hxxps://2fa[.]com-token-auth[.]com/XVEZWak5IRjBPV1JpU3pkd2VXWTBUbk0yVEZwQlJVTkxXSFJTVERFeFVtaExjMEprTDI1U1JXMURXRVUwUkN0eVIybElSVkZUWjFOTk5rRmlkMVo1TDJwT01UUk1jVlo1UkdKMWNXVmxNM3BqVkdObE1VaFRSR3BWUTNOd1dXTXhjbEJIZW14YU9XaEdWbVJySzBRckswaEhTMUJRVjFWM1RuUXhSR1phWWtwQ05UaHlNV1l6YTAxTlpGQmxiVWhyWkZweWNWRnRPVnBGYlVkaVlUWXJRV3B4Tld0UVdrdFJOVmxXVkhRNGNsVjBkVUo1U200eWVIRnBMemM0UkRCakxTMTNUekIxUTBrNGVXSjZUa1pXUVdkVWExTmxkRTkzUFQwPS0tODcwZWE4MjMyZTdmMWVjNjA4NWVlMTMxYTAxNzBiMjQ4MjgxYzBjMw==?cid=1887248764

Resubmissions

14-03-2024 00:06

240314-ad7pysde41 1

14-03-2024 00:05

240314-adlsgsdd9z 1

13-03-2024 23:59

240313-31vywsdc7t 1

Analysis

max time kernel
600s
max time network
600s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2024 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://2fa.com-token-auth.com/XVEZWak5IRjBPV1JpU3pkd2VXWTBUbk0yVEZwQlJVTkxXSFJTVERFeFVtaExjMEprTDI1U1JXMURXRVUwUkN0eVIybElSVkZUWjFOTk5rRmlkMVo1TDJwT01UUk1jVlo1UkdKMWNXVmxNM3BqVkdObE1VaFRSR3BWUTNOd1dXTXhjbEJIZW14YU9XaEdWbVJySzBRckswaEhTMUJRVjFWM1RuUXhSR1phWWtwQ05UaHlNV1l6YTAxTlpGQmxiVWhyWkZweWNWRnRPVnBGYlVkaVlUWXJRV3B4Tld0UVdrdFJOVmxXVkhRNGNsVjBkVUo1U200eWVIRnBMemM0UkRCakxTMTNUekIxUTBrNGVXSjZUa1pXUVdkVWExTmxkRTkzUFQwPS0tODcwZWE4MjMyZTdmMWVjNjA4NWVlMTMxYTAxNzBiMjQ4MjgxYzBjMw==?cid=1887248764

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548543228775432"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1740	chrome.exe
1740	chrome.exe
2952	chrome.exe
2952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2936	1740	chrome.exe	84
PID 1740 wrote to memory of 2936	1740	chrome.exe	84
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 1648	1740	chrome.exe	86
PID 1740 wrote to memory of 4024	1740	chrome.exe	87
PID 1740 wrote to memory of 4024	1740	chrome.exe	87
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88
PID 1740 wrote to memory of 788	1740	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://2fa.com-token-auth.com/XVEZWak5IRjBPV1JpU3pkd2VXWTBUbk0yVEZwQlJVTkxXSFJTVERFeFVtaExjMEprTDI1U1JXMURXRVUwUkN0eVIybElSVkZUWjFOTk5rRmlkMVo1TDJwT01UUk1jVlo1UkdKMWNXVmxNM3BqVkdObE1VaFRSR3BWUTNOd1dXTXhjbEJIZW14YU9XaEdWbVJySzBRckswaEhTMUJRVjFWM1RuUXhSR1phWWtwQ05UaHlNV1l6YTAxTlpGQmxiVWhyWkZweWNWRnRPVnBGYlVkaVlUWXJRV3B4Tld0UVdrdFJOVmxXVkhRNGNsVjBkVUo1U200eWVIRnBMemM0UkRCakxTMTNUekIxUTBrNGVXSjZUa1pXUVdkVWExTmxkRTkzUFQwPS0tODcwZWE4MjMyZTdmMWVjNjA4NWVlMTMxYTAxNzBiMjQ4MjgxYzBjMw==?cid=1887248764
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7149758,0x7ffcc7149768,0x7ffcc7149778
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1884,i,156567398874886321,16335313217453736496,131072 /prefetch:2
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1884,i,156567398874886321,16335313217453736496,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1884,i,156567398874886321,16335313217453736496,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2784 --field-trial-handle=1884,i,156567398874886321,16335313217453736496,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2792 --field-trial-handle=1884,i,156567398874886321,16335313217453736496,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1884,i,156567398874886321,16335313217453736496,131072 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 --field-trial-handle=1884,i,156567398874886321,16335313217453736496,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4528 --field-trial-handle=1884,i,156567398874886321,16335313217453736496,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5508 --field-trial-handle=1884,i,156567398874886321,16335313217453736496,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
fb0197df38455c7bc285e39ca6663a02

