hxxps://kadosh[.]es/MyGov

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kadosh.es/MyGov

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133654747766697921"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 3300	1364	chrome.exe	83
PID 1364 wrote to memory of 3300	1364	chrome.exe	83
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4968	1364	chrome.exe	84
PID 1364 wrote to memory of 4720	1364	chrome.exe	85
PID 1364 wrote to memory of 4720	1364	chrome.exe	85
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86
PID 1364 wrote to memory of 3984	1364	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://kadosh.es/MyGov
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd0f8bcc40,0x7ffd0f8bcc4c,0x7ffd0f8bcc58
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,11431213464164021839,14949440297796182175,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,11431213464164021839,14949440297796182175,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,11431213464164021839,14949440297796182175,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,11431213464164021839,14949440297796182175,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,11431213464164021839,14949440297796182175,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,11431213464164021839,14949440297796182175,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=208,i,11431213464164021839,14949440297796182175,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4456

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5c389a6c4b9d426a308eaed2cdd4f329

SHA1
d7a0458f66059904ea2eec8e898c29995913265d

SHA256
fda225c4252b68768a93e54ed6b3f82b066e863db7834e8b26ef6898cd5e2e79

SHA512
90f93c9b309007ffd64a94a99e8c27a961462210cb29295cbb4add3eb936a6df3b28f86484d5fba500a0bcdac09623ae517d6654c3a848c3fc09370952b64651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c7d35f02225eff28f6c83acacead3a27

SHA1
343e49b914ab6fdd01325bf674ec629188fbfc0a

SHA256
59cde81a6ad45505416f82031e8f4774bf829f0ae7afaaf726036ab7ad3b1e9b

SHA512
5d357f3e4da439b2169048ddefd3c47006ab87435832b264ba59cabec0a1b28d2ad023dba62b3aeef6ffcecdb7cc72c00fb1d12d072f0bd8c4e6d18020efedac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a91ade993643af0009a93419a2abefad

SHA1
485a4c250ab82c6dc7e87bac009aaac31c442b35

SHA256
a4b67409da036e4381b99ac74caee05e0cd4d30bd1bc101d50dd5073977f8b31

SHA512
91922f3300070e9b8972c17fb43cebd2114afffdb7c3d3e040dd6b4b3d0e8fee1187844bf7a75cd22fce847cbb1bee91a8f0d18698820cc1865e5626d5ab561a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3df379fb9ccddac0201af5435d94d362

SHA1
b567f312ad8da4e038ea57cd36f4b5b5cfdd295e

SHA256
447dfb2f33f1cce445c15df9df7fe7a36cc895a549304b9f6a61e6d54bf26137

SHA512
c42ab3bcfa3fde1c6042089d6f90b3b0dd6223a5b2579a5b7a1fb349bbf1e7287950727bc74c57a0f63f301ee452140dbe6af65133c4c39e37aa034d10e29bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb673b28f628ae88cbb776128d10f026

SHA1
cf44b81bd05e6c06318c222869286c06d2af30b8

SHA256
37934b5b673da64a793d0a12c9c0bc089f7318a573c9a2bd7bce0758ad1fafed

SHA512
07f27c89639b94bdc38877df5be51eb1df1fc8abda8e87da79458cde36538ff9cdc99acdd22c55e11392e58e70207205158524776f72516176de2ac899507a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9d18f861df02608ee3eb32a5d870e656

SHA1
c27fc60ae2c152701bc375f13d0c11bc537d8915

SHA256
3e000586d20a72811fd0faeebb57873e4bd117e40a8dbaa80a192de958edf711

SHA512
e30a22f47a70a7e567752a8bf3fc16093471aaa2559b4e7f1b1f87ffbd755825d34bd214c08f69302a67f218c5d89c69ea4d4500bac07893d56524731046e36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66d49e7820ebf71cc31411882247219a

SHA1
ce830055ed8d7c85e719379390640c39ef4a8eb5

SHA256
41e39a571bf4f2803560cbff729903e326caa12b5bb0a1d8b8c0a3143e243aec

SHA512
1583e6c46dbf7e705d41b73219ffec0a672a9b4469463bb61963d7092f42c7397e3a8088bcfea5933b098d0fb2c13df8cdee247487f56034303df26a8ab4b454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
593d855c76e29637faa76cc137e8f314

SHA1
5799aec665bd81157ed7b521a0441b0134512ca6

SHA256
b96ee2d90c00b8c2459ee14dca0dbb5eabe3a867525c4662411d2d26bea8a5a7

SHA512
5c7ba6d8aec1763f907c3fc4516093a4c091a936e843bd4e551600e639a913d77a01436ff0cb071bf49a4b5c3f90ee95d5d191dd8a7da1279bd5626a3fbab6fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb53fa4f9e098d37476ad941bcceb437

SHA1
2e61d78a3638ca0fcb8efa08490186eca3900ab0

SHA256
9de2cdbe16e54da46464168dbcea945400712dfef5b89434217ce5b3962ecbfc

SHA512
a3d9b91a58029a258e44b3190908b67b93937ce4e1f188f9b3b8912d63c3534d7f59dac4418da8eb20c8f73515298d95a24db2b107bc30b458744af598c8d4fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f515743f84b123b662747035d12aa52d

SHA1
6c33bcc27f99ca0cca701105e9d9f8dac63560aa

SHA256
c0e88f441d18a759eb6af14eec66fb8c043058a6d2aabc9f1da13bf73b32e6fa

SHA512
2e26794ca2052e131f7cee6ad8ff43bcdcb8b74af7ddde01722cbe99fe6a1ed09af771391edeb22840ba53bcd2a1acf3476bed2d31060b17630fe6df37e48023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9394c348edfc27b3b17b74e5c9673dfa

SHA1
06b8edd6ff068712cbb5b19f2f134994388d219f

SHA256
7a1e71a95234ff33167db46e7f6c18493cbec567f856f167b6ac14d61883319b

SHA512
ac75d9d1f09b523d05725d5bd57d68aa3d1a55db4ff46dc05fa3f759efd94f758001ef3bd13e5a15b208fde8a4205f1249183a18153769965fedb0703ad3e991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
30fb732b212505a876d24dc9ecf2da5f

SHA1
4ac1150929c0c6435733b33179b22b165278a3d7

SHA256
8afdb07ddec70721190fb9604b9ca02a15379ae7d0356a2fa100e8ebb89d530b

SHA512
1623dc73a7a4bf07f8df442d9cd32a23655ea731362d906535dc2e7732e88cad122738f15fa99a3e1dd4b3bdeb247e23320621984cd1886169ec4b519e18c198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
67700a7239829ec03f4fd2b4a5de0e0b

SHA1
16c440c211edb820f9777466dedb9eddf0397269

SHA256
2b7821dbe92d32b6e6f895704bafe1eb1563248f1307d3af0eb2cdcbe131cc62

SHA512
56fa915eeffe1dc41841d4d7eb3ed44b5d5f61349090ecbbc92dcb913d983c73ea047d7abc7067d665b5cc703d798d1beffcfc96f0cb3fb69edee5f51af614cc

Download Submit