81e283c689482f000d6220be950dce3b5ee01077d8457c98c65ec4d4d22f86d4

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sync_Approval_Document.html
Size

4KB
MD5

cdc5760dc5f9f34216d2143dc68267b6
SHA1

9ed97bbe840385a3de88d17c35922109d67c7c74
SHA256

81e283c689482f000d6220be950dce3b5ee01077d8457c98c65ec4d4d22f86d4
SHA512

8712d1242d8566204088a94a810eeb629e0e09a883324f3b75f5bd9ccdd0504e4b44eec3c57f40851622899c8fb894aa2ec1f712e91b758ca223607538f00146
SSDEEP

48:tg7TZ9VF2UtziXyoxSbnA3tTxQl9ahcYO//QDWzc+Rc6JPY2yPIUyHR9kquP7mA1:+HF7Uhd6lwMQwpJJ/xE77mS9YflOpfs8

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133663936374143205"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4528	chrome.exe
4528	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 3104	4528	chrome.exe	84
PID 4528 wrote to memory of 3104	4528	chrome.exe	84
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 1368	4528	chrome.exe	85
PID 4528 wrote to memory of 3328	4528	chrome.exe	86
PID 4528 wrote to memory of 3328	4528	chrome.exe	86
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87
PID 4528 wrote to memory of 2436	4528	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Sync_Approval_Document.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa3f29cc40,0x7ffa3f29cc4c,0x7ffa3f29cc58
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,7167910652508826675,8591754145140183690,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,7167910652508826675,8591754145140183690,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2128,i,7167910652508826675,8591754145140183690,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,7167910652508826675,8591754145140183690,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,7167910652508826675,8591754145140183690,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,7167910652508826675,8591754145140183690,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4596,i,7167910652508826675,8591754145140183690,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4956,i,7167910652508826675,8591754145140183690,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3988

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1efb198260b64ba5f24f358cbd60659c

SHA1
54dced78dbf115d9e1dca1dbea638f83f29e4c2d

SHA256
952dd0eb404ac8c29760ad7b80c5d863fc8940202f77ebd131fef7e1b588cecb

SHA512
5b8b2a61f89157c129a828de4116fa2417168a9d9644b2a7122188189a219145740011febb816b6e1b69f780eb0104256b590d41f4e5b2af82ba68b47e0d2760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a64e93dac48464a27255e28684c1e055

SHA1
2679d8230a4513e0dac6c8ed67b654bd309be489

SHA256
cc830392c296783aa35503168d2c9ecb4ede5de414fb77a8bddeb85e95263701

SHA512
a450b39d7b103ea6e3d27c21c3303ba6d778e598bb5d9a9e31b3d99a3a075dce05f0374ea51be61ddf44547cedc3d9ec438c4c713757f7a61e13fd2b5c894a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
98087ebbd839792c0132f8f6941e3fe0

SHA1
e4b0c5e4e6129d375f5ccf8be9f03b317d7e2989

SHA256
4a3605cc3ac72d88dd019ddd433be326d6df9aad6266d3508cddbf7e3ffa881a

SHA512
f3f48318ebabcd291f7cb912544479a864d3df5ca2291da8f3bd7a9ce1db84861b42de230dad31d564f18bac40f7c5a6a060d3dfff45e2681642617d189a1ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ef8f88acab13b00cc664be19a01f02f

SHA1
1be4a2d8dd54a47f72513efa563a29a66388e7cf

SHA256
2d74ef9f58d47341c0a9621edb2ea39ef87258f8c9389f9a6b1364d2b275c276

SHA512
ae66623b882997a86bcc0562c0c3235f8f817faed52bd1d7e4f280e82e428f1e84425545751acafa13e5e01de8d9ad61787ea3f04adc843b4d247f5afcbe617e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
47ea11d9be3ab64a5987e497e643da2f

SHA1
4cecb2953f66c3d6e0c000b7f6741553db466b4c

SHA256
d151b7a26df6001ce936f69a914bcfcd98bae15103715574f4a762e57e7a5d79

SHA512
c59a89bb002a7879dc1a0dc7d2714c280e66437806be9291fbc34cb91dfc9599f19ce59658b7c7990b5fa6d42f9fb0159480a83eab563d83d30f2ef00d2e1d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
968f747b5dd92fa9b75c004be43fdd73

SHA1
7299294b395a65fe4307dbcd03160410655a3373

SHA256
e4e1e19782d60d0dceff490b486bc7da32ca80f98ad4872e82e527a96107226e

SHA512
2611ef7e79655333b33291ee8348ec87f197b77dccc10eaeefe3b8ca1a0fbe2bba09d0ccec5ebb16d6a5893d476e3cd08de6632160cf1b7dd3053a1a4441ef00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78057b94a1fc114c6f26293f0b64e1e8

SHA1
eac7803ed56c49191c216ffbe39698fca8636f44

SHA256
ef4522cd4f79132e620137ba4af6f8d13cd1cfed149ffc579166454571d534dd

SHA512
5edb4aeff6e606ea064414a64afe39cd95f16c7db70b3222f2fca4581d2e8efff89841e29aacc993f6040d96152f140ac2d68ac2f3671d634f3133d0fa5fcab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8fbf7d0f9b98572f2a04f54699d2e04c

SHA1
d38154ceb815ad3a268c460dbd28ba08eff8072b

SHA256
90932a176f507a495496437be7aefc7bb3691b212e5d1f9607273466688dbc84

SHA512
9dc848060c565b53b80481b13fb06ca0b0245c56f462b0904f4604f41d767955b2132b9319c78e7120f55baf4b1a77e919d3924072b2e64e69edba5098ea3080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb4073cef8468ff047fa47fbe8a937db

SHA1
954e3a8f58d676ee9dc4fb22c86b32a1a98e3d33

SHA256
6c5b2dd0abaeb1b3186860e96275e416b4ebef5dfae855963f1e075930f3619e

SHA512
dae84952acdefbd84040dd20d15244ecd1e005c1a9c6d53de69c5dd47af35fdb7d178e972eec4e5ff7388da78f5910a15d43bbfbb95c9ba81d333fcc10eec4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e8085b489e758abfe46d864c2d4e04e0

SHA1
115aea13202de3a2c0c722d505d9b8b6e3786d91

SHA256
4d4b9f21e465f83c6a620245af22b77794bc353d80dfbbb0900ca0aff9858c1a

SHA512
df77295784bbceb9c753cd318bc84dda9b1bfda714e6bc3b9a424f9b9c06d8297442aaa914b12c762336f12420764d03801e65a8b66617648ff88745d941974b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
0812b151fef0ade7396bca3267d990ba

SHA1
76e12e8833479235c758b74dd589e2b57e04c569

SHA256
9033a689d46f352ef2e9494f9e2a57160af05790a1cfdae326d4d4771fce9470

SHA512
7b8809ee61589bc798d9c741786613afea187009f3f1ef37e3d6835496ddb343ba7f30d33c39b7492a8d9f753a5740434fd04ee551a93c12448a43c2b349d09b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
5cb043395f30b922f8fe5a64fd72e20c

SHA1
71d8cd80d33a04cade823a5f7298ef4af98a5cd9

SHA256
61765c1f2bdae3ec23f28a03270a1d450933171c06b0d573fe67ecc0307c01b4

SHA512
3885986bfae7bad44a696011f15d03975afff35d64215ec7f4107e3109a9968d4077b80bfad1dd41bfdd5f3f36b3de5d2dffc6ff1bb0e0299733d520b31afbed

Download Submit