hxxp://cgbfz[.]sinerjitextile[.]com

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cgbfz.sinerjitextile.com

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685973331717509"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
848	chrome.exe
848	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
848	chrome.exe
848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 1852	848	chrome.exe	91
PID 848 wrote to memory of 1852	848	chrome.exe	91
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 2828	848	chrome.exe	92
PID 848 wrote to memory of 4840	848	chrome.exe	93
PID 848 wrote to memory of 4840	848	chrome.exe	93
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94
PID 848 wrote to memory of 3832	848	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://cgbfz.sinerjitextile.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffbf8fcc40,0x7fffbf8fcc4c,0x7fffbf8fcc58
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,13431555932630789504,12378068794328424925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1780,i,13431555932630789504,12378068794328424925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2148,i,13431555932630789504,12378068794328424925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3032,i,13431555932630789504,12378068794328424925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3036,i,13431555932630789504,12378068794328424925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4560,i,13431555932630789504,12378068794328424925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4776,i,13431555932630789504,12378068794328424925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4504

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4228,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:8
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0fc0e33e67a1af3434f6cf213ae72710

SHA1
c94f16982f423cbe3b06dbb6ee91c8faf2fc4ef5

SHA256
1f7782d1a23037e72d56a4499e2914232ed8752b1e634a8ce90d4a685c77e57a

SHA512
3858cdb9c6502cb23457a0633032e3bd702c4e0e47f676b8f5bfb8e6f891a75b108b1059b5dbacdaf60e3bbcc2540a97ab9098bc348f87f284407367373e5a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
88048bc7a3ba59debf2c99eee0fc52cd

SHA1
a90f8c7e6a0f88d6daa098ee69f8a3ce75256c07

SHA256
f407ab22faf9b9b215d92a54d4a85d6d83a2cd1eb6b158d6b64f438f9914ca42

SHA512
d37267e2b16378f35b8f328397ba7bd59fcc934a26a6960d86c60341b8cb125863c01bfa42130487bc9f5b7d889eedc9c32355ca5cfdbe6e057b19fe3093bd0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ab1c30dd025a8f565c95ab29d5ea5c3

SHA1
363f66abc83d45c0abd04d9d84162e5b7b9d890c

SHA256
7a7be2dc4a2c8e4d4b995b784b889bad5bed68ca5f4491a02ca3ccd66dc4da66

SHA512
6dae65c26ce4cddda1edc033500198a858a10fec424aa917cb2c6701e4004993e3513c972c93d8a7e652572b980334dc5f13dd7c82b96fc6f3f18ce8e4971de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53880b36f86bb8d2a4d5b0ccff942c03

SHA1
0f787b3d4e903478edbbfa4a98c06edaff7ad7cb

SHA256
330f027d70ccee648358535d2bcc353b1b00cc914b2f30f27e6955fdf7d60dec

SHA512
43c001b93e11e765f3babdf6ca03aba67969b1881452409b1e13ee63398fc977ff3202cc928ea87419355aed04207fc54526df4e132ad99edc902cc4e8c2638d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d54e9fa9d63014f95c098bcfdfd583d9

SHA1
554407880140a920555a91e4f2dd559bfb4a64d4

SHA256
b57170ab90e278abb51ca72092aba97d575f67dc3bc91f231636f6f1148ca859

SHA512
fe4dab22cd9937528a349c72dd55036ad1dd7f1d05bdb961c63c706eca169cd9882a549dc25e4d344e6566b39e213aff06077f181b9aeeacf544d24b074a7f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8267908884bb0df063488e3dc6eb33ca

SHA1
bfa0e6617053910057aa99f55315ab85c2b31531

SHA256
547fb369a8c4d6da73cdd0fe0837858d6c34998a8f695ae1ba73d283a4c8b899

SHA512
9de85b386c07fe93798e38176dfa8dcefb71433386516d9696345f7d11d5a6213ccd77bd555dec003d648bbe9cc9546760988b63b16a9789b53764cdbc5a7518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2aa1872d30d50bb9858a014f6c96e982

