hxxp://www[.]iampe[.]fatturapa[.]gov[.]it

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 08:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.iampe.fatturapa.gov.it

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673185755080002"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 3140	4432	chrome.exe	83
PID 4432 wrote to memory of 3140	4432	chrome.exe	83
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2260	4432	chrome.exe	84
PID 4432 wrote to memory of 2332	4432	chrome.exe	85
PID 4432 wrote to memory of 2332	4432	chrome.exe	85
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86
PID 4432 wrote to memory of 1500	4432	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.iampe.fatturapa.gov.it
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffb973fcc40,0x7ffb973fcc4c,0x7ffb973fcc58
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2060,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3028,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3032,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3856,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4472,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3820,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4212,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4528,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5052,i,17258141292655443214,8940970770885604698,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4336 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2860

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8959a146da593f0a0df9a5b1a338c399

SHA1
587725a1a68118e05bc5fe6b30a9b8ec375bf86c

SHA256
2992799b4fdf33329d864addedb8dab1a14564e9e9841ef67a440a274c85256f

SHA512
76a131679bafceece40c7e41d4a9b27a2f0255c6b42c9168059502fcd0cea3c3548d5798d8e5759e7782b7306d3cb7574cc959d5d5b581e844f3c1a30f76473c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f8f922c09ba4c90561d3e568c414b4e7

SHA1
82af850750bc5ac173b2c8e27bb554645435d838

SHA256
c16cbc2c5132c1b2b91e73ef4346dd8c64f30f2a524276231649cd7f12ff4dc0

SHA512
b3e499bc1161991e5701e605b8713109b10654e7111a3cbec7fca49d9ca8173468f4414ac16c6ed31fb407569fa0a8ae210d3a9d6328a91c477569287750d092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6f1fb1a9c264896d3aae2f8aed5f504d

SHA1
4148007b4ca435950f1247000d6d473b8889c9bc

SHA256
a8009f9a54d33b00c8e4bdbf19ec963667639dde7a4484cc02df9fe440a51879

SHA512
537a092d1d7d62872d4e4daacf46d87a8ea901cc718c660433aa1f680bf44fa70d7753ff4124d06fe04e3ada77e943fc755fb7d85d7bedcc9298af9166d1b2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7999e223ceaa178b30ce0c28964552c9

SHA1
e356a0c2cd8aeec96de7a574bac6cb8930bc1fdd

SHA256
b11f3fe54c3a733507184f15ef0f8dd5b4863e003fc11a197fe5fa872b8b28ea

SHA512
a8d691bec4472b71381e1b94c16018f784e9256a02b1ba92cc55549d876a56947d68c679587191f83c81ade1e50b114c6652f1285ff584aa22c946f50e6f7e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e6d97bd8ea15eae71f368d8d6ae6833

SHA1
1b4aa57a8e4ad91ae9cca1b8bf4b0723aac763d8

SHA256
115f4d91c38ec376436bf23541b2e8a5f88f1a19cc090104a2d86a3975776271

SHA512
a490d5bf91577ed550d89f8ba4bfd1ad9cc3ab621991b855e3114fb74c7c0cf3f76fe55f076c3c9d1b2ac37d8e7e3be6dc3d56301a989528cc007a1c04ce2e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cbc3b93583c1863f73023a5d70aa53e

SHA1
c5ac238a4e25db985a26464e94d998ff1eddc5c4

SHA256
f634516f3c904fab7c7478c13f416bb6ed163e90befee8d30880d97c074dce55

SHA512
bfd2ddc5e040d76aba10dcd07f3adc06f8cd8fd5d7c24617959066fd24a2518d513c11dea29d56951abcb11c9b64e332d86ce1dd54e2ab2c33821189a7956b41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e770d8b033eef7be8b0c94565c7cd1f4

SHA1
4e6a7c9b763c4a29f57c87bf1dfcd7cb1be32a75

SHA256
15cd396a15407b72192b39bc72c998aa9c0106c192ecacd8f421b111b38b0bf2

SHA512
bc105b43dd1762efd9fd306e92e4a936bb2c0a4709c4d428bb4d392f8115188ce5d21799da51fd547946c10018c5c4aacef167d3d55a73099675a28ba9a4db95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
79f8008130144c10535dcff125936430

SHA1
57efb543c98b051f39f2f0a6fa713b5a5a1c1339

SHA256
2127205860c9dad3878d7d42f262e4fe96bdc0f36a223d1d232adcd07ec23dae

SHA512
b0f075ff07c8e68e582db51522dc18cf96040d0bff37bb54ef1579d4d09428bcfb90ff7b1a69e3cb001d78dadf6351d017462b0dc8f05497fc566ab9cd07d161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
17e4c92909cbc665d2a44e6af5ddc3f2

SHA1
32072923710e1bd2d0dd185d1fa9ee9292e77329

SHA256
c5df0cd44df96ef0ac503abad7b90a309424782e5135b37a6e6fc132068cbae7

SHA512
3be0a5754d47e08feb02d5b53c6ec61a2363639086770190f4b6202296f81f5c4cac11c1e09c1c722f8fe993c587987622603c715a0936b736957925e27ea370

Download Submit