hxxp://gofirst[.]cn[.]com/

Analysis

max time kernel
299s
max time network
244s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gofirst.cn.com/

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688690965548527"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3596	chrome.exe
3596	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3596	chrome.exe
3596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe
Token: SeShutdownPrivilege	3596	chrome.exe
Token: SeCreatePagefilePrivilege	3596	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 3952	3596	chrome.exe	84
PID 3596 wrote to memory of 3952	3596	chrome.exe	84
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 4960	3596	chrome.exe	85
PID 3596 wrote to memory of 2432	3596	chrome.exe	86
PID 3596 wrote to memory of 2432	3596	chrome.exe	86
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87
PID 3596 wrote to memory of 2344	3596	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://gofirst.cn.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90994cc40,0x7ff90994cc4c,0x7ff90994cc58
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,17525764706794896534,16461456724911088497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,17525764706794896534,16461456724911088497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,17525764706794896534,16461456724911088497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,17525764706794896534,16461456724911088497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,17525764706794896534,16461456724911088497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,17525764706794896534,16461456724911088497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4616,i,17525764706794896534,16461456724911088497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2040

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
53568004789a2e28ca0c0613a8f0a669

SHA1
2cd3e63484ecd8e711acf37c1df9ffa213153896

SHA256
5410a080832964f5daa85e443031129428b1ea5f94e9acfe12bcdbcd1d6a4211

SHA512
504e61b2cfd605c1d0c8e324f807a522ab93f85dcb895380a78e941049eb2a6e782ec637286a1fe8561ec67df36d72d9e44476d02d72342d5f7b023b74d96dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
9469bc7f409edba8062a1a5114e31364

SHA1
13e9ccc0af3d3e6a9913c1ebf8b05f4dd914f32e

SHA256
60989c01d66a99615c302033088a5f3cc16b93b874be8de4a632e7f703bbd97f

SHA512
9d7aedc460c78cd1b06e5e980a0028bd172adedeefa90738005c835e660870e59d1503f8e2e0c16f2b4b6f208def7cda069b6193b9f413aae7370f145af6b29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6854487ff805ad4559c5973efd6e1000

SHA1
b06ec86777f9df7da86a6fed093e01d34bb1bb25

SHA256
80a4993d1f33eff76f5dc6b17a36e9a6c89cfbab7760f06d879099265a58c0a7

SHA512
f87aa1683539026a5ed9ad13bcb848a2d524579a29f9bad85ab9a2f2761c465bc17ae82dd834cbc3258f81edd6d0c626a5eeb586f2745578e3fa547b0452a800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c2c803b3a626dd623a2a3c4beb000d5

SHA1
2b923c76f3895e8ea9dc2304a58a40ba0865c86f

SHA256
04bd72a939c044a3b72f79de16b57233083122ab67a1d9a171f922b2e560cd0b

SHA512
b56b6e9d86946eb2f2d5b9a6125c866bf5400d3becb9e1f2f17332cdd8a7a8b8144c713a01b148aa0c6851bcf5e7782d1baa4a0e8637a982e91ed720fb27be34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16f903e294997cd4084c515fe60110c1

SHA1
8319a5323b3b06e1afc0eb367092d69d80c91322

SHA256
45b3e91baab600067bfb1e1310dffd34148b0997fa9ffde79bb9c4178f69cf8d

SHA512
8e220e900e0c1ac2b01cf626487b3d47930bfcc21ed5b623aee859f57691175720861a69d2656735ba7fcd8301f1c29e0630eee7f23f82617cf5eb94fd494bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38db858c270ef3758b8a6401f4332bc4

SHA1
4202e4cd344ff3303a0afdb1f29f3458c69b986c

SHA256
a9547a9230f200013481c3d160e62d0b77e8a3645dc5177203112bc2c73866c7

SHA512
0cdce190cc4f3f9fbf74b7e196bc7b22ade3dadca79298fd712495cc1dccbb6ce3e6dcc8bf166318d5f815ec161f0fc5dec0f2ab38359836a8bf3194682d4a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f3c9974ca73cb7a845e6e55fe25b662

SHA1
6884aed13ab97462313fcc482b5102a2f288294b

SHA256
f69b7c830cac062904cfff3a27c50384f1448ea92878f8c1b203e2070f8479a3

SHA512
7009be41c33df613ed1f86e012e3c10c217535bfafbf4700b4a76903ef7760429225fad24b69ff9c242347d2b6ca166b07bc8da64624beef62fda60703ef886b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a2dc7e84fd89a1b9167d3bc60b9f24b

