hxxps://www[.]galienfoundation[.]org/e3t/Cto/DL+113/cFSnN04/VX8Vcj6YG9gKW4lglhD8N8z80W3wqskQ59B6RsW4zFKvD3CFCrH122

Analysis

max time kernel
150s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.galienfoundation.org/e3t/Cto/DL+113/cFSnN04/VX8Vcj6YG9gKW4lglhD8N8z80W3wqskQ59B6RsW4zFKvD3CFCrH122

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527832920328146"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
1908	chrome.exe
1908	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 1844	3448	chrome.exe	83
PID 3448 wrote to memory of 1844	3448	chrome.exe	83
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 3948	3448	chrome.exe	85
PID 3448 wrote to memory of 4400	3448	chrome.exe	86
PID 3448 wrote to memory of 4400	3448	chrome.exe	86
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87
PID 3448 wrote to memory of 2272	3448	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.galienfoundation.org/e3t/Cto/DL+113/cFSnN04/VX8Vcj6YG9gKW4lglhD8N8z80W3wqskQ59B6RsW4zFKvD3CFCrH122
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0e699758,0x7ffb0e699768,0x7ffb0e699778
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1896,i,8412443873103846883,13658512901346249991,131072 /prefetch:2
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1896,i,8412443873103846883,13658512901346249991,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1896,i,8412443873103846883,13658512901346249991,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1896,i,8412443873103846883,13658512901346249991,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1896,i,8412443873103846883,13658512901346249991,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 --field-trial-handle=1896,i,8412443873103846883,13658512901346249991,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1896,i,8412443873103846883,13658512901346249991,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1636 --field-trial-handle=1896,i,8412443873103846883,13658512901346249991,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4948 --field-trial-handle=1896,i,8412443873103846883,13658512901346249991,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1044 --field-trial-handle=1896,i,8412443873103846883,13658512901346249991,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6046587a-3419-4de9-a5d1-9590a65b29f4.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
911B

MD5
a013624464e15716f370b47a8923966f

SHA1
66edea4c6159552dda997bf7e866b37af9c410ed

SHA256
9d625e24452000f9cf1e8eb32fc790b151d7be82484fa2a5059991e714499a9f

SHA512
7024e5a384fc832e13d84ebd81c7c09371520b6cb6640228940f1201e0a71d76a9b0dfe7ac5034ac45601463ea7cd31390ee483ac837049d3d4227fe862c196a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
700B

MD5
c8e27eb1dd1d2b469fbf50ac14cb3a6b

SHA1
4e50bf3da39878f80669aeac8dd932f44aab456d

SHA256
bd4fdf976255eacd2a3ddded907fa51b8dec526073e3720116481740b7edb4b1

SHA512
fc21e2e32489b988ac6b71d17fd9e362c78b9ce4f2ab886cce0c3fe79d23211ad4d93ba3567c8cdf61a0736ce14d8bedb25737640f1a38dc418adddf38d2169f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
700B

MD5
4c164205efb42f6139dc35abdd8b5b49

SHA1
f687edbcf57b90abd83db51526585fbf623d54dc

SHA256
fd0d18eb3574cf05319acb621d569a97bd066090af272e2cdc76d0c84c76f523

SHA512
292333fe856fadbe963d619a7cd7a3ddbdbd2a556b546aabf41c04dde3ac1421686f5f66bef0e428f83e3827a9617fad2bcbec9c1f9c0d0af06163f131982b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
700B

MD5
8b78cbfdde0c18cf28105a4d7146188a

SHA1
afc8d5eb0aa700995d7015893a155eed98d4da3e

SHA256
01cdeed5e31cb0d4744e049e86276b691c8f83118494ea1d0961ba284a005240

SHA512
eb04b5d8aa3666c864f34a185b676f024a240a2ccf7e1e5be916e293b061303bbfab4a710bd04fde01d833f72be3a31af796b35b68a9d899b4ab4ebc7f1e4259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
700B

MD5
872450c6fe33318ae9c0fa1d666859c4

SHA1
b57caa38eb9b42969120a0a60e0c2dd27162387d

SHA256
d4bd595e84573f495a9fb05d59cb3a3b70553d2270f898ffc25809d9456b0fd8

SHA512
94c54c65e1dd02a199d04349cfd84c13236717387acafd83a574a50b9a72ca2431fb6acdf50a5ed93937a61a90b7a07971ea2fe2b0094e0ca016e08a33ce4310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4aa6224fb5f88f4a91abf6b7ace710b4

SHA1
c9d2c2432f230883d0abf07a62c2d93e616d221b

SHA256
8f9c70dbd347c9b9d87acaecbc43782d93742881feeda02f27a4be7dd2c65179

SHA512
972b61869929e31f1fb1b9b204114bef444b78ae9d7e700a50fa4352f562a8af1dc8c6d82371e9f204e7da58880781587adf0dda290926e5787464663a2beb31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8f056a3fe180cf0c0be3a123e3283525

SHA1
111213e244dc7abff9db966eaf7b8b8186dab05d

SHA256
d303886134d2a702022922bc5bbbdb027fa66d9f72c263b319e371548c0a74f2

SHA512
e20432f3419af52158ba4be2aac57d7f8b3353308c8f6739303728f94b04e292d1a20a220072f24c73c9b2f956f469228d2406058734680d28d75a92d02e2782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8ed21afdbf8b8b0cc6b81f87f06699b6

SHA1
8434c3e23a12aa859877193f158349c8fc198c37

SHA256
2747822a217a8a36d9da9054fa35242f077eecec98fd9fbaa1d38641dc94dae5

SHA512
37878c725b9101c9c71819e89a748906359abe54113c8a7f0b6560098edc6940c168366b4b0f07ee41046ff0365ee90de37b42c1331de29478ed388ec55fb215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3eb8ad3f809836735838e751047ee85f

SHA1
85d37e98a7d85992769d046104e8c120b2cfec04

SHA256
0cfbb7f742151ed515a397d9fc4bc55470ae863dc08ba5bf9a6bacd411be52bd

SHA512
b552fa1a23d81d490c5510f75c66dcd1edb9788ce533361f21b2e05b6a163c9ed288a599caf7af05ece472cc27c0d485bd6c7d5c01ef7c86640c2e0908121058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
9d220374c1d04a7c1a35af3850335e15

SHA1
d0c123f2d4ea2b33051f87a652321516a09d8df9

SHA256
49c0bc9d4441fc05623dcb6c7edaf8116ce45bb7ed96e86a15c539c41b4b4a08

SHA512
67fc1973642eb4c56a0c32b817bf03643232d3cb212c8558a9305e972c44383903660153609a8d36c0d52f00ba32aa4e4f68cd48e3d04c4764f1286cffb0cef0

Download Submit