hxxp://www[.]radmd[.]com/

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 15:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.radmd.com/

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676054112247749"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 4372	2396	chrome.exe	82
PID 2396 wrote to memory of 4372	2396	chrome.exe	82
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 316	2396	chrome.exe	83
PID 2396 wrote to memory of 1268	2396	chrome.exe	84
PID 2396 wrote to memory of 1268	2396	chrome.exe	84
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85
PID 2396 wrote to memory of 1936	2396	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.radmd.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe024bcc40,0x7ffe024bcc4c,0x7ffe024bcc58
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,5136442803939047603,2808916765887884456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,5136442803939047603,2808916765887884456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,5136442803939047603,2808916765887884456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,5136442803939047603,2808916765887884456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,5136442803939047603,2808916765887884456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3044,i,5136442803939047603,2808916765887884456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3484,i,5136442803939047603,2808916765887884456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4676,i,5136442803939047603,2808916765887884456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3684

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
21736eda122c6d775c5fca8400cd3026

SHA1
ff8e3cb9af57b4ddaab8f81106122df38dc416f9

SHA256
e9966e4db3fd6e6719ccd74ab42af96e6f344dacc2057f1e3bc59034efcdce02

SHA512
77df6f78def877bf132c6fda1e71b84f0baa7052c67591d5fc35187914c4e56db6ce32504399c37274fb32fa4d1da0b891eeedcb214224f01bd132801527cdf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7f0ae5bb8ece19ebcaccb9aa3c72a6ee

SHA1
0733764a66ec59382d4a854f2622d88dd618ae4a

SHA256
9349cd6a1dddf74c462c9a6136205ee8df9ac4aa82ccc2a644db2e0be78a2446

SHA512
1e3b44d81c5879032f60261081813bad8ff0b9168bd60538e663e33cf9d45765d9dac6628e0b17a46301fd82edbdd7b51a3d0379a95bbeb584485575d75c5676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b454c26e97a92d99e444b3109d4b317

SHA1
9a98ea4c9d100f3e24f0c9fad839f2b0303e1cba

SHA256
f43e4afcd97929a835a2881ca32658f7b8be6abc2f991c671b5abfcd3d8ec50e

SHA512
7ae13fe343ed70d85ab7d0e802235fddda64a605a58dab0e8417fc1002e2ec26f2fc4d0f4333223803eaec9c06d756f2ea7e2d290b8da47a4754b3f141268baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b3421558d17d740d38f7d83cbb3ba754

SHA1
d369ec138641796d363d61d87152cd201863b729

SHA256
ad8bc264c8a9a7f482deb310586bb1e68ecb9057e1e25a14f502cd3a9827ee86

SHA512
96d055605712c2fbe1b6c624a580a21064e49bd4422afca5cf3bf5a48c6ed0a26d7aff347eadd053c5c3876964a81b26f16fdbef8d13b177687f3551fb52665d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e9dc20bdc5586eaaeacf18e56b94e96e

SHA1
fb375862c34de613970b8097d94a5d66bbca58b5

SHA256
6df7f2803c5632faae068c175e3331c47ebe44490f939e576d88876828773202

SHA512
c69c52fb45ab8043bdb3dc659b69f568991fb3355937043f94264cf929f1376f68b56cadc283501dca50b980f32ef380da39857b15278764aa4e6a8fb0ac4371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e058bf580f8227c87ef5746d344a3b30

SHA1
d4718014107004c98a2f9bee7e76422f18eabf22

SHA256
10e5eb013fe663b9efd1a1d20abeb9a5ae43d25ef5a4d68f17a00c5b7c39255c

SHA512
b0ecf5a47647acd0cc272570daac6983187295ea27738e4cd12072889e59658358d9335677b66645c4d8d520a1635fcb903657214c8da24f4690e18bf13fd3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac866a17f9d2fb56f064bad0794de0ac

SHA1
cc20e4cab3f5fd81bc65ef0f088225763a3c9455

SHA256
f234658dab4ae63087114fed9c3c977fb71ec1a23c7bc9dd4d2d31292ebb29b4

SHA512
2ce43adcd795218fd8b9819e8957468408520cc2b2ec4ad3e2564470942dfc1a9bd6062b641217631b34aeb9ba1567ad2b532c9dc7a2ab3ac30bafa983a7486c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
596730f05d5b6112d93c68d00e388b34

SHA1
bbc648bf22c46df1741aaa95d5e2f57586d527f3

SHA256
0c2dd18134e850d61fae0e7086df5ce6dd66682a52ff03dd94e57f5971504869

SHA512
55ddd5b13ed5d3b5b1422ae8a3f764611e032f0340e0f768907a50569fe437f64d87895d41a4c0d767fb0688206d14d0cf3b157116a3a07ce2ce5681c9655886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8dec152122b236600c68ffd57a63bcd

SHA1
c98a2a212ba15e9fe4f4df9cd103a735e8f1b4bf

SHA256
d0a500b4bbdd988dd226c10316e021fe51d0d84b3f40224c3176be503e1d5463

SHA512
2b570b4c18a64bb291bdf25ebec9cc75d8754608b3ef1f96f4d284bd366b39a0711ffe5269072ebc82985f5a98e6c292cb3806cf28e73d97355ea5e0f1e6b169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
970647d65bc7a4497aeebf68338755c3

SHA1
87adae9a4a6cff9a2bfeb79eaaeda70212daddb4

SHA256
f1c2350e08be73189eda86fc1f14538fd327081fbed1fa145130f7c1bf423e8a

SHA512
3826031b1bf779ac3626c3d999c20738e8489a0241b3e1912b64b1be808714be1bc088022b2cfb9d421ac6dd9939939efdb398106fa04b0ada9a5cd276e85a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
5b660418af8a9c148a0a4b57c63a3372

SHA1
1d16070d3fe52d4ef15de83335950ba7d737582a

SHA256
d58fea6fac11c99dd0fb757a60d27a974e5de4f7f173ae02bc46762682a40434

SHA512
a8700e090db4bea3751fb03495b5bf44e8f32cd27268d133a24b8e0f1217e7e10d191e49f8437fe371c717e40a72a9d92163200f570b1ee7b6091cbea5d28a14

Download Submit