hxxp://www[.]sistemats4[.]sanita[.]finanzi[.]it

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.sistemats4.sanita.finanzi.it

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673168389523745"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5116	chrome.exe
5116	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 2796	5116	chrome.exe	83
PID 5116 wrote to memory of 2796	5116	chrome.exe	83
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 2528	5116	chrome.exe	84
PID 5116 wrote to memory of 3388	5116	chrome.exe	85
PID 5116 wrote to memory of 3388	5116	chrome.exe	85
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86
PID 5116 wrote to memory of 3260	5116	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.sistemats4.sanita.finanzi.it
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaadc4cc40,0x7ffaadc4cc4c,0x7ffaadc4cc58
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,11051922948512988210,8689859516695117157,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,11051922948512988210,8689859516695117157,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,11051922948512988210,8689859516695117157,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,11051922948512988210,8689859516695117157,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,11051922948512988210,8689859516695117157,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3036,i,11051922948512988210,8689859516695117157,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3100,i,11051922948512988210,8689859516695117157,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4676,i,11051922948512988210,8689859516695117157,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,11051922948512988210,8689859516695117157,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5116,i,11051922948512988210,8689859516695117157,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1028

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
af81fd18e11b37dccece47b421bbb57e

SHA1
77759a2db058b3e623545e2fc306a1019a0c60cd

SHA256
2634b5d3437c8b838fabee4b23cde1ed8cf06c82d802d8f20cff8b408b6e7d05

SHA512
62b5746d6e688865609c3791ba89c0df991758e8a2dee939513493a1e453b45d401281cc4ed5283d482e5e55655ad07fbbd7848e1c804d5fcbf64feb267af21a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1981624c86dfdaea24b6a2ab393c9138

SHA1
2e125446db12395d74354689e68f972d0af9f5a3

SHA256
3b7576d38e9bd0fd66fb8fae638ff381f4225ee014b2903c20a819a74d37f0d7

SHA512
6b9d47449cb6ce6cee5f6bcaeb0545c3c4afdbc3a9b124c5cae70affacb6ddb7980fc1690922eb1989446f1e085e19c8eff486ea4b68db43a4f25dda6e5a188d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6d4f7357cebbd2131b0990c6f55d4b3f

SHA1
2de8a5ba8493f0cd677f13ddfb85350323c20047

SHA256
da19d0fea14363cd900baf456cba37b91cbdbf97be11f901ff6de2a50978326b

SHA512
908d551338c6c0b8c19f8c0c5b767ff147daa0d18104d91003c21948709b44e7d89f5e61e789a228890b9b5c3400137652fce64c2529ff1ad605eec29671e5dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5872580210ca391eb3b69b4a1b6e6317

SHA1
fde6c42b3e668a36e7be9ab006458aae9f409de1

SHA256
97253e5062c8d340af59a0463a0c15cf00c1507f7b059e9b981ed254123e89c7

SHA512
8849066c53a303d40c02dc49a57487c30fc9272d823ac66050bf08c3042cfb9a8e9ccdadfd69ed27549ad25ec5bf9f8f353a13e96989a3be02a10f85699313e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5e7823cec1cb0b882ad582f4568e337

SHA1
e4efcb8059521cae2c2fa25975690091ccc4a892

SHA256
b2e474fc7c4c792198a6679e45fa89fc0436fd532b0e008a620a2b5b7b685e9b

SHA512
632c993dc2d924b8e20b0fd77151a0c26c1976e270ce3f6394ebdffaeec8ae0229b340adc0a1239f89d5dc338af75dd321bfb5ff02bfe187d78d0d329bd88b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
adf3b04a2b7aa23e9ed770c5cf2ace77

SHA1
6e9d19b6b74bb5e43a71b32c7ceddf2265226801

SHA256
9f67c8106b6fd30a3acf7d4287fc75d897550b0b51e36241500360100783b115

SHA512
d50a199e72de264c3e9384333e100a4ab1c6b5d91a93184d7867ed9e32fd82de581453de8bf8050fe4040e907331cbc0ed553a1d970c4ab737ac338dc30be7e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9f440fe8a2973d7dfc85dcc842ade8a

SHA1
3b6b13961f5aaa397a34c1ebdc880c2c3a37d44d

SHA256
9186e2a0d6229393e0a762185b01bdf4264e732a6bebd7cc6c5d2ae77d14ead1

SHA512
187acdcc5a92ee464d45a1c6221b2a82598d45796a06ebf86e09443361d34eabb52f935f1afc8f28ca0d476fbee530a3070850095507a8622f53c5f74f040272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9dadfb699eb9c4913788b9878110492c

SHA1
46d13495dce1603baccf2609a6d709b133fc00b9

SHA256
5346bd2429a801543c07468fa66ee0b3a1162df452d638a8f4cb6ede61a4f2f8

SHA512
c471c4e48fd9d9bc74960304f92daf5be2a1beec098edfa53d675326cf612404ec8760463bfd79c1b2aaad56d020bf4bd85ceaa9ceaa3a795ba59a7b6145109c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f0986587df132a6c13abcdfc702e635c

SHA1
6fa1baf24b59887e4d1fbcb2cb0af64746c3df06

SHA256
3b795a678ea20308488fd92cb329cc6808375e5c9da9e9da5707b281bf8feb3d

SHA512
dcd38ae6ddbb7a7989e43b2cf3277a4141cdbb2adf1a45bbc9313af0d86c27dfeca1af68284dd95c78d74fffcb27e291deb955dfa13fb88d60113f56e67b3556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c35a68d4234cc06bba06a577aab6768

SHA1
fac3d8ee4ef1a59bf33a8c236a1821b4c9cf8eab

SHA256
ecbacd33fa4db428f868dc9390e7955a2a5160129fe5b80e2751791ebf1ec759

SHA512
15a28d347f3acea988bfa2c9704415f80bcb84a053f44a110fc156c13eae25a9be63852442761f8a13cf21096f9c8eeb3d9cdad37ad73049a9edcce3f8be0060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c97ed23c0d0d41400bc5495d22c2848

SHA1
586bde943e293a3c59feb376e36d73a568f0be4e

SHA256
b0cfa2dd9263b9b5231f6c2469b6aa747870a0118747c21e02d0b64b8b915574

SHA512
51c31c39dd5f93f7af29d59b5b6fa34797745666e711ce5be8032a4986f7e905b3a866305ce5f3b1c9ca51577190a8c00576bc6b7c6acc4b8fc55ab789d49622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
bcd3cdd6206e8cf200e73404f076bdd5

SHA1
4b134444c9c948187c7c9117a3eac9e3b844065a

SHA256
9776edbd7327874af44405d36a2b07f167bdea1505cdaf9bf9d9ae6eedb85f67

SHA512
94aef0d0e95a35d0a670827d821fc951dec01613fa0d12791687bd3129c4a0afbc57428ba5dc85cb7e20c2536738b9d2778fc5ee5e943bcee8056ab81a4dea49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1beafa38ebdb7e6816db6089f6f3f21a

SHA1
2db4ba8ad557c4d678cc8e8c38100cb6aedd82fb

SHA256
32474cbd886975205feeb2490d117405a47036374e96b23c9a4e8f2332186c8c

SHA512
2700bc402f87ce048a4aa3575af607a689ffaa3c1456503a205c2cbf63fc2e3bd357da0682177ce058cdd47c25c3b95fc5ece5fa0498dd27d66df43db6fb2947

Download Submit