote to memory of 4528	3456	chrome.exe	72
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 4648	3456	chrome.exe	74
PID 3456 wrote to memory of 1948	3456	chrome.exe	75
PID 3456 wrote to memory of 1948	3456	chrome.exe	75
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76
PID 3456 wrote to memory of 676	3456	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://secure.avaaz.org
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbabd99758,0x7ffbabd99768,0x7ffbabd99778
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1844,i,14590641244439253575,17794900021652722282,131072 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1844,i,14590641244439253575,17794900021652722282,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1844,i,14590641244439253575,17794900021652722282,131072 /prefetch:8
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1844,i,14590641244439253575,17794900021652722282,131072 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1844,i,14590641244439253575,17794900021652722282,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4276 --field-trial-handle=1844,i,14590641244439253575,17794900021652722282,131072 /prefetch:8
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1844,i,14590641244439253575,17794900021652722282,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4528 --field-trial-handle=1844,i,14590641244439253575,17794900021652722282,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
37840bb3a5768ba48c163b4b9ccf03c0

SHA1
e318527c0dd69385062d2cfec8f257cd90df499b

SHA256
940d9f46af009a9db3a549ccc6c5460d88fe8a811edf2fae55cc22b2b780ff76

SHA512
c8836947f4246f3edd41bd8c202ad9dcfb36aa98de5c34c88c898442007392a27fe9025e669f31d744275dcec31ece27eaa69f28027887e740c7c699021ce1ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\682e602e-04cb-4c79-92e1-485b4676fee2.tmp

Filesize
1KB

MD5
a66da84339826f4774e928dde4fadd69

SHA1
bd1afa6dc85f3446a42fb846f7f8058f0f691f2f

SHA256
4c3d50362651f2ebc75396123258618d28910d6437e63777d0b365b4031b779e

SHA512
7d14d2f09055cb84db6a2a5c8f413617c7280feb72e5c2a9c82abb13c0b3b05467d8480e0be5c47bac9424724bffa68aea005d3c4bffe7004a07c9b86a6c2834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
fd6b0f6085a38f227ac3535ca2136eda

SHA1
6a3a5ac5bb754706eb73051aa3c02ececca27f20

SHA256
2194b82f68c00897c59f2a753772e05f76a886f93c61460cb39d90e112987674

SHA512
e21de44b3b092c4b7ffbc9ed39b0f616b6713b86e1499377aace7e01c4fb510f8e9eaf801551577510aee707c1e9297dd7e48b62f0fcf09c0d2e959126b9dd5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
12e7fdc63a8485a366a38a27bd6262b6

SHA1
e71cb009dea7b85a6b5cdb34da667d8aa4d361bf

SHA256
f36414c23ebe6be05f3bc0188c0b7b10574ad4df534a1930e140c3eac725941d

SHA512
29e2732c2672619c91b8af1762878a02a3255d25fc5fab830da91bc399f72b92fb34c7fc6591b901418f85360759bf8cad85eaca9d6a0b8d91d029c2a969a8ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5bff6a1190a3eadb8e1b3f8ef7dbe19a

SHA1
8a4eeb47347d3bccfef68c518c6f06906db8e28b

SHA256
1bbda797291a14a188d77aa5de4bf0ce2e6bd6979ca05f358cd0007001804f5c

SHA512
3262434303f30fd9f5b38d780f5eb210eb7173fdcc3687c387341d2089b05e9de911aebf72145da6b88350cca56817678767228995d5f5e927cef25a62f1c964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7077152dbdf5e9ba7a64d0ca6fbe33c9

SHA1
6bf64f944c880a2ed192d30d3eca3b41aa27652d

SHA256
370854a6a50b7d8d11c6ffa1cc362f6c2ce606186b9f059ab43743e6e00c13c8

SHA512
0a24def423fb7ccf50903edb06508593a8eb86f644ccfa44b27e4ced4a7ba5d804e00fb36ce26f5494bb68aabc5c983de70c742e0bcf4b407dcaa635e31ac9b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
40fd269b637e130e092081b5b95fb8fc

SHA1
e995ab077c38e7c15a2ed98dedacbed67f9d590f

SHA256
4a035f0f7701aa067afdedbe2c58af2270a7e20eaae2c853a5f0d98a29848948

SHA512
747b3d5e32e3e4a147aeb7e68728879ae85e9a407733f9684127c234fed23b8dc5887ff26e3720309ccb3678129c6edfee54f72aeeb1098d35b3436708b99365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a24dbd5f7c660469c139eb69d3f6c74f

SHA1
b1b62a5fa6ac0445f412ada174bf9eac22820063

SHA256
6e18e69ba677138d7eeabf51c28656b6a8589eddac2db624008d77099cce2004

SHA512
237eb60d8c9e03b44391a6c3edf304bdeb2dff979019694226e6483a120211559e0c878533dc38df90fe13e36427ece24a27350264509ca060f73e35c55cdffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
34cc15c10277e9309bbc0a94515efaa6

SHA1
60771f528d436d5ea5e5fb8696f0358462a98922

SHA256
a96dc2966fefeeba12986d934e1af24771d3eb3cb661941a71ff89cb1ee6c486

SHA512
b6b5cf0a9fe55c5ca868b28f07acc76361d3525b58cdfa36507f084edc4af8a9940bf8a0ee4154296fec7909599b7266ad38c456c14755a2486950b7bfc6dd47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fd2a9f6f3146127c16f3bfa1d5d2a908

SHA1
4c5981fa8289a3e076d5db2929e30f8bd07c63f7

SHA256
9c8892bab218f081c7a711cc73d298c8a0b3dac6964fde4c71fc750e8f65cbf9

SHA512
421aefd66881532ba63d936e11d1cf3ccea10537f82a3000b5a300f1971a578fdf408006b02efcfd23644430964857b26ceb7fd59eda28a9911d99fd3c7aadc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
33d26c13feeb98cd938738de0d758bf9

SHA1
0f5a29c890a5a3a5beabfd56900e46bc685f18a7

SHA256
53fe0f29e2f59b40df13db4f99f34d547ddc072c1165214dcce092b11642296b

SHA512
5510d2a0e720504919faa7a649f129d045140d4578a48a2cde1f31c9b6b0858dc3f477572d9d2056ec0dd8a65cfe2dd9ebd30829f657967c7ec04bdce44ca42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
08218052bbe2ba57dff1f96cb0eb5d7e

SHA1
2067c1b128c26128d665976484f96cd3fe10368d

SHA256
17b4bbc92ea8278315cca0e57dd2a05e444b9d8dc17e2d0f7c4da898978fd0c4

SHA512
0f38c800c05678403944e8eed14eecfa0e02fafc380ec9c190dcb93d75ea97ac8571236e789278ffcbab519c994956121435a451a42c83a6da9b9f410b617b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit