hxxp://giris[.]eba[.]gov[.]tr

Resubmissions

04/04/2024, 16:45

240404-t9qk4acg6s 10

04/04/2024, 16:44

04/04/2024, 16:42

04/04/2024, 16:39

04/04/2024, 16:36

Analysis

max time kernel
44s
max time network
45s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 16:44

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://giris.eba.gov.tr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133567226956391316"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "125"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1688	chrome.exe
1688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe
Token: SeShutdownPrivilege	1688	chrome.exe
Token: SeCreatePagefilePrivilege	1688	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3296	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 3244	1688	chrome.exe	86
PID 1688 wrote to memory of 3244	1688	chrome.exe	86
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3228	1688	chrome.exe	90
PID 1688 wrote to memory of 3788	1688	chrome.exe	91
PID 1688 wrote to memory of 3788	1688	chrome.exe	91
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92
PID 1688 wrote to memory of 2584	1688	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://giris.eba.gov.tr
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa06b29758,0x7ffa06b29768,0x7ffa06b29778
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:2
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4744 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4844 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3000 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:8
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5196 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5380 --field-trial-handle=1832,i,12030729175107976662,588066342146047300,131072 /prefetch:1
  2⤵
  PID:1996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3556

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39bf855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5a7b4e6dffb93262bfd7d7682ba7475f

SHA1
ebea9cfc2bc0ba93952664d94171031c2c719df6

SHA256
3ff947492f1855f6ed7aa2fdad169caba6a62af25ddb44735e0b4c49fb45e163

SHA512
896e2c5f5aec8fd53f3ad5c9afa0377dc3b1f256bd6d1e31ee0e273be91bd863e73dc65701dc4b96926676a3705375c5bf6b86ad5a83801671eed4418443aa96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
e1d3b7387f420719431fe02085d13f0e

SHA1
bd9c145b1111864a811589c5353a5c78d939fc4c

SHA256
9ceceb15023a456a0cdc4fe515b0a37a9ebcb3d2bccc390f621611e0066409ba

SHA512
032b5b8b922c8fe86ca44a861079f9ceb0153c80eff543e65343c5a021aa3c36f644089767d76e3442520de91252f375db83a6e8ee5b9c7e794919ce83a67514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c2dafa06990cda77e7cf722849dc396

SHA1
e9d7ec10f6e99f076ce78f3522a73224aebf425c

SHA256
769cd8c43a60e5c1b0a554ce7b8629d9250aaae40d7db65d24452d68b466d9ce

SHA512
dc1608b82f70d9e46a681e093a9d428a6286d3161fa95e06ea8153d2af76d41a5b1bc12717046608f337937e193f70754710819c0ef8330103cbd24cee9c86e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
970c86c72f4b6106a45e24efedb42cee

SHA1
6eeb40161ba68924d364476f69dbcf1f54f71f40

SHA256
d2542b5a7100ec37f55174cb1fd99a15d3959b3430ce76298fb38e2c062af4cb

SHA512
b3adc5f999d363f3a09eebab1f02546e4f9f06006f7b6a0a0976122a2d61be5bef136972cab0e7e6650494f34c044e2e7dea3b85bfbf728acd66ad7e88c0c341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
b30cac13d081a1cee580223f81b7645d

SHA1
42340e49d7deee935a1503cf97c1a8e456d92ac5

SHA256
9b2d27c1fd0fa152fad9c45b8a982467112f188565d791b45f82f0e4431df934

SHA512
6e9dc0c43f4078344e75d03ffa6fee696ba3f7909f6840344a3e55a1c664b2a85f08dab9c951936971cacdc4ec023b0470f358af4c1526d38a778281c5fa5d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit