hxxps://kx1io[.]americandiamondbd[.]com/home[.]com-zMYxYgynmGQGWWpbiGwNyqxkfJbWnPNfcfUVXerjNWfjqayDFdECjkEAbBhGpejXbHgvQXfHqXYqCFWKWKLvNjAUEbvJJVGiZgnYybYQyeWabNifJZSZ-Q2Fyb2xpbmVfQnJvb2tzQGpoYW5jb2NrLmNvbQ==

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kx1io.americandiamondbd.com/home.com-zMYxYgynmGQGWWpbiGwNyqxkfJbWnPNfcfUVXerjNWfjqayDFdECjkEAbBhGpejXbHgvQXfHqXYqCFWKWKLvNjAUEbvJJVGiZgnYybYQyeWabNifJZSZ-Q2Fyb2xpbmVfQnJvb2tzQGpoYW5jb2NrLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3280 wrote to memory of 3492	3280	chrome.exe	81
PID 3280 wrote to memory of 3492	3280	chrome.exe	81
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 3116	3280	chrome.exe	84
PID 3280 wrote to memory of 2980	3280	chrome.exe	85
PID 3280 wrote to memory of 2980	3280	chrome.exe	85
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86
PID 3280 wrote to memory of 412	3280	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://kx1io.americandiamondbd.com/home.com-zMYxYgynmGQGWWpbiGwNyqxkfJbWnPNfcfUVXerjNWfjqayDFdECjkEAbBhGpejXbHgvQXfHqXYqCFWKWKLvNjAUEbvJJVGiZgnYybYQyeWabNifJZSZ-Q2Fyb2xpbmVfQnJvb2tzQGpoYW5jb2NrLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd8d3ab58,0x7ffbd8d3ab68,0x7ffbd8d3ab78
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1616,i,15252395500948635030,18418809613610978921,131072 /prefetch:2
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1616,i,15252395500948635030,18418809613610978921,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1616,i,15252395500948635030,18418809613610978921,131072 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1616,i,15252395500948635030,18418809613610978921,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1616,i,15252395500948635030,18418809613610978921,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1616,i,15252395500948635030,18418809613610978921,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1616,i,15252395500948635030,18418809613610978921,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2416 --field-trial-handle=1616,i,15252395500948635030,18418809613610978921,131072 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1616,i,15252395500948635030,18418809613610978921,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
2a221decaeae87a5c06e8fbd8287311d

SHA1
75efb5a99ac863b4a72be82a584e7a3fb8505007

SHA256
a91602acadc1e975310b5331d64af1b1f11402a8cf11183340c7db35b6cf6464

SHA512
5ddb6aad322377ef1693512174fca21d4e2d6caf65150d5209be1802d56bf4551f7c57cb1aae988c8d40fdeedc24e08f40a251c6cab5f8e6626d905ac461f12c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
365d7157ad400c28e397262887d791bd

SHA1
16f3b4c4654ab944f92f40b717490b08b4a5b5fd

SHA256
cd6d35f7aa41a8054b967e451fd884d7a177bb6fa33b9da6db783fc8e95e4012

SHA512
c7fcf2f68d47e7f78b79af10a4f171e60692e1daef84d114feae7b042d539ddac026fc127ef4ba8ca0a6bd44212e2682561d0c29d0d8bf434927cd0971c890fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
178e731f0845176ed35f3b5a667d063b

SHA1
9d460fd3f86d42d7857c6d037f0a0cf3d65b071c

SHA256
500f5b71137b95b9a9f00b60f9a4f1d1dc25bf66e515802d857a71491c4e3bc4

SHA512
9e533ee5acb1bfbbb1e3a598b327aa140ce6af615de2a8ae225f7295db3ae2bb8ddde1d71ced9908aed2f90d0c4de0b4c3f1624d0ae1b77fe03d72e9573f514a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
549e7d5b1643bf7ec11dde635fd78c5e

SHA1
08db57ce8b48c933e2aedea61b54da7d3a62816d

SHA256
b9f9254fac9120ff358a842d3ab63befbe5e9bbce990dfde241e1cb8dfc4a397

SHA512
01aba765d9b099893b27c47c304b437c10051c828694ba758ffe7de2ff2ef8009f21f23653910e20d6be50fee1f6da3bf0752a1a142264a8dd9d1cc396e5552f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
49f6f1448465ca2a19a40a00a0e1d01f

SHA1
82fa3c874e686114cf37879608865861aa79c9c3

SHA256
b70829f329d161ac54afec82474bbf0948b16a48237bc099989fe732bb86d5f8

SHA512
72d82c143ca34e014e37ad22b29212d2cc49bc0ab7e342efef6d3f3be685a0e1db6ebaa8c9c74a4fae77ea5cbd7329131b564e6bf7605057ad0200dcd1e5a322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
687B

MD5
6fe6a82399c10320887306cd9059ed1d

SHA1
9e6e183d42a88b2567ee963403d5e1f8d0f890eb

SHA256
ad186a9d5ad5314486a91556d15d469527a99b29bda3dece06c10cd288041459

SHA512
cacdf1b0ebbf0ae684a4811cdf92a6bd3973457321266658dbc4c20026b446c157bb8cab46c437710e403e00575dcbad9177ddd8363e541c64b4addd288f6b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
10cda8e69ed95f8e6d80fb78a4970d3e

SHA1
4aee112547ba19d884a4760a0fcefbdaefe3068f

SHA256
45e3844557bc164b0ab2005b48e203f47123c4baacd0cb9177c94a7746c9f904

SHA512
22f381e787ec4150f462f47e85463b35e55b6ed3e81b8732735c849f96a15852a1b1783bce2d95648df447b216e6bde6edb2f25bddc891f6b34c2eaf7cdcface

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7baad5a495a52d6d0803778febd91342

SHA1
578f30cd4c00824b4df58002f2d2580a5b6606ce

SHA256
f66c69157c5181a4fb4e0fef6541174c1237fafd357a3335e7633d370b15c075

SHA512
910d6814ecbb81edad66d5674de452750a0fd890525d0ec8a3f36949de3087ff3e34b225f3972c43a60483d02c4712514bfaa363f63688e2d1d729eac407e0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ffa2de53c0be939efa9d46676fb0bf9b

SHA1
fffc1730f2a1d746423aeb5fda5f0f09937d51c6

SHA256
6f5b472a332e3308bb28a38e92da7aeb12a988737557e580b7b35127622e59fd

SHA512
dbffc0e458fa6c584878f6c254a52ea4851b97691752666e3edcb85d67df40f6ab46ff0a4a5d972f3a3bba4a983478e636558c9fb41e24f0c616628b8d46cfa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
52ab53d0d99585f4a3c3295b9c9acd5b

SHA1
49b55e7a3ad34fcfb06107f39bb277fd449ee8dc

SHA256
7a491ef676e735fbd55b7b6d4b4f14fcf381207272042fb89bbc659f81aa377d

SHA512
dfbf5784fad3dd04b77f90d7e3dc6e6ecf8abcf5c2730af84457bfc655d030aa7a2b3e799f9b10caccddb04258d499926a749feb9251f00d6661e2587e0dc6fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
346094e6057181f0a9257582e0014761

SHA1
c6b830935829c4512966eb92ed58ae46f1fad138

SHA256
665f384c2b90e96a0b45f178b13e11b8d56bceba19d6d42a86140fdbe7c6b8f1

SHA512
d0f780d99738f3e095760b9a4b3a566ce7db766aa40473fd0bd767789b3f32074755521a5a55923af2af5d6081e1ad18ac12421d0795ac99940005efa8efaecd

Download Submit