hxxps://bonzi[.]link/

Resubmissions

07-08-2024 19:14

240807-xx3xfasdrp 8

07-08-2024 18:25

07-08-2024 18:25

07-08-2024 18:24

20-03-2024 22:51

13-03-2024 21:01

13-03-2024 20:38

Analysis

max time kernel
1800s
max time network
1776s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
13-03-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bonzi.link/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133550593307716060"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
2576	chrome.exe
2576	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 1252	1640	chrome.exe	81
PID 1640 wrote to memory of 1252	1640	chrome.exe	81
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4792	1640	chrome.exe	83
PID 1640 wrote to memory of 4160	1640	chrome.exe	84
PID 1640 wrote to memory of 4160	1640	chrome.exe	84
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85
PID 1640 wrote to memory of 1964	1640	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bonzi.link/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb675f9758,0x7ffb675f9768,0x7ffb675f9778
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4940 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4948 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4504 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3176 --field-trial-handle=1812,i,8019724924533045909,2672650170495900559,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
62KB

MD5
98a8a5d471fe111c573e93bf61d14b6c

SHA1
75a0d1a33fdb53af8ff78560e6a716fdc37b539d

SHA256
a3e0a65923306d126ffe4f9ca8b2288dbad7a02e8b8efb8c3a4ef8351889f9b7

SHA512
100cfaa619b5136ec83ac82c9a2333216716581ea7bbd934a964fa03fb9d92e695eeeb8e6425a3cc86348b654e15050aa1faccab7189fc4ce7e66bc9bf488c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
19KB

MD5
037865f94e085aba3abf47159d9948c9

SHA1
51300f00869298f8a77849ed9ec69f2b650060c3

SHA256
7bc12844fd43f6d2d242e327605b734f3226e4e4d0dde20a372304cf573ade7c

SHA512
cb356b4a6bcb3b93be7dc31ee5b1f9d2b914a6ccd0ddde0db3261b673218fe10f875d1d8c4c23dad1ed98da7edb9df159952e1ec7aef872d343919c17c2ef4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
1a8e16c55331ec7800f0661f11e3385a

SHA1
d1df98a7f5363d98c9013b3e13c06efcd52d2aee

SHA256
4a4bf2835f7d03b111717f2739807c5c5f2de5ded55fa43e86986cef8845f9f9

SHA512
23b3025e63f43550f02b753157e6cd2a1106dc3203a59eafe44665b8dd294242348efcbed43087f8fe4221f7f2eabd91af862fe3b5e4ff9efdc2f99f7aea6e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ed5e88ce61a7f0876fc27a1b1d3ff94a

SHA1
6c53f249b5bfac4d51f55f292a124dae47e9aa96

SHA256
104d2ad0c0232b26fb8cc4811fe1576e7ae501e103e8bd02c8b54b481fed218b

SHA512
1f6a83bbedc85079b6d5492af8e5bb7968460771d50bc26583e01c0d3c9865d4232a96871fcb1b082a51428bd7815922f02c298423fd5b9400d35dfbe9f652da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e06bec81a7ae98503151c01940eb4e19

SHA1
2dd325bc89ce28aedf69634049f298722cee3507

SHA256
070023bc0a65ca27f2310264353fa841372850056eaec9a287eed424596efc49

SHA512
2a9e60f488b547b36633b7f851f1f6bf1ea9fff48368476e36c46992fcc8c7c8a0cfe355583bf3419f5b94029f7c89d324f607d79fa77801c2edde69088053de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e7c4e03dbc9b7b8030000b9f2c3577b

SHA1
532817ce42ff6da8475b6bcfa21f2678d22c406b

SHA256
1b7dd1fa3f5901f4446bd261c13793e46205bde0b80a38bb35f4bd278c56497e

SHA512
7c4919d5f56cb5c33eeb0bcd08dc35d550491ea196c4b5221fabb64a274f82133f69862cb55be80140d8769aab18c7b1b4e18f1d0ffcfa82b385df4bb016818d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1924c8f210a0d47fd02e9cbd6dcf186d

SHA1
abf88efd1aa1f9c7181fb982dd59e2d2da9184f3

SHA256
f77764cbf009cd720dcf8a3912826e80e0ebf0065aa940c03129f510635451b8

SHA512
c9af70ded20a50021c4cc76d15c831625cd636c90ac28c85d193728f01ef33f15a01fa18def2392a53de236d24505b67e2fc30085cf3343467fbc5db3dee8312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
47679a0b210c02179a7801f0c6a05604

SHA1
3590e505c3d86a7e7a2896723ec4ca733b8b838a

SHA256
aefceb95dd7f1efb3916cc3737086fb8806a347cfb9468465288314127e712ab

SHA512
4ae48412db14e21840c3a4c0d09f304520d60a540ff1ac9d8b6c62a044a5f41b274e0cd0bbfe55dbda3313918e791dd8c37fbd2e8e79e91af5bded3a06b8c035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit