hxxps://bofa[.]com-onlinebanking[.]com/XYTFWMVRXTTFVbEo0TjNFeWQxaG9Vbmg1ZUd4VWRFWnlZMGh5YlRSV2NXOHJNRkpUVERsdlowMWtjVnB0UkV0cVMwcENSRnBpUlU5dWVXNW1VRVpwUWpKV1YzVlFiVFk1UlVWMmQzaHRSbVJFZGxoYWEydFJTa2d2YldKeldqZFFTMHhZVFROb1ZHZHBPVUpwT1d3cmJGZEpLemRqT0doclVqRlRZa1JwSzJSNFFUWk5SVnBvWkVSMlRXOUtNWGxTVlZJdlZGSlJjME01YzJWdVoxZGxXamQ1VUZSTWVHRlBZelowTWtzNVZFTXlZV1ZuTVZkNGFFMTNURWxTY205SlFrZEVlREEyZVVwUVMwMTNhMUpaTldsV2MzQXJkejA5TFMxbE5DdGhRekV4UlhScVEzazBNakJ0YWpZdmRsUlJQVDA9LS0zZDViNzg5NWIxMGZlMmUzMGZhODdiYTljN2JlMGFjNWM1YzY2ZmIz?cid=1496031247

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2023, 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bofa.com-onlinebanking.com/XYTFWMVRXTTFVbEo0TjNFeWQxaG9Vbmg1ZUd4VWRFWnlZMGh5YlRSV2NXOHJNRkpUVERsdlowMWtjVnB0UkV0cVMwcENSRnBpUlU5dWVXNW1VRVpwUWpKV1YzVlFiVFk1UlVWMmQzaHRSbVJFZGxoYWEydFJTa2d2YldKeldqZFFTMHhZVFROb1ZHZHBPVUpwT1d3cmJGZEpLemRqT0doclVqRlRZa1JwSzJSNFFUWk5SVnBvWkVSMlRXOUtNWGxTVlZJdlZGSlJjME01YzJWdVoxZGxXamQ1VUZSTWVHRlBZelowTWtzNVZFTXlZV1ZuTVZkNGFFMTNURWxTY205SlFrZEVlREEyZVVwUVMwMTNhMUpaTldsV2MzQXJkejA5TFMxbE5DdGhRekV4UlhScVEzazBNakJ0YWpZdmRsUlJQVDA9LS0zZDViNzg5NWIxMGZlMmUzMGZhODdiYTljN2JlMGFjNWM1YzY2ZmIz?cid=1496031247

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289942078318287"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1384	chrome.exe
1384	chrome.exe
1416	chrome.exe
1416	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe
Token: SeShutdownPrivilege	1384	chrome.exe
Token: SeCreatePagefilePrivilege	1384	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 1844	1384	chrome.exe	83
PID 1384 wrote to memory of 1844	1384	chrome.exe	83
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 1832	1384	chrome.exe	84
PID 1384 wrote to memory of 2856	1384	chrome.exe	86
PID 1384 wrote to memory of 2856	1384	chrome.exe	86
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87
PID 1384 wrote to memory of 388	1384	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bofa.com-onlinebanking.com/XYTFWMVRXTTFVbEo0TjNFeWQxaG9Vbmg1ZUd4VWRFWnlZMGh5YlRSV2NXOHJNRkpUVERsdlowMWtjVnB0UkV0cVMwcENSRnBpUlU5dWVXNW1VRVpwUWpKV1YzVlFiVFk1UlVWMmQzaHRSbVJFZGxoYWEydFJTa2d2YldKeldqZFFTMHhZVFROb1ZHZHBPVUpwT1d3cmJGZEpLemRqT0doclVqRlRZa1JwSzJSNFFUWk5SVnBvWkVSMlRXOUtNWGxTVlZJdlZGSlJjME01YzJWdVoxZGxXamQ1VUZSTWVHRlBZelowTWtzNVZFTXlZV1ZuTVZkNGFFMTNURWxTY205SlFrZEVlREEyZVVwUVMwMTNhMUpaTldsV2MzQXJkejA5TFMxbE5DdGhRekV4UlhScVEzazBNakJ0YWpZdmRsUlJQVDA9LS0zZDViNzg5NWIxMGZlMmUzMGZhODdiYTljN2JlMGFjNWM1YzY2ZmIz?cid=1496031247
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff8b16a9758,0x7ff8b16a9768,0x7ff8b16a9778
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1804,i,689606402478404556,6455804435407099199,131072 /prefetch:2
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1804,i,689606402478404556,6455804435407099199,131072 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1804,i,689606402478404556,6455804435407099199,131072 /prefetch:8
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1804,i,689606402478404556,6455804435407099199,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1804,i,689606402478404556,6455804435407099199,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1804,i,689606402478404556,6455804435407099199,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1804,i,689606402478404556,6455804435407099199,131072 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1804,i,689606402478404556,6455804435407099199,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3712 --field-trial-handle=1804,i,689606402478404556,6455804435407099199,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
36d66ffbc5e73deb1b12c906883cf009

