b3aab3fb1ee76880e3dc6db8103c95a415d04f938c47014f7acd744d517ee319

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SFP_UI.exe
Size

86.8MB
MD5

e05f8d1c756b00b7aa7b4904229a7f2c
SHA1

0bca323e3d90517ed93b2af4600565d03c2f024c
SHA256

b3aab3fb1ee76880e3dc6db8103c95a415d04f938c47014f7acd744d517ee319
SHA512

24c819c4377feb95e095d5f94419f7988c3a80cf0cea161cd5b7a27537c2610e2cca8ab294a8c8b67d58bef7355e16e2f4e341a4ca4c9c77d4210e42f45d747a
SSDEEP

786432:2tJ7qLsEakqRRLDUp+WNPPZ0gBpB3rKA0DYUhi6:2H7qLs+qZKZ0gBp2x

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000\Control Panel\International\Geo\Nation	SFP_UI.exe

Loads dropped DLL 2 IoCs

pid	Process
456	SFP_UI.exe
456	SFP_UI.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588983961647115"	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
456	SFP_UI.exe
2532	chrome.exe
2532	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	456	SFP_UI.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 768	2532	chrome.exe	90
PID 2532 wrote to memory of 768	2532	chrome.exe	90
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4468	2532	chrome.exe	91
PID 2532 wrote to memory of 4992	2532	chrome.exe	92
PID 2532 wrote to memory of 4992	2532	chrome.exe	92
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93
PID 2532 wrote to memory of 1320	2532	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\SFP_UI.exe
"C:\Users\Admin\AppData\Local\Temp\SFP_UI.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc95b8cc40,0x7ffc95b8cc4c,0x7ffc95b8cc58
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1632,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3652,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3776,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4600,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3384,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3236,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5420,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4924,i,946473234801881102,8923589053925605713,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1680

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ce1f4b01e5e3f38898e79a9a63dc30c2

SHA1
e9248ac2d1b772cb00c20a83d7220cfab8c495c2

SHA256
5b7d12d64d9772f0c52708fc0143cf0b65e89966529017e4d00ff5e16313ab5f

SHA512
9789a44f943465ec23922310b1f5df1d01f8d424cb05a1586bd78f7ffbcb1963b7310eaf8963e449135958c1731e8c196af2898ccd6ed3a847bd67fe379572af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17a1c894cd62b11845072ed50a940d83

SHA1
297ccc903d6f04c7f552244a474a88b8dad2df71

SHA256
e9d26e37ba86b1a8a85ffc439d117449d7d193f8bb4f310cb478b891ee816631

SHA512
0e5331e6ee19487795c31a56af8da193d3a28f9c6a78c91f4133980abbeb7889f02df22598da46a268ed03c2991337a847540d40ef27b981f83cc128e5b7a216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
963eb9693d58954850d26fef2e27fad1

SHA1
32923a506736b44efbdb8e4a9293a5ca0652651c

SHA256
df343c43f6a34b410a6ce3b6f0fa804c085b8d4099d2b93cfd5591f991e81089

SHA512
d6475d278f330dfe52243aff808e8b03b20b8cc3262cc82ac4227eeb8eff934e4c867a3c714f2e7b394b79911dcd7d2adfab39942bff59cd1ba878db2cafdb20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed7db471f288113bfe5786e534f414e2

SHA1
f0fb96e88f34fe3ee34beb8255f40e3be9c1f4b6

SHA256
9de928c8e6648a9e5d8a6e52f1bd353e226f3dc677ed8b0f7f6ca463e6688928

SHA512
d7328dbd9187ebad5cbce8275b9a26b3b2393be0704ccb9589660cf6616dd70317cd41237906ca54420fa125800336edeb7705dbd497aab18185f24325942a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddde95c87e0c6b2326e44db5b6ac3916

SHA1
07d6fdfa536462b6aa8f1e87a29af682cbc8eab8

SHA256
42a4ce77c21c4aa7a936afee8c39befe60cfbc42b03867b3d8a057347b4aece6

SHA512
6702a0674e1a2b753ece1c54c5dc484cd78d5f3816510c94940da88467ea5e1808a036db889d0d99ea389ecc1b0f811a9478df7becfc117dbebe06f079a4cc6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1232cd2dacb70ef888a1973b796934a6

SHA1
6f5610b422385a70aa61ea74c9ab2a27889f7fac

SHA256
4d45d94b0352b63919bf77fca24628db43fa4c7642880f08093a59ae0723fd5b

SHA512
408227d60f7b04c93198b6b764ec95ad49f47f21f973ee814c7b19853419d7bea077b8ef2f2b40256357898d47c73e8ae9a78fd56ecb8c030b374433723b8e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99b645201cfad993a8f8459e35cd64c8