SHA1
7bbf4eb726f483de67e68c0c34ea3bf0e61f66ad

SHA256
96b7e61b3710c112d6248e5389722e5d486c55cfc722bf9fbb4791893496e943

SHA512
1e6bce23b5b57c8430c4ba81009e520e917d401423a6c5e118af2ac67025260fd6d230e71663ed8eff3e2e8b7c719b99f22a679b937294a60be174c9f37cf2d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5b93f4a585ca01dc96285b2d6f6fa5d

SHA1
b046e64db30edc56409e112da262fa1a9d2b99a6

SHA256
2c9b651d9370b10bb618526c1d28a815484230129a32a9fbbafb14360a1d14d3

SHA512
d4f52ee4697eb6ede09f4a106289d95ca91f132df412e8da7658ddd63a5619b8b50e06cde55c276ffd0790037188d2e384bbc2d8496689d4f73964e8e9d7b915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab09d42bf9c49bf2a077fa9bd1e6f25f

SHA1
2feb695167549cb74a6db903e8ccfa73c6af9c69

SHA256
c21e5b2138ced2e0e03a73f38e85c3d46b07385f7d338a009278c912ba08c20f

SHA512
d9c71e977386356b9c8fe44a379ad442ebb6bc198b0e172f481d58112a1b272d22728162dde254289c80ab5a962de6756e9a930f5d466762e8289a509bcf888e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ffb071860b8502457314703ec70e464d

SHA1
ac35b0dfc52d641388efe72f687e549b73dfd2a7

SHA256
794d3d53cbbd29af479252356fa70e8c275c9e90942f76640f757e791ea2ca46

SHA512
8b1bb937b06066257d185b09adab2fe8fae91def5f094ed3e2e4306c636f9144555b846ce534f65648f449f48cf9faaf684e8927c3b51596f87ef7b7225bbe2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcaf08c9745a6ac01a028809db8da3dd

SHA1
6719a17cd427e673ede56ff37edc72b531f1c368

SHA256
1f42547a77f18180feea023ba7198543ae9e1fc15b8891916dd9f015593f2cf5

SHA512
e68ac422022c7c98788ff6ebe596c347e1064b1d7213f74f866f2c12a382a1308fb9704af34b8b2729cd79252b1874108db753345801725f5402fb6179eb9f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bfb5ff97bc2dae0ab7973fe9902b9be4

SHA1
6dfc9009f8982910009dad9b6463a144020f7764

SHA256
9e2d209adf653b47a3f611d4a4aec3f110d29ca199cd6616c73ee42408620b97

SHA512
1a6d24f35560301981ae1b3641916ba737b35e08ce0c0db4ec91b33d91f675c35e85baee10369617506a8407e20552f5ac7f6fc08fa92a69c55c6c145dca83d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
6e11a9753d50224efe3ac8b2fbfca951

SHA1
2987ed9b082550ecc65a1f068390ffd5f60494e7

SHA256
0eb4eed5f20829d790a25610416748432557a9003649a1fdbf8cb09c62e89db6

SHA512
8bdd1cfecd9333c6ba5a7cde92d8b9f348515ba5afef858b340c555824864ffd7ad9fd1fa7def62dec1079d65b15ca7f0ace61ae85d7ef37eaa1b8a70bfa095d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
aeb34e1b715875eb2130c6a765b89d89

SHA1
382d15c5b114c49de858f2211e0e514aed2c26d0

SHA256
b09111b94731dd50a90fb1596ba6c4dd7188ea5fb3ac7bdae33211d666d567bf

SHA512
1f5644f5943e8d577b6b3c79593cec697d4ecfbbc22402c497232e3fb1b0a713d45bfdd03995e304eb907e294192fe4c153754f60795529fba2e8ac6d4bb47b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit