hxxps://2fa[.]com-token-auth[.]com/XTXpGeFpraEpjalZCY21KaVJVUllUVlZVVmpkbGVFaHhXbWxIYkc1MWJYUlhhWFpsUmtWNVpXeFdWMUZ0YkVGblIweEJZWEJQWm00MmVWUXdNVnBoYjJKWmMwRTJURXRhVTJkSlRuRjZMMFJrV2xkelprUm5aRGhFSzA1ck5pOXBhSE5JTUhoeFdITlVZVGhxUnpGYVlWSTBka0pGZUV4elZ6WjZTRFYwYzBKWE9HbFVNbkE0WWtOUmRGbDFOa2M0UlVSNFpXZGhaekpaV1cxVU1FOXFhMmxKTldaM1dFSjFhV3BSUFMwdGVscEtSbkZPVEdZME4ySnJiVXhxU2pkRmJuRjRRVDA5LS04ZmEzMDc4NWNlMGQ0YTQ5ZTZhZDQzMTE2OTJlNDI4OGQ3NWEwMjRj?cid=1586658738

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2023, 20:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://2fa.com-token-auth.com/XTXpGeFpraEpjalZCY21KaVJVUllUVlZVVmpkbGVFaHhXbWxIYkc1MWJYUlhhWFpsUmtWNVpXeFdWMUZ0YkVGblIweEJZWEJQWm00MmVWUXdNVnBoYjJKWmMwRTJURXRhVTJkSlRuRjZMMFJrV2xkelprUm5aRGhFSzA1ck5pOXBhSE5JTUhoeFdITlVZVGhxUnpGYVlWSTBka0pGZUV4elZ6WjZTRFYwYzBKWE9HbFVNbkE0WWtOUmRGbDFOa2M0UlVSNFpXZGhaekpaV1cxVU1FOXFhMmxKTldaM1dFSjFhV3BSUFMwdGVscEtSbkZPVEdZME4ySnJiVXhxU2pkRmJuRjRRVDA5LS04ZmEzMDc4NWNlMGQ0YTQ5ZTZhZDQzMTE2OTJlNDI4OGQ3NWEwMjRj?cid=1586658738

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133292673593377382"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1560	chrome.exe
1560	chrome.exe
1112	chrome.exe
1112	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe
Token: SeShutdownPrivilege	1560	chrome.exe
Token: SeCreatePagefilePrivilege	1560	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe
1560	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 2200	1560	chrome.exe	84
PID 1560 wrote to memory of 2200	1560	chrome.exe	84
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3728	1560	chrome.exe	85
PID 1560 wrote to memory of 3720	1560	chrome.exe	86
PID 1560 wrote to memory of 3720	1560	chrome.exe	86
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87
PID 1560 wrote to memory of 344	1560	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://2fa.com-token-auth.com/XTXpGeFpraEpjalZCY21KaVJVUllUVlZVVmpkbGVFaHhXbWxIYkc1MWJYUlhhWFpsUmtWNVpXeFdWMUZ0YkVGblIweEJZWEJQWm00MmVWUXdNVnBoYjJKWmMwRTJURXRhVTJkSlRuRjZMMFJrV2xkelprUm5aRGhFSzA1ck5pOXBhSE5JTUhoeFdITlVZVGhxUnpGYVlWSTBka0pGZUV4elZ6WjZTRFYwYzBKWE9HbFVNbkE0WWtOUmRGbDFOa2M0UlVSNFpXZGhaekpaV1cxVU1FOXFhMmxKTldaM1dFSjFhV3BSUFMwdGVscEtSbkZPVEdZME4ySnJiVXhxU2pkRmJuRjRRVDA5LS04ZmEzMDc4NWNlMGQ0YTQ5ZTZhZDQzMTE2OTJlNDI4OGQ3NWEwMjRj?cid=1586658738
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec8b79758,0x7ffec8b79768,0x7ffec8b79778
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1800,i,13906700330978510991,6148448504332987406,131072 /prefetch:2
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1800,i,13906700330978510991,6148448504332987406,131072 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1800,i,13906700330978510991,6148448504332987406,131072 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1800,i,13906700330978510991,6148448504332987406,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1800,i,13906700330978510991,6148448504332987406,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4772 --field-trial-handle=1800,i,13906700330978510991,6148448504332987406,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1800,i,13906700330978510991,6148448504332987406,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 --field-trial-handle=1800,i,13906700330978510991,6148448504332987406,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5140 --field-trial-handle=1800,i,13906700330978510991,6148448504332987406,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3332

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
75699e95a3d364c5012f075c85d86336

SHA1
8c9bb36489e9428b53d8a0d5e4c0b3408506e2ae

SHA256
f954066f1cfdeba82c60c43df318021d57e13d4b2440bb90bf1008b0ef10472e

SHA512
4e59d5a4c06f6ca65af8081dfb6795dda7c26004bcbca97d2029c7b52574f7d05ee71f07dd91c9cd5ea1503e4d128a0ae8a83707780b53f9123c9e1613d4e511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
aab92c82b915d4e36598caf538f3f15f

SHA1
6c7ff87d1275399ba4354268af848a72f941fd96

SHA256
dba1ef9210a46e77e3258241d396ecea80d5fc1f0d3052c21c5e37708a7ccb89

SHA512
7d58cf72c38bb9a31a65a91bd64816de63a26b88f87d7e9594effd413842ca4c10b96f0c758408cd3916402ff2ab48ff28ebfc3afe8135cd9952ea07a7bdce00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
221076bbd2a4b4d00f4a5286c6d59fca

SHA1
cd93f9b9dd44c02645b37f54524e2043cd56a866

SHA256
19e1e0f70ae38c71a6496c5064a7ee28eee2336f36bafc7e7ebc93939242fa4b

SHA512
173c7fe8b0a87da5d097b844bda02c5696953a167fd80b465a25a6b8b52fcae41bea3184f66ce65d5c75cd9bde8ec1e33516058dcf6619c088a1483635bb52bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
668349560a0c096abbb8988be4d07b02

SHA1
80e9f84af4c7026794adfe2b93b407c0387444cc

SHA256
8af3b4e0743781316409c2fadbc6e33e9124e06066db7c044a5974654731fdd8

SHA512
bde683eb4d94516b94ef155e18db28a4a55ec3c74c0af7697d897fc15f52759f782844756fec59e24cba0d1eddb796e844ba54db95057d31df89c8b927ad7043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2744057f56deadd8b3fff4c5ee9368e3

SHA1
46f954cd983725f64677fd7dd6629af94b1ccc8e

SHA256
99b51dec45f347392cf499723fa607f263e33e86f2534786896e3e6f1329d734

SHA512
38af63b5be7d561448cdfe986c43a444ece150c1e895798d1433389b9ba97851055e8b4ffe7281c6aa6cde7af1bd507e6875f5b7346b5693c90deb310a2f3822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2c791a9a7c2c44e2463d5bd19927967d

SHA1
e6bfc4cdc6a0c880a4ec673a0c50a427db4b9e95

SHA256
f3d9d5fe195f8dac794f6a35f1628cd39970933fa702c2ed7c98cc917b530807

SHA512
b5d4884745d06b1b4a2f822037b5edaedb61525da063921fc4e6cecf7b62626ee8d95b681ee440a4fff79bb243acced437c7867d57f28e347cc9ae3ffc83cfa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
cfea88333b8d5e88d764869da41b1c64

SHA1
269933356268124890e12e6e6fc2408ac9dffc35

SHA256
60b149a4be6b2e8a7413398d589c5000df711eadb64144944f67ca57f8fd2930

SHA512
79b0c0da0f2ec095e8ca9d88fa30e22f69a134b9cbb8e77a0d8427b159691e5aac8ecc9dca2edcb03e6b67f40b63dda60b808f84098661a17761f283efd18ae7

Download Submit