SHA1
61485ea9c0d71dc2eab3ada8e53913ae706802f9

SHA256
8a16b74b1593a33fcf9f44c8cdb4f1d77121b0cd48df54e068c70a5935f49374

SHA512
ed4bfaef83c476ae5bc2cf11aa76ffd5dc515165e3a39c64b01aed31cc8b5d754a4e3b3d4edd1d5765a3f394c6c793364075c60f0b8ab155e212108256cba34a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
173336c729e2d5bb08054fdcf5e5a35c

SHA1
aa85a6c94cda4530e274e8ffd80ad11ca9d003fd

SHA256
7be868b9692ed561478aba4fa399520c9bb8ed4d1c72f6eb0cfa1255c9add63e

SHA512
744088b11b6ceb4015cfcba4eb427f3176a3e9fd9648ad542d6071a7afd4ebd5c21768ee62689760163d58c5f86a5ee68c8e7519da35c372e18fb93eb30af855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e5c3640586fd3551fd6d58f6db777ee

SHA1
c4766c6ce5d6ac8ceb6d566bdbfb5ed75daf412d

SHA256
a383d5a98074de4c4762d5c3faeed6dcd256039d03f83c2f0cb1813702ba434e

SHA512
4cb5f3968c05853aa851cf579df5b7be6dbbae10b4e87154e66294e307b24c17d299018c55a8c2a123b45d1cdf536c7f01c66ce22af136d3299535f05e3c3536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc386f219c775cacb07db9bfdfe2b9bf

SHA1
d1a46fe3e722f59483b56ab2ad25cfdb6adb39ec

SHA256
d143a13ef277dc44b6f528c55ea530c31bf07434f86dea154268a559db54a425

SHA512
15b62949b1b6a6713977da8ae4eedbb8cf76573865d88f28036ffbdfcef5eb237533470dcbf784927001d1cf359806b1fab4a4ac71da9aeaa5e7b24e774a7e8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44d59504fe15ff4acc409cde1f51efd4

SHA1
34e5372336ed4327c80ee1ca4c86da2d9068dded

SHA256
97132ba3146582eed41c15b2ee95ec0b667cd1d49027d47e8aebd336b75437f8

SHA512
5956979444aa559bf1e3d7d2ce545223bfca1f4ea8843719e7954c5545ebd57a7b10088ca4659ee45d05bcae1ef5eaf3767ddd8acbc1f8a1737958f29044327a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91070545cffa2e5ae2dbb689335648af

SHA1
5f1b5f79b520b12e719c7b24040815faa8769914

SHA256
623c0aa744e2367463d7d4d407ecd1ba5a59b7071524e486b69d5a3ad81efb3a

SHA512
4ff6a3aebd93c4b72092def1e0504e9744ccc06e32552a7691bafb567923490ae7aeb23bfe70e36c760c07d5a07f4b047a24bb18a64251bd499d947b879f2b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a326f7c42e3625b496d64e08160af4c5

SHA1
9bede7295c2e3a0587f07c66f9cdf3c0e2f25a41

SHA256
61647c4e25d85c048d9b3e3c1031020d10e5e3b69d9e94818fdf9f5e6c84a881

SHA512
09daf1cc68ba2c334be03e463ea3f0749a61438d1bb5cf2cea4fe0b6bcff0dfe590555d8859ca4cb1c447970e40a074f8962e27c5c8b799233633f361be8fac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
2bb7ef2e7da0d3ab039c2f4a063c16b3

SHA1
8a9ed46781ce65abbb28161877fdc04666ab31e6

SHA256
5ddc64f51e09449c9b0a50444bacbd51630d6dcadb6670f6930f061f82c3e211

SHA512
0235c623e2166880d707c3fa2ac74fcac33833560fc874a478b13893a5d85cbd09e9d72cf530ee053bcdc76905cb5e9a0262fc36e939fb8ed26bc6aee6326a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a3b12dc00f4424aa8004ad6438618c91

SHA1
092a01ff15b58026222df78058c9d3607b5130ad

SHA256
ba12862108c061f8cfd8515670add5516ffcdbb51361970e44900d8701b5ff39

SHA512
7fa06d6017e749b406238811bc8b117c0b055b999378a222040bb0810e3ae9cbff4c1e06c6f45cb06dbb168b036023d2b87176e4df0dffac1fe1ccb243504ba2

Download Submit