SHA1
f847df44109d944e656e85fbba88f959484c9615

SHA256
d9622025263bd537159a0a5257555a52ded202d1723512d5799cdd1d4854f9f1

SHA512
7720c4e54b469cf6ba59e6f19833527046103923a352c0d6cc9bb7cb6090010eaa6769c5d16a7ffb47737cbc602e7ed526f12df07050d0aa2aea1efbbd4f458f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8d669ccdf2bd6d2ca1ac647c058b35f2

SHA1
013310cf81c34d7e8e9344f920a3caedaae54732

SHA256
51ff33b9eda6abed3a18eed3b0ddeeb25c946a1fcc274c221a137d9a112803b2

SHA512
dd218591a86636ccf2099e4722ec92cd7803a9a3b2c9ed4742b42443579b24e76e885fd164977994a2d8e7aa9be21b949394024ed54fd7207caee2146f22ef4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2edbb80135cc49749bdc494c9cda5d6e

SHA1
75efb623d498e4b01c0c673e53b928ea1b21e0cf

SHA256
330c35b9a9db68dcfdf2f1ae1077bcf592443b4574a7718d986f42d49f59883d

SHA512
d13530e1a1d6484b32d71b3e4c8165a62545936f23205a42218b28e2e979264595bdc112e5b64b53ce1548f1cd6ef0f27aeaeefb2dc2bc4c2395f6dfb87d7fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1123b728947241fdd55bc3ac5c3cc928

SHA1
29515f19078d3e2422686c41dedf4fd437867756

SHA256
36bb25763c6416e0d261d3e637259369d04c7457f7eec737a82e551d87b85d18

SHA512
3ee569ac3a76de8c8a60544f31d97b1f498aacc5d9f275fb74786595500a5cbfdf1ea5000b04ef476a16b59e9b0f366836f8dded4fd3250e82ba2231e002238d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4dd342893a6cda56f5b000215ea9abb6

SHA1
c106f18126cca9ab77b0883977f138cc841029c8

SHA256
008c156c637a00a819e4db8033c804f75433195316e2f8b7cddb0ff1a3a3c4dc

SHA512
349b9f11636ab3af71cfd873767dda497bca4fbb6ad79ea14ce0d1cca9c88a41ffdcf1f52901b51f0461332bf1e1bd591b06479dd1198772f97030de69422a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba4ba04415453a53b8aafb0c7fc85b5e

SHA1
5f07004e03b46c66c617a58c4efaf14d0463ba7c

SHA256
3c8eedd0194487e702517ad7c04705b634451fbbdea3ad6e186baa3f411d4907

SHA512
47e5fb01e39dbd621e1c31ea1a0c73d2d6080e558b381f7690453292e6ac12a0cd0b763130917e58ba102fadb8b774055a080e6c1293d44de544e30ab988735e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
caf10641c9253982b11fc14444db6432

SHA1
98e95cfc0ff90014ef8776ab94a7979121322adf

SHA256
d352e8adba871dbf4f796ce992f25b7382bb31e86b162530bcbbe541e2f542f2

SHA512
090594ce85d589ee86451fc38363a6cee4db572a407725d85c854c933bc98446b2bbc2302f7b97ef7e16e07e864e95a0a270c4ffb095ff2d27610ab12a59b0d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit