hxxps://app[.]creatoriq[.]com/login[.]php?activationToken=yItIhNJ-zji8e5j-6M8z

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.creatoriq.com/login.php?activationToken=yItIhNJ-zji8e5j-6M8z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633181980012283"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{9D77D362-5537-4253-AD63-0F37B86EB6C9}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
5640	chrome.exe
5640	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 1884	4548	chrome.exe	89
PID 4548 wrote to memory of 1884	4548	chrome.exe	89
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 540	4548	chrome.exe	90
PID 4548 wrote to memory of 3904	4548	chrome.exe	91
PID 4548 wrote to memory of 3904	4548	chrome.exe	91
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92
PID 4548 wrote to memory of 4036	4548	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.creatoriq.com/login.php?activationToken=yItIhNJ-zji8e5j-6M8z
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd330ab58,0x7ffcd330ab68,0x7ffcd330ab78
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:2
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4384 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4216 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3172 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4976 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1892,i,12141458416907574060,17780298636717316431,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5640

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3988,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4300 /prefetch:8
1⤵
PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
5628aa3ce8dd1b4008d70aa8c86504e4

SHA1
0be106f1cec86a4a6aae18a0a05f612378a11761

SHA256
1a484bd48008736e85b4877231ebeb5861db346a6f112310f7c6dee712938cdc

SHA512
d8f19750e2b050941f2fa7777f42e3dbb76b57cb0186c5b360641d62b33c5d22953d9ef387c0797564d64ec5aed21137076e9b4048ddd787fc032d208ac449b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
351db9256e1ecd3541f6c8a9a130ca92

SHA1
877ee03e54ddb10f9ee931df3f023c5d0b732ba2

SHA256
d762fa515c73cb8a47b01305cdb674194aa6ddec9f63035cf21c93903ea4c013

SHA512
4a278f10c704478e2de623252928d7afc493d84e95567d56434b93a7598ab703c4e4bcd3f191b63070957b9aaf041009e5456e4cab647e0e4986d39632dffc36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e2116d973fc5e5bf2a4e8d7a6f8be11d

SHA1
26cad8d613c1e6f47c17ca305797be8aa9b3cc64

SHA256
899aa79cdeb94f17e19de60ac0a656d3f579ed90fb81e5dfa8c7346cfce71481

SHA512
7e7c9a00686d20a215a75ff1b604c378212e1f640fad42b12d3753c7c148f5c22c0186a7c04932baa658d865ad40f91cedba534d827c3060f17e1d10b88b17be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
455816158e0e502b23abae4c7e2a71ac

SHA1
79c71a7f9ab0011b3b841531806c36a4efcc147a

SHA256
f70ce6dc69a5ea6bdda48fc76a9f80f5182db73de12b9092544256d6994bc037

SHA512
09452acac87debb3c2ba5d39c949543ea91bb2d80aab65317eb58d38cc06e39ccd4f773b83a49d6af094e7ba195cb372e8e750a0552c2010a282ff64436a56c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
396b8d979951bca496e56b4c79792a6f

SHA1
661880c15b44b647dc1678898417b1e32c50cc30

SHA256
03b75df8bb2ce28d98fa26ba34a2325a48ba8138617be0ce4e8d1dce255379e0

SHA512
72c08dfcc41c67aaf6cc19cbae3b4d9340a94e74764eaad05236af56fe28deb8958e61cc5bae957dbd93e60e0627f5ae3dd37e2e0e8951286b3f68ceee0c5b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d4fcd5bba43cd5246636a88a9acf3d79

SHA1
94656daf301f9f0f3ff57078411623c524c70ade

SHA256
027d1c3e984838fb47656a0bf2c35523f4e967a35eafbe8a78b23ae3fd0f6b2d

SHA512
15964e1bad6cc24b97403c42f459369b22fdcabf92898ed3d045e20d1a24e4eb888a1912eb5e9d0f3bd46127195bab09eaaa846645c342828c161eb3a41a1e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
0c8a692e0d05ad7415b0751154d854ba

SHA1
71dd11f66bbeafd4e653ff892c82ac6eb7842a59

SHA256
c470f8e2f70dbde8900d9a6cd202a2de43ef2006601a13ccd8121a802290fafd

SHA512
3884568e8f8fe6f7b38e272618bf467ead53f1403a7d8085307860ae321f2ed3cc52ca08086ba823e7e887953d9cdf7f855863dccbfd608e3744b27175691837

Download Submit