SHA1
4f20cb7deaf08be976a4db114fa7a28248689410

SHA256
6dfe1ea17d55dc925d9736cbf0345e2a6095b9d1ee3ce909ed990fd39eabdef2

SHA512
efc7b1291370aa5746c81495333c2f0e5f470a58bdca2d0e7a5ecec1837e3687141ded4542f805b02ff03a68a5802fb354651cf83d581005896f4d4de4cde02d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
00795b30ffc0d12013d11064f0ced60a

SHA1
706ece9b3164d632a9c8c1ddda35151c36efe0b7

SHA256
2d583f133d4bf9a688922e9634a288373f83686ecbd761a34883b5a82ebafae4

SHA512
4f7aeb6b7f88dd25949bac4e797855f9794c5fb9705aebfd78d987b0caad51c67463ed3655de75d3acf09ea012e96fc6f89eaa5d63ec6c5da519b18d72b4eafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
048d74e8f18cb093833804dad0924336

SHA1
e6f3bddea32ea242dc9fc236a043a514def67141

SHA256
a0bf6cc1801a04212eb0c01754182e8047a43b6d2f86449790c560d028fec7bb

SHA512
eebbb0e90b104c88ca64b838355c65c5fa0c63bd974154e2bb3de369b73ce298a47df785ba0b8d2e302530564268851f50a78105e7be2092dd9f1dfe04182531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
53d69c66abda2021b3fc9fd89520bae1

SHA1
87657fd4f45669702ac27cc096f9a2a29cd31e50

SHA256
a5768a5ffa0c2bfda6d053acd2181a4f2dd44aa1426531490b61976ac92dc83b

SHA512
47e80f99f85edb17e0ee7592a24c187570465551e35eb9e3ab0828ef0688c9b83625ee4a5a728d4b53c90c098dbcff5fc016bc01529e5e77b517038174db134c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6fbd21133ec9c0bd313773ae8e3cd1a6

SHA1
24b0645aac2dc9118a38d3517ada3a621bebfca5

SHA256
f6b6e7068aa30ccd1e8df37e9e8fa6107ef24e2b9a30acfc01c85c6dd80eebc6

SHA512
e05f2671b577c27a0f2abf32c779cc17328a91b7e4da1349aca14b23ed97e777ebdcbb9eaddfcdf68c61b359bf7d3fe55bf842ee6e01c54f620612913cf7c31c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
3b0e8e80e46cfc1b0cf5eb18d32a3f3e

SHA1
037fca82438a725412a7913d606fd3ea924e48d9

SHA256
b09d0a60a760a3a244a01c9e154d0ca2bd94dd55ba7a20510b7dd0ba98cc6783

SHA512
74b70758893edf9f521b891794283da5b37f29b047e81cdfb5631c4a1a53ed7193ec164d7c2620834313ce625ba06d3be755702bca0b075508b5e0c2c90bfbbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit