hxxp://x1[.]c[.]lencr[.]org

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://x1.c.lencr.org

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676710022889384"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe
784	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 1992	4352	chrome.exe	83
PID 4352 wrote to memory of 1992	4352	chrome.exe	83
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 3652	4352	chrome.exe	84
PID 4352 wrote to memory of 4536	4352	chrome.exe	85
PID 4352 wrote to memory of 4536	4352	chrome.exe	85
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86
PID 4352 wrote to memory of 1460	4352	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://x1.c.lencr.org
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffade90cc40,0x7ffade90cc4c,0x7ffade90cc58
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2220,i,11197779739764480555,18316551821188151778,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,11197779739764480555,18316551821188151778,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2024,i,11197779739764480555,18316551821188151778,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,11197779739764480555,18316551821188151778,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,11197779739764480555,18316551821188151778,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4472,i,11197779739764480555,18316551821188151778,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4952,i,11197779739764480555,18316551821188151778,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5140,i,11197779739764480555,18316551821188151778,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:784

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2696

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2218988e-998a-4515-a67e-2373d4b27c4c.tmp

Filesize
8KB

MD5
3f97f3839db2eb0160a76be7aedf286e

SHA1
c70580386ac28f3f3838c5316739d613271ba654

SHA256
da515d75ad3382efb3d46b81317c278ea39ef3786d96f41eeb8d2f3c612bb56f

SHA512
f2aaa3f2ca66cc39d91603b5c3acaca9e84d25caf817f8c5687ecd61872954de9b307a8cec73a69b0e3ba8f86843d88d3b82df86e2aba3fd7ea195ae3a84a855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
037c6eec9a030d8a83f260682b733371

SHA1
4245984094010adfbc61341dc37feb362b3f29ea

SHA256
21cf4031bb078cae61d79576b479b256ea8f037c055cbe1638328fc3536bd0c8

SHA512
8fcf89d5e149a51d066ea1e6af56164a6fe5df1779ae94a45eb9c9b992e82d28ca28617a693c7bc4749815fdf7df454342c263437d19499e23a863da36b05b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
56f23211b24aa2176dc382f020f7c469

SHA1
45c0086138949fca7b5cb37e086b1291c6a10ad4

SHA256
02fe3e5d12753255c866382e9e1f2b427102aa770e1b39850653df5cfcef519d

SHA512
38db3309f6f9922f04505a9c342b2177322a4c6db8a607c64f020f3c260d86a659aca81782067fb21e062b1bc8fcb8e61a709a485df4162baa2a0ff0357eae7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c8bd2a49ca78bbf047c6fc777a500141

SHA1
69ae890659ea6534d1dc0e329cf1494881e5cd23

SHA256
88704e8177d3170ca0d876cfd5f42d4ae442a255ee3931365f1aba5aca8d2cc1

SHA512
bf739159dd702b0dbadc32e18527860250bb27c7360b14d49f6b75310a34ad76b2eaa7d451892ed5b0e73d50642c1eecb7bd35b69e3a0a2bd80ee6700962d230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6523698758eecf949c73878a7f3f04d2

SHA1
5dd622de8785d1c43106e89f87760aac39c547a6

SHA256
bc645b09072ab362ba53e71c95166412893387f4edc0d1bb5eb9c60453d4b10e

SHA512
c36bd1c32f5a755e04e1848488080d65cfed27d4747041917cf6020c700b200840d007c0cab6b3cd0b96148fb632d1a86e064b138422866bab35697ba699f8ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f1cdc0470f1947d76aa95c9c5bcaae7f

SHA1
5e17c599dae6129f7d7134b57baebaa4aed34fd8

SHA256
a881587fc34e0a34cd93191ba5328ea38460e0c013695eb152852c571a6b5471

SHA512
7937e15b4713f0e1f5ee9d58f4416a3357a345e405615d2aa2823b8e64816ee08575f8c447ade3953de56daf7681411cff018d0b01537b4ee224a99d8e7d9c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
22c4ea53364c756e5d265b64e41dc9b8

SHA1
aa5d05cd818f82b3fd0c8c61cc5a557394806a2d

SHA256
3db0a7c4d5a6fdab591ba001b9160ebf3ee245cc4ed1eef8b5111db83dd1ba67

SHA512
462a994dd544df10db7a9ffa11d8f7588dd0b60f19305d39b901bd71fd6b81a25c1a4dc5a50cc146218c87084bbb079073d5afeb1e30c23acf79d0e30e6b25a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f1d1dc75e14e6ea47215445a7b8422ce

SHA1
ea2047ddce20f5a1265defacbb980e15ffaedce2

SHA256
8f56ddf3c3e884af9163c54717f371cd7ceeef627c30f39c2ae2976781452303

SHA512
c503c2988bb6da4ca61a4aaac8b4ad84b7ec7cdca928f84c7c93341d8424ebab5630f36b0119eb552c3d7c29856a64a29ddb55dcb97133b590c62f7bb34376f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
14aacdf0cb91c1477250e04ff4911486

SHA1
a2f411e7e696baaa63e54892620fa41474633fa4

SHA256
6301630a34656dd106a55207e3f1a1ae5b9a46515a5dfbf4996cea28cb7fd514

SHA512
13b77ff00f78483ced2f5570b899149d4da27daf23b856672667aaf07ec711bcf47a1754a86ee58e688929d43735be4f8deb9db6b4dddf64b5b9c9d4c294713e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
15f03fb71b0eaf2663239dbea0e54d87

SHA1
6e11971e21a13890d356127eb030346ba417ffb9

SHA256
0156bf9a20b9caba9fd63ad6729fc0f57eecbf85ec42644f9cd797a76ce1b8b7

SHA512
0154852a87726825a370b2b402ae656d99d8f7f259e7404632de21a8eb874bf5092b530a4d6f516bfb11af21466642361b86bf1e42ff6a474b551b19421e6cac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d74f01f8-d4e5-4455-9566-ee05f1af08af.tmp

Filesize
8KB

MD5
a9208774c3b659bfd416e1f0149d828b

SHA1
15b604aed03b82a5aa55b074eda87f46fa03b911

SHA256
77a098b6f300a571e34bbd7906a6265dde43b5fe0caf546723fa8af0957a21fb

SHA512
a668e50a541fdaf160e61f4766914f3c0da72eefccf5630f622a2d313cc566355ebf9a6b42f88cb3bf11388385b1668454ae731a3b406264b52a511e700cd265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
79f14af34be4f94c2c72649e13f5cc5c

SHA1
18b745be0dbd80655fbad2a30c7189e2c7fff037

SHA256
94f0a513e78079df32c8d0967566afc0ac5a23bd8617f17518de5a498574f9d4

SHA512
a934faabac5f03efd9dde76405c75a5874f7dc7bd2108b13e8fc971134ac4c4a667cdf1536c2c85a55bc83b8b894b3e7da5481f371c3c0a30aa9b8ab63f9dbee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
73439d37c4e2251cf56b60fd0bdb5ce4

SHA1
0c117f8436ffa140a4fcdf18b7e4b55611fb0f39

SHA256
b955de7cd11899d0bc3eb76d2f6d224cafd0e32f9e87d4deefa5cd5f4d854bb0

SHA512
0cbb18a4896d5733d2dec72105e9c3e3700350f68ddbc363762c82faefc4f0c4bdc7075f77e41f0cc96da39edec4aa9302bf715473d2fff3828b0a8ca6a18a74

Download Submit