SHA1
fcc33142dfdc7e240ed37154902cffc0521f72a1

SHA256
cdb4af579865b177753e46e589e5558ee9ed9a49aaa108d77dbc96da5f98bb5f

SHA512
9ae3cf7b191e17caa9f7e00cfccd40fe3da615d9391a47b0f28b4b5ad03666f48533ad99ca7d96f066b1dab9c46670cc0da00821eb9da09205f780d23b1f7d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9bbffbb68ac8447070186814fbea4741

SHA1
8f64ff826cbd7094897227390c5fac04650e9722

SHA256
364b35949d0a840b5f8514fc0d76de69272ecd110c2a1d8ffa4c8f05700651eb

SHA512
8499257aa45a2a15da5efbebcce92f7f49d8f634390194c6618826837620e1da9fe01f764aab22ed0c048bd033d305fbf236b1b9f6310c6de2e3ad9f7b1b821a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6e8b6cb56db24d4d8cc4bcf40d59123

SHA1
932c78744e313976a3debc71f1e5b9d1b669b6df

SHA256
42214decc7f74eea4fa088d61c8ef8b1c28c04708289c26d2989e3dfaf84a10b

SHA512
f18dba209fd3db0630562df5d9c36348700740c15e52ad88bdd290eae0b9b67822747adf00487eabf4f4ec50aab984e5e3e614f41357c2c7e61dca7a613ca635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
db95f03fdb66f5c9de72f581eeec8e54

SHA1
3e584077933c1fde4553d5e9a0d0018ac5fbe2dc

SHA256
f4d4b542f9f0ad2ba53399351e447ba1c15745be0342e861e2cfe2c48df1cf95

SHA512
6cf6a86890898a240dbd21b6c4d8a2573601da0d5083e161e1077702890001387e6838f9b23d958a8cb672fe066688d5e318bef9ac7cb877da103b9d136c6ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
5683d6caa831915b92493ae829a2b1e9

SHA1
db86c69824551e9dc63000c1c8c6c1e9e0379b64

SHA256
06d74a25e05fae9ad9e0c43015c87e965b6025aad3256bf25e0dcd2cb70c98cf

SHA512
cb75485cfb25d0f72e6205dd1f334fffa7b0b1e8d12305e4a1b1b2a84d8ea107e7bc188fcaea8e316f4bdf21c17799841f3b7299896d6902ee86e47a1347dc50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ab1cfd07-4342-40c0-b1c2-fc7da7557bd8.tmp

Filesize
77KB

MD5
4ca92d3ba5183abe3d9e2719be39592f

SHA1
31d0e24d58250df132657cbf43209ea17c135a58

SHA256
a526423588bbcfff15429f682747825f30912204fc3a0559a6a74d563252d1dc

SHA512
c55312762125ab0047a11727124a27dad94bb18c39076d3b9a9ce8a2f0638fd80f86b156abdf75079a46e27ae1a54696958f2fcf50c1f7c69bf66b605c47b0ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\SFP_UI\fp6hrM47TQIiYKnD_xTIXYtRqFskzPY=\av_libglesv2.dll

Filesize
4.2MB

MD5
73d2fb4c35d323813a86e3bf5c85c345

SHA1
81f751a34e0c25bdea93902a19a94a49ce1495df

SHA256
85b3aee47c0e0eaf3a5ea5c75ba8131387a12639b6a0ef280c28531fb77695ae

SHA512
e81677cc9b99ff3d54f67000a60489603e01a896f90c4ef0c883b82e2fdb7b90d2899c078958b3f060a20373b99cb6c4deb7f64cc4c7e0ba2a708209f4684ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\SFP_UI\fp6hrM47TQIiYKnD_xTIXYtRqFskzPY=\libSkiaSharp.dll

Filesize
9.1MB

MD5
0c8068859d2a240b9faf5c51544fe666

SHA1
f8a24d7918f1151f8d10dd606c73e5cd530e30f1

SHA256
4157658aa5b75683e01953df4bd5cd1cc9ce313f4eed026d5fce31f80f4ed7ca

SHA512
53d3c4d4f2d9cf24f6c97924c4ec33865e7a7bc8aafd39b0b65515395fb6e14525da435017e6e943f9dfd00a8ef319b880b73197772fe814b06ceb32f9185fc3

Download Submit