hxxp://info[.]otto-payments[.]de

Analysis

max time kernel
63s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2023, 05:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://info.otto-payments.de

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289546239914826"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 5072	4288	chrome.exe	84
PID 4288 wrote to memory of 5072	4288	chrome.exe	84
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3536	4288	chrome.exe	86
PID 4288 wrote to memory of 3060	4288	chrome.exe	87
PID 4288 wrote to memory of 3060	4288	chrome.exe	87
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88
PID 4288 wrote to memory of 1044	4288	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://info.otto-payments.de
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb17e9758,0x7ffeb17e9768,0x7ffeb17e9778
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:2
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4572 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5328 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5420 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5548 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5692 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5880 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1672 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5804 --field-trial-handle=1760,i,8243519965246130223,5909824648287451557,131072 /prefetch:1
  2⤵
  PID:1956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2080

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
367KB

MD5
3fb19154adaf54e332383af44e68a417

SHA1
8e6426cc7a2fe548c871c0f30559ef225dd64897

SHA256
46016de12d707e91f5c2665b4f4e1d51c521e3953c02d12d48805aa32563b8db

SHA512
2643837df95abdde32e5b2f12637d9a843a5b99057ae3cf85a5eba469639701cd477cd5cd942b34fab5368ae9b51e7ba6b9eaef1e1974975874a8d1b478333c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
30KB

MD5
b800a8c68d30d7d97756c360ca4e047a

SHA1
600224fce8b017419bdbdddcf02f3138662eb5be

SHA256
4140d5f41ea182a332259b9ce6cd76522c9e8aae4f36ada49dede38655ad224a

SHA512
816c238b9d1482afa5d2711c1da12cccbd22551e3cc39bc2ef140e9583e5459b5aa7bf930cafa12ddedfe7e6a8856aa452b6a1bb4a3c9d36d50c5b4ca889dc46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4e984d6ceb30bf74a56fca945905cea0

SHA1
e39b1d4afed200fb89ec0ba8acbd8672c54d2a35

SHA256
0f0f615adc2c8ae211cdbe0b38173c332b628da5aa45eb88f482faad5d457b69

SHA512
4ae17d4b484ee9789cc4d5243d3535bd30490309fe0e66c6b9c642d0d031ac606e1aaa0b4fe875984a1625754179d0ad2f2a90450f6ae39c1ddbdc59e8e1279e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
351ec9af0504c7aa2099d2f5a02d3fc1

SHA1
d532160707398d665b09aa026ee0b39afab4bd8c

SHA256
08fd40d8bbc5ad2e0602f43eca435b1d8c0d1f02b33eeb79968ad2ef9f374ca0

SHA512
d0f0b19093db0196d0626cd67162d583da937c98f88d9e73150cd47ee56fb3a8eeaa7140e3923d216b4a2453a310a860932c1c17260b257cb6ce9a074777eb16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
54be6ace8b3f48e8729418ef59e2c75a

SHA1
2465c3b43107eb6728d8fa743e79d43f105be0f6

SHA256
b8096117be9e8b66e59c79b582a7fd9fda22c1e623305782bde12c1099f2dc07

SHA512
aeed51e7e4243ff56e9c9f4f8b009bf301316a985f64a30bf90f71ffeb864e0203e32fd2761a8f871db03d20294b43c3defb99108baa2e08382fa10f2b31bed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
dbe7ee832cf6c65795eadd11297bf0bf

SHA1
15b2d7c604d76728a1b3d267d0db1afdd6aec16c

SHA256
199e7f6412fb79721455cf66b9f8b9658e3eae660c5f6b413bb8139ef37f5cfd

SHA512
60b9e2adefd137fa586276ae4accb3bca918ec3ab7e48f6c0bf602972f0c4440bbef84f0d35744096dc460de9abc20c1a043b5c0ed558d543d4e27f75b279b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
29686867ec7b10a01a7df7c0efdd0876

SHA1
d52e1903b533ac0b7ab9f887e47a75244dbb9a5b

SHA256
bfebfc40f4433f7f264161dee63a69d2a0e34f38bc479627573034eaac98b455

SHA512
a5afa9ce3f3d95b2cb83991e530f16d87fb40c8a27811bc44ac0b362e5ced3724c3f03167cf1d9009d51b071daf09133002078a44233cbd962c98990bab388f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
67323bf7a409e3e7850cd1e93c1a76ed

SHA1
30a29790b6ff91b3a3624acee163750208eda512

SHA256
e9dfeae70f3cd121c9ce6af478d003b700fd667900c0e7a6443d4198902493c2

SHA512
6c71128d557acfb275a3fe20054964e56ef381351b718ad94411c4fbde859207c5753825aa21ed42b8c5244608ccc2a2488f0755cf768f05ab1403c2e3c3488a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
91e1cf1aa29cd58a9c8dc21138234917

SHA1
fc91139c41fab98cf5b9f6f8f21aef262d59a75a

SHA256
4c8ef812e3d7b0e23d388565e6726c370158b8ed02de88c627fc330bc33288ab

SHA512
24c9724b6790e2e3411c0d5fb275e197b7a727713735d2c2fe3f23028ebc8286f6d059a6bfa309498a423a5e378b394e263147089fc80e0182d0c9a655b3ff46

Download Submit