hxxps://forms[.]monday[.]com/forms/d70be86c654076baa0494d4d49c651fa?r=use1

Analysis

max time kernel
301s
max time network
308s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 13:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://forms.monday.com/forms/d70be86c654076baa0494d4d49c651fa?r=use1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133507507692878167"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1168	1692	chrome.exe	86
PID 1692 wrote to memory of 1168	1692	chrome.exe	86
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1012	1692	chrome.exe	89
PID 1692 wrote to memory of 1752	1692	chrome.exe	90
PID 1692 wrote to memory of 1752	1692	chrome.exe	90
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91
PID 1692 wrote to memory of 2188	1692	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://forms.monday.com/forms/d70be86c654076baa0494d4d49c651fa?r=use1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5a829758,0x7ffb5a829768,0x7ffb5a829778
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1888,i,15239215895036132814,9068092158722198066,131072 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1888,i,15239215895036132814,9068092158722198066,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1888,i,15239215895036132814,9068092158722198066,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1888,i,15239215895036132814,9068092158722198066,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1888,i,15239215895036132814,9068092158722198066,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1888,i,15239215895036132814,9068092158722198066,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1888,i,15239215895036132814,9068092158722198066,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 --field-trial-handle=1888,i,15239215895036132814,9068092158722198066,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\79e77b8a-c277-4efb-aff7-9c2872de8a81.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
a9c3eb2fa2260c80851b9a38f795147a

SHA1
c838c9f861e75a9a789563bcb1bd34ec1dfd47bb

SHA256
35a0cfd14f45014e0763ef8e96439dbb190e1d912856784a9aff010073ae727a

SHA512
1f0c1c8102a9b4626bdf5ce201711d1bcb65f4f65e842917c4e70545aca584b09d042ec114c5ee59620ae5fdbfaf423948a62de7bb31128a5eb4762b96471cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1f71c76a07fd716180f93f67365a870e

SHA1
98d71098ba204dd592a829c73fb1a1d6df034d1c

SHA256
d2589c94508c184caf259ad284ca28483c068c62f2088d6b97e89296c8909b0f

SHA512
5eefc5a3a966e2eaf7c8e98afeab23de3e9be248b503f3265dcffdac182388462428dc73a2903472005a3a3b5bc75cad4a9c12a4a375ef3bc22b74c8c2c05758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ef5d0bc75f4fe00b4a84dfadc391ba09

SHA1
f57cc6db311ed4972895116ddb7508d3002e8633

SHA256
ca8c7687eb0b0da1213f663ab17701fe05a1110f5472f0000d5d4eb7d807164e

SHA512
3507b4c0e73927c5907564e96c179ccf58982e2ed2f2e6bb5fd1f64b975001a65415b02d88e3c3a040b1421f2c9a005ada10743cd30a78dda687a47089ad4339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dc08789fdd75fe55d69e121431e3ca12

SHA1
0086a780a1b90844982b47a4e64bb35a4fb6f738

SHA256
da1a74ba6a1e3e125de0ea010548b23526e4025378851c641c05436c505d7dd9

SHA512
91386af5d9991a16e950ea9a0fcc0fb43995999f6c725606b84794033a7d19e26dfeed62ed3dbf634a56fcc210be0787de60a5f899dced98000709aa6220a611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
398853e68c97341d64e6ff93b085446b

SHA1
0bcc357e72249e2e687d491ac4df6a3451c9fd4b

SHA256
1e7e65765c6499d92b865f9840996b7717552a39fb0394c69c094a5786f27d9c

SHA512
b04394e6201b12a100680af737ae4805f5669e713e7e7256704821bddb229ea3d0cf0242d3b22d33bb18dfbdc4d6bad045911a9cdd29ebfed5b399fbfd718fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c560bd00-7c3f-491f-a8f6-1fa1b37b74d9.tmp

Filesize
2KB

MD5
ad7c8dc206d7a6227a3c9297fdc357c9

SHA1
a84602efdf007fb18fb5d56b3b4326c5ddfb44c9

SHA256
2c708818adcfd533e5feba1a67b5c6692e2030e96b9c9cfd3ffc9884c8fcfbf9

SHA512
d78b6899cf02d5cbd27837175fb44294ff3da81b4e2b1a73dfc0dd16189c13e5a9eb46a000ec528b031f8614153ddcadea27d7331446098854f53664c6a972cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cb973450e6b256771b929754612577dd

SHA1
a95ef14f59cd3836083649012a617ad15fb0fdd6

SHA256
0318a1cc8c3c455c3af5dc2f00c8c62a1280ede9d2d5a7582fb6d255ca465200

SHA512
c7c3f8e21da3fb2410a4231e8ecbb9009233616c4c15e45471c89aea749de70b184cb0ea847f1a2316e4b010cc4cf6eacbce541c2ef680912c5a7477d78f62c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b17d891587c7eac6e986c3acb7f8f0ac

SHA1
868f32a9d63040f4b844b097e43da9d8646b7ed7

SHA256
4bfae47a71b3909c4d501766b217fb6350ca447c7acb63b73e3e954e568cd16c

SHA512
067823191dbaa1040f9868b7973917a8bf8490d24047e968bff9d8f687aebab9566df0073b0e1fd3f5d66bdccb1ed23b64557bccda83c8e52df27e7ee8564ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9f6fc89d653f0991e26eb515cde4a54a

SHA1
237ef94c83278d7e1d75df22c1d064eacddc2feb

SHA256
0683530e9bb862ee83b647e185c0b7ce0b1c9f77db79ff10d29a16c5d2d79899

SHA512
8a2b2b956456e8459af2afd54f773da8b0a0f1b2cd5c50384c0e0f06c9ff45e502e0bdebdc74ffbecbd36b43802c415a8558f8ae37fb1c0a53a1924e7d7a272e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d6616e7d6a6bd70158bc6fab7819bb91

SHA1
50ef9cf2bda79ab9b12019b4f7fceff2f3faa85f

SHA256
9cb87671211b2f9a2aed6300c71b56d26ea008f14c69aa8588180e1db751a894

SHA512
ff69adb300b85fdbe82629085c94eaa9641421dea7116e5540e0f3fb651e5fc9344203b94e252814ef5461acf43a85ddfd889db3f99feb7c5a201ad65bc9d8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
840cd6454183692f660e79cb166ad7ef

SHA1
5d21abebd810594ea670c645c65744911093a373

SHA256
3a8eca955f9bc43b71ef78921a8ec42ac43ac55c29d925518a7824ec3a06ad1f

SHA512
cea35d61b7562cbb82ceec38402320309afe4fa46a91b0fa24e0653bd44a3db285f0b4c1b09b25f8f248f3c22b303378b631d13af14628dd936eecfa647576ff

Download Submit