acd6e6442d4370cf709df5b2573a7cf39d12abb4ccf01caac48b4b408ac4724f

Analysis

max time kernel
600s
max time network
546s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Donalbainessettle-to-thee-the-Gentled-thinke-fro.js
Size

236KB
MD5

1851bed2d1c65794a83adf720ff31b0b
SHA1

ce3b8cac733f2ed6bf8bb7ceeb111cc16e9beb6a
SHA256

acd6e6442d4370cf709df5b2573a7cf39d12abb4ccf01caac48b4b408ac4724f
SHA512

e1b3074ec18818353ddb8af3cc91e29c9d2637dc0012d88ae8cfb56b88a38b717c20397f655e21f30a39380cc4acbb6c6b3f7e4e5f000c907c0be60495a61e3d
SSDEEP

3072:GyvLBtxc9Ram3ZVNzwZziA6noO262F2cHe+ruUcVS5Ke1U3XlIWw8BGafFLCn9En:pt43ZVN8/6nZ262F2cryBVSQlImLCnSD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571507021062942"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3700	chrome.exe
3700	chrome.exe
848	chrome.exe
848	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe
Token: SeShutdownPrivilege	3700	chrome.exe
Token: SeCreatePagefilePrivilege	3700	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3624	wscript.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 3908	3700	chrome.exe	106
PID 3700 wrote to memory of 3908	3700	chrome.exe	106
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 540	3700	chrome.exe	107
PID 3700 wrote to memory of 3608	3700	chrome.exe	108
PID 3700 wrote to memory of 3608	3700	chrome.exe	108
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109
PID 3700 wrote to memory of 116	3700	chrome.exe	109

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Donalbainessettle-to-thee-the-Gentled-thinke-fro.js
1⤵
- Suspicious use of FindShellTrayWindow
PID:3624

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1900

C:\Windows\System32\CScript.exe
"C:\Windows\System32\CScript.exe" "C:\Users\Admin\AppData\Local\Temp\Donalbainessettle-to-thee-the-Gentled-thinke-fro.js"
1⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe0cd09758,0x7ffe0cd09768,0x7ffe0cd09778
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:2
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4668 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5012 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5220 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4124 --field-trial-handle=1836,i,12961335063337681079,1013790628810637295,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:848

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d844cffb40a5abb7cd6272ca2c72832b

SHA1
c416c557d6a2f7db6e99e2d18cc0d08e16bc7838

SHA256
99f525d8aca0d21db2a9e83ed13fe81d558ea7b1277fe159607e6a6c6975cab4

SHA512
ff323b682ded928eeb387a43da9ec1300011d87c5f4c4ef03ebdd505d2d5da3e137d53d77eb3da210b388b95707549b98f2755f0f3c30fdc252699745a74e117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4fb69320f2d4e9838621cf4a258b22a3

SHA1
625fa2a0146d39414d5fa8a82a7832a361d9c4f4

SHA256
23cb97f665ff8aa5b1832a103c7adce1ec05df278c55a8fb287cf9d52a33e3c0

SHA512
79e16ceb5817525da0fd7289898067c89ead451ce4dee147b346918073e3512f927613b1098bc7bea77ee64b7ac84f58b8b122cc164f96612ae143677092b068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5390904527cf81b35890077fa1e16e12

SHA1
6a03af019112ff961e2a7952fa57e8be92ae142a

SHA256
9a1976ac5a65337c1029e4247cb303e687ba66a15137658aa35e7598ce5c2fd4

SHA512
c1bf53fa0be2a10079a610d31549abf304fb5687c1db13b179a910497588715b3a231391b06347a51d1e92f56bee940fbd2da23ad2277ef55ca99535dd57ebc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e5d789823b791303623a4afd06cd0da0

SHA1
5e90fb9d28056eb55f7cd2741c8bd1419a359b05

SHA256
05a10d1327a1fee91956bf2c66cc451297d6ed8ef8b275435ee2a6edf251e1f6

SHA512
c22278887840e8f8095e35d74ae3f6721e057b69381112fb1615daebeade8a96e5998d5e554b51e307a67e1c37782d43086acae5530b88cc92c79560190a3d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5190559529b4f81d1d64abcc5ac009c3

SHA1
5c0ab167e8f34f6fb356d26482c9ab613ec873f1

SHA256
3e0cd35d070889f06738e23c671c8d0fac57f5dcb4b73166bab1835e32b5ba39

SHA512
fb258d2eeadc58e674064d9df7c3461510f708a3e0749d5656f1e9db768332800321ac50e68ab5a248e0bd5451aec9eab981b455593535813a1b04e3b2b8be19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
02c59da67fd29b7a8cefd987d301f906

SHA1
1f8c1c16ce16d88a54225fc48c0830143d6097a8

SHA256
91a89f479d8dc8ffdfa4c19dcb22eb9a78db9b1019d63e933b5b05e2173401de

SHA512
5939cec6d698632fbbe293040c16a999986ecc3503b0e348efe2737ccee5859b9e55198140e7b4109ae256545014ce5711c669fa5d96cdded40d6a9de55de9fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit