hxxps://chgadd-usps[.]com

Resubmissions

15/07/2024, 20:59

240715-zsyg9syfqk 10

15/07/2024, 20:58

240715-zsa2zayfnj 10

15/07/2024, 20:45

240715-zjwx3s1crh 10

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chgadd-usps.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655500255456786"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1844	chrome.exe
1844	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 3108	1844	chrome.exe	84
PID 1844 wrote to memory of 3108	1844	chrome.exe	84
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 2476	1844	chrome.exe	85
PID 1844 wrote to memory of 940	1844	chrome.exe	86
PID 1844 wrote to memory of 940	1844	chrome.exe	86
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87
PID 1844 wrote to memory of 3880	1844	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://chgadd-usps.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffedab8cc40,0x7ffedab8cc4c,0x7ffedab8cc58
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,4882872816075704538,10481528725893892836,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,4882872816075704538,10481528725893892836,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2376,i,4882872816075704538,10481528725893892836,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,4882872816075704538,10481528725893892836,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,4882872816075704538,10481528725893892836,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,4882872816075704538,10481528725893892836,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4616,i,4882872816075704538,10481528725893892836,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5140,i,4882872816075704538,10481528725893892836,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1700

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
9f19b5dd9104964af4f56bdef4d8f67d

SHA1
8fbaa24b18a43722cfa91cf9c90e96725f3bca66

SHA256
ae551ece7bf6a3954fad81b68da2bf205ad3641f4c401024d2157c83b711b857

SHA512
5a1be4b55e2ccc15c57ad31f855c947351060ca6502561a993b5b52422cef9e8924a160b22cd07359c26f914eb8573d5b6897c6f2c496c8ec7b7890b1eeb9a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
43cee205385e1e1ca67feec7f49ba208

SHA1
38b2a61830f4e4b7a0f48fada24b00a73ef15d26

SHA256
e3056fd55b951c062175122efcdefa5ac2270277c7c718c4afad161a797cadc8

SHA512
671ba793331d9a9d99d24f438ca421b8cdefa351891955272bc80e013a05c77b932c24920b7531860caabc166c57281a6e7245ef620028ac1c1f356df8e5cd3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
286db8f09e7f0280d2ff90e5dfd9904e

SHA1
2f77ede5832277aa247139297a682106d799d848

SHA256
be12b0590d06a1a13ba9f77d5d7eb2fa9f3da3c7a24305280713b83754c8bf1f

SHA512
c14ba7f064c734cf7450285bb87030d2ecab912f9f17805cb8d34c0a08dddf89c78a9b85a0815affa9bf77548f90b2c31202929274a99b1dafa42cafcc269c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
3cb3d030f701274109dcbb37416ac3de

SHA1
12a391b04e194b8ccf9c322c75f6c2f684a14750

SHA256
1368ff5da787a1f1812897d48b384b7247562afa76482c06dfaac38a3abaaef8

SHA512
2bfccb56ed5640401bbddd0d83f7190c113012e2c8cdf28305f02746e6b448d5b1775583d0ea735358e2e785358294a8848f3f5addf9bcce053256631bdfa52a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eaf00061b6b2f79583792d48b161030b

SHA1
644804d9676a23e7f1ca8196e7958078610c92cf

SHA256
56c93d07f1881482a83c9f112d766610995af6f14e341807156b7da8235c058d

SHA512
9aa3f1cd3733d20e04c52532b7dc17fe820b86f8b3ba8cc730df5adef880754bef60793cea0149cd38e9722f0ae7718207e1d294404ab15bd772865b267b7d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff917c31036cee078056bdddf56621fa

SHA1
c3f48daa36109c1b6f5b6081146bbc0e74c22b6f

SHA256
e85b5a63fd3e171dfcf4fcf0b376b74bc9947a2864cfc9584467eeea90ceebb1

SHA512
ca3a41789b30a5f19e4b21130256e901912b74820674a452c181bfb0ce34561a51020a5223bb604faa30619dbf380bd1bb5691a009d6b2b9302fd41f9e409b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
eb67880b23d0c4aeba253ba92aff3c4f

SHA1
fdc82e3a0b8d1a8bab5f9d7fe592ea1e27fc746c

SHA256
8653fe51bfea1d27f3f6269810874f7a4c85e39da70f9afe010e3acf397f2f29

SHA512
a185f72e028f0fa85083788f2a1d1d13f8fca89ba557fbe1a311d6ca272dc1273c78bb557efd2005391091830c34e84108896a1dccd27427af6dfd292d3ebc10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
322454fc62295feb20409f2c321ed7b8

SHA1
b4837015da279b4d37c36280e5987ba5c7e67d9e

SHA256
d409ca5da4f43cfb1b2dcba861248eb7b53318aadd30bf430b2e11f3ea8aa1c5

SHA512
ab0d6cd0e327c620b8368117316998f1b655ef255989ea3aedf2438a30114916e50d640f996900f75886a32c986ec72efb6692bac3385adf32bf773c37774def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fb7636d5884e44ce8ea76e761e2eb2a0

SHA1
d61097eca0b1e53cd41a5adfd1f773f11e24e9ef

SHA256
bbb2fc33c77df6983df039da18ef97313db6a853cbac40d437aa3a8b84705875

SHA512
45eafa5b9bf2e50dbb2628f7ab92738751387a30edc74eb0cb592d3ca8dd0c816b2f23bdcc16d97e5ad47cf05c6c7daeb11ee2f0c33bb1dd783adaeb492026d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
60767d71b99aed84cda1419419a4583b

SHA1
79e7bd90cfc56a6d592a2f4635df649bd44357e7

SHA256
9563e1d4ad41a7f7083cfcdd7717e5c2cce86dc1cc022e7ab3271f70952a7144

SHA512
a1c7ec36161fa7c4f7bb5c348d429389dfef1991a89b60ee1ace05cad3801a08017c18ccf1ad468f00f83e99e322ad80fca8bd7f0d55ba15e68ebe670b601af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
769ebecfd304fb057af3438d170715f8

SHA1
f2c4b5ca3eaab03e164855f2039e410465e9992d

SHA256
296b30435cb85c947de735baf8399f479ae5a8e6b8d1b84810c05f6878206550

SHA512
5f4f840bd380263d18957eb663f273d7bd36b7291f947d6881a1caf67b82b322c007b5597561e401a8c5f1448d549eb8e5330de74bc13a5db84bdf436bef6673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb9259b71ad477b02a292cb93b0f4e37

SHA1
b76d0b029ce0a99725cc1ea1df65c5908c40c523

SHA256
a3a39c6d59099ef454af6dfc17818fce66cc54b6e4b413c3bf0e28fde415781f

SHA512
c7e10b36b40e5b62d9cfc518026f0e1c360a4115180e000fd2b6a36197d338a03779190552cef78c2bfb8c55ec588cf97beb8257a94acc1bc79698e68f8e721f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cc5d06c3-6b3c-4e65-8b92-a74b2f14bde3.tmp

Filesize
8KB

MD5
1233f00ce66aa4effe26d9ae353e2c8d

SHA1
afa1ee5ccc326b6d31eb14cd7bade2322970543f

SHA256
8a0b2bf164526237d140b04cae5e3feb4f8c1dc208dab43f64c6c65a704e7295

SHA512
50e58dbd0b56bd33271fc492f86d39bcb414e180e54facd3aba7594b4e7ac28c52ada4635bdab088f9f2e524a0bde0419922bf40eb6debecc40c0399dbc4b71a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
7b2bbfb29019f8841a91c6d651a72f6f

SHA1
d219f89d532fb5c610e63785accf319d7da08f1c

SHA256
854ae14d4fe79367e949dac9737c96dd5dda24ce07578e5ac6520c6ba262b924

SHA512
afee256bbc555985114209c58da98701114d5297875d128e169a4a6fa50aa45154170a93d6c38a33ce7e7d316d2403630b82aa6de2cefc110027a4653d9d6301

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit