51e36af0bb29cd7a229498f026699d09b43ba1496df6dc4e5c42c1e22227750f

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Yeni Internet Kısayolu.url
Size

110B
MD5

af6e19178efa8059ea11b03986fbbb4b
SHA1

3b9dd6e1cf5e3c2a56640e647c7a2bdf10a46aba
SHA256

51e36af0bb29cd7a229498f026699d09b43ba1496df6dc4e5c42c1e22227750f
SHA512

5e966dcf789e36da68ae3eec71ad0302d768d3bfc2a098785221a96c1476fdb180c9c2273285f79668fde259b05395bb18d5bfe5c4a87e281bd7a0b784cc3eaf

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 4976	2120	chrome.exe	88
PID 2120 wrote to memory of 4976	2120	chrome.exe	88
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 4524	2120	chrome.exe	89
PID 2120 wrote to memory of 2028	2120	chrome.exe	90
PID 2120 wrote to memory of 2028	2120	chrome.exe	90
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91
PID 2120 wrote to memory of 2732	2120	chrome.exe	91

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\Yeni Internet Kısayolu.url"
1⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffacfb4cc40,0x7ffacfb4cc4c,0x7ffacfb4cc58
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,4727637707725415508,7638818460717853605,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,4727637707725415508,7638818460717853605,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,4727637707725415508,7638818460717853605,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,4727637707725415508,7638818460717853605,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3372,i,4727637707725415508,7638818460717853605,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,4727637707725415508,7638818460717853605,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,4727637707725415508,7638818460717853605,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,4727637707725415508,7638818460717853605,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1156,i,4727637707725415508,7638818460717853605,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=864 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2364

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1e60a6c620c971028da09c11ea056c88

SHA1
4a9f4fc4a470cd4c4feae7073c384a3376f43fea

SHA256
bd9ec61bd02c6632d8d8020b37f6c26c6089b40156e501f5eb4ec285c1b34749

SHA512
296848dbfb31b932d55bbce7bc1f879d805cd3023870378da56c40258eb8c00ecc54b80ff577a8caab61358c6af2beaa518272aaa04ccdc51158d3207623de7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b59515244056169328852eff53222181

SHA1
c4aba5999a17582486a723bb75b55c1309b7d864

SHA256
9b91cfe8f01eb2c48ead069995cc3057e9edfc78bb346f5a9cbb79bf8034070b

SHA512
cd4e7ef5d71362b78d418e5bd0fcc8ec4c8b716b431f34b9b3052dcf4f1476448647bcb12bbf7ebd2d9c6f0d6eccf0908c0ed390f45c2402830badeef9098498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
021c309ab7c77a2091c07e500f9e8196

SHA1
36aa10d9d9515a75af77bfe64afe8b14e28be294

SHA256
5ee6c8a0185ace9aaa5bd9e3d415b0d4063cfbe225e05a201969005151760a47

SHA512
f71e396e06f43921252ac67595460ff014ad5579075dc36c60208b3b62b6696e4a4f025326077cf2c23d183045700b211f586f597134ad9c45bad447bae337c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e0850cd9e107c10d7a82cc562cd86cdc

SHA1
22c3ce5b8570937fe13a2b32eaeed844bace10e2

SHA256
c2ca775007b44caf9273a59b6216d719ff31e8684e5d426947350390ad8ca962

SHA512
7a60bff1ce537b06f80665191c6df76560b03cd26e69e9e11782b59f736cb03cf3cd934df4bd7b4615a5a9f1fcde4bb9c6f05a25a5c486bc55080e932320dee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
188f2c9dc6f29ead475f0ef3063fccbc

SHA1
b7b62aad4a111622ae5023d2950ad22f75ef72eb

SHA256
a6ca09d2bbff3742224e45bdb29ddf17ef46d64090a9b31973540016dd4be377

SHA512
66a28561b54a5a184489dfb9e44cc645d224014a4a2c8d518af1e7317537db68d09908851bcaf64cb55300ec2bd90cd27107c8bcf4fd82a6ab8090d01218ebcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2279873621f558bf540b6a5eef3fbe94

SHA1
b55a25c91037257200c77faa677dd0e511dd8754

SHA256
c4d441218e7410d391aab83ea27087b3dc3660c8709b28213db5584c38c27624

SHA512
bd5ec9947bfe9b7ea9c576db671f6ddd89f61146758a28f21bd14e2e9349ab73f802d29bc9e9dca91a75fada9ebd78264c89416631ea052d3694d57a3420a9d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
71634544490e75146e4eb364aa94c73d

SHA1
a20b0105cbe67477f2ed2b101fef7d06edeecdd0

SHA256
6dde429cf015695d3e80aaf60be444e8f264ad89d63414cd77dfede7ea216dcd

SHA512
a1be5986abf4397e8e836ea0b923411b137c623ea41e44d264d02a75b260076228870c23e8e26ec09e3666607dd988214a540708ca71e1992a1d14976f7a2da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ebf9646b4af6486f4f9afbb152418eb7

SHA1
93eb0cdfd686157873bc8dab814876e0918eac71

SHA256
b7e23245fc20255fd1c5ddb025940cf4e010895f4922156af041fb8562fe268a

SHA512
a1b1916fc2a678ec3081448a0f867fab0080f80c19d4eeb1247ef77413adfe5190cda01fd98bdae3693b27c50b54ed21b977aef4ec34319eea31c7a7e02be7c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8c5bfa771d96e6e5289467b8ecbeaff5

SHA1
8cd064869189de44d84148b68f5c90fec26693bf

SHA256
1489b17ce419b68f1cbaefd317447ef017ac196c5bd1b0aa5ff268a3bdbf0204

SHA512
3e70d3523beca8b6c30a0405776b9ec0f9042196078a51d87d7ce3450535e5e25f81279e1484bbb0030d4f85f295999ebafafcc1aa938267f50d85996e07241a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
b63e8128e5c3a5587976a26a2d8a9d3d

SHA1
8f967eeddd81af9f343885bbe221c64ff35eb996

SHA256
a18d116db8c40d9c6b633927bf2dcf1506d1b4f8784990972549aa7ecf39d941

SHA512
9b5b266d206cfe9e495127e9649026ed6a17b24dc60763f77e841db0c9b6f6fabf3e544f93e0be24aa42c53facd4e79bc72dbc1f8b54947a64d0d619c77129f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
6da727d9914bebd7208f3abc9eeb7296

SHA1
2962fe95f47c11392964b6df28c4094a44008131

SHA256
a91c42990bc99684b1920e1ad2e178ed79cdc0cd893dabd653293f31047a8361

SHA512
35d1dfbc28a93be94547a1cdd2cedd15728940779d2f16c7cde27aaf1fdd76889848f7f84a9a7cb3a561b3a9fd34e425368a5d7c3a85215e8e21acd434b2d338

Download Submit