5e0ef440817d96bb71f7da4674c82fd9bc8d69a3ba939c0cf0f7f2b7b2318fd7

Resubmissions

17-09-2024 09:31

240917-lg1xcswbqm 10

17-09-2024 09:29

17-09-2024 09:29

17-09-2024 09:29

03-05-2024 08:53

03-05-2024 08:52

Analysis

max time kernel
53s
max time network
40s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
03-05-2024 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a7ae322269fde1d1745b0dd5b7c5a47dec8ca798435cdc65c78bb9ddbaca925.exe
Size

240KB
MD5

c1397ef661ba5945c1dbc46131239389
SHA1

8196513366bc7ee3d95c86b66c47d57a7edfa89a
SHA256

6a7ae322269fde1d1745b0dd5b7c5a47dec8ca798435cdc65c78bb9ddbaca925
SHA512

647741b38c2096ca16c020533e8a41e9a9a9df86887072117bb4a5a4940624e065e56a64fdf1392c0c2e3995b68f5ab3d3982613d6b7965e802bf694f5b3006f
SSDEEP

3072:uc6XydFjCuZm9GY4qzXbUaFLC8dU78aaKOdemqHWosPY5SUgmwhiAbWO2qUugr:E9TvUMPUXL8osPugmwhi4d3U

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3452	3580	WerFault.exe	79

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592000511167874"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1200	chrome.exe
1200	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 1856	1200	chrome.exe	87
PID 1200 wrote to memory of 1856	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 404	1200	chrome.exe	88
PID 1200 wrote to memory of 4168	1200	chrome.exe	89
PID 1200 wrote to memory of 4168	1200	chrome.exe	89
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90
PID 1200 wrote to memory of 2856	1200	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\6a7ae322269fde1d1745b0dd5b7c5a47dec8ca798435cdc65c78bb9ddbaca925.exe
"C:\Users\Admin\AppData\Local\Temp\6a7ae322269fde1d1745b0dd5b7c5a47dec8ca798435cdc65c78bb9ddbaca925.exe"
1⤵
PID:3580
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 8
  2⤵
  - Program crash
  PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3580 -ip 3580
1⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9106cc40,0x7ffc9106cc4c,0x7ffc9106cc58
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4372,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4904,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3468,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,11328873251659724980,11587717661720411425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:4328

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e9b30257c675a246bb7e0387df3c66f7

SHA1
e9b69829a92ac211706ffb2d31840755dc819a80

SHA256
3392f88074e1ca11b84ce51dd8bc18ea74782ef81babf424e5fd8af6e8fd5c3a

SHA512
0420a5a2dbc51a1539f887cc15835187daec4352d678f6c7b04de688bd828a92a8bb957faabdb5142a1602a0bffc7b2bab68fe7abdd572805047b79223455aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
241edd0c89418fc621627ce28eef8443

SHA1
78ab6928b721b7a0fd02e6d07fa5472e7cb73b60

SHA256
900f3c66ff7114c907044ff3d0514ee1d572a40a8c14e2b2f170d479d20b5afb

SHA512
f57e1e4aa236a001eb3f7191d6a67843208aa4c05ab96031a73dce4c16e9a3c77a5cac409b51395a30c08e0e30c99bb635cfa26ac1ad5c22439fe436d21e22a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d069f2e4a4167e86ffb8be59657619f3

SHA1
ea7c3a918e94c9139e0251f110c2728568b51fa8

SHA256
2aa336f6096b29e3c0d5e7a674514f10f642852960813a6a441265816cf7a793

SHA512
627697f007b6b221a0a41eb640438a99b66121e30d41cdfc6d4e698cceb79c333319680e17e69f5ee693b9b584d316badc458cb1d7fa733f2aabac343d9dd164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a483efd555e3c7dad6a04d42e07cd5b5

SHA1
ca832985a781978e3f33cbee3e2105e6bafbea56

SHA256
399390356bd80ba32a5fbdf7f04dccd88f702b9cb1c27b1b3d1da5bb8f6e8c5c

SHA512
e7c2324284b09bab4b0d0abdb70182fbee344cd413e79e59e9a08266542842f0671f4c6e1315109e699863cc3d506e1446f924328920761935910ee9eb6be8e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d96286f419a1b84834eea5da65079863

SHA1
0239277adbd81237dc4423239a309c6abc0db9bf

SHA256
24004e75ed8898ffb960ba9ae196d0a25eeecf671f92b679b09b01af02e7cd94

SHA512
b0764bf0dcc78ca84ac2a84996f085c38f0a721e2957cccfa0d33045efc01b7adab513d8383ceb271bd4cd1c623ef4524faffea5921be018d4b21a314611974c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f9ab0023-35f6-42ea-bdbc-21e7fceab959.tmp

Filesize
15KB

MD5
1b033c3db4ec444bd332c4b73b9ed17c

SHA1
13950ce08bf49ec7310ad46a9bbffc2c7298c5e3

SHA256
38a4cccc23062c369f6ec2556504fe1ca52f237dc2ca8875f18a527b6c38e34b

SHA512
480db98e3b8709b8758b43808abae202c08c200fbbd7a760bcec9f367de8da339c1b4cb07ef927d14a4c48a8631846cd7983c7b391b59c80f1adf013f0a4c398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
b08bda1752f2c210510de4b913e795da

SHA1
dd0e6a75387840b8881754e0ac0f7e90b24d9c31

SHA256
e5273dc8656f54c3751c130b2a69fd5477d029dd48d56a896df0a545b69fc030

SHA512
083a281536aa220bd218a8b8f4bf675e4c68ec12338ac2df8e46606bfd10c0d7e68e09fefcc22bd93b4de03ca946d3196e89f0ccfccd77101ab756e68f2d16d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
ad823a379d3bad4682c9cb528bb123d3

SHA1
b6db64c76d904d4ba7b2055223747523f7841ca4

SHA256
caf5be78bc67bdd41bc372df85f5799ea72605763763f04c480fb43d2b02c977

SHA512
05cff09abf000ba439221f39568ee7189710c33ef3949b0a97f08c8cb96138dc7b7f2924f82e6106f2f794b3da390d47e148c3e0edf423d0835d640129def1a0

Download Submit