hxxps://drive[.]google[.]com/uc?id=1tqdgfKtCDIf5BkUtpzNrQXCnzhV3ibFV&export=download&authuser=0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
27/08/2024, 16:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?id=1tqdgfKtCDIf5BkUtpzNrQXCnzhV3ibFV&export=download&authuser=0

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
7	drive.google.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133692493774525706"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe
4996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 1216	3016	chrome.exe	84
PID 3016 wrote to memory of 1216	3016	chrome.exe	84
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 1996	3016	chrome.exe	85
PID 3016 wrote to memory of 4120	3016	chrome.exe	86
PID 3016 wrote to memory of 4120	3016	chrome.exe	86
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87
PID 3016 wrote to memory of 1076	3016	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/uc?id=1tqdgfKtCDIf5BkUtpzNrQXCnzhV3ibFV&export=download&authuser=0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcde7fcc40,0x7ffcde7fcc4c,0x7ffcde7fcc58
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,9070476233711314243,7219912979448928722,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,9070476233711314243,7219912979448928722,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,9070476233711314243,7219912979448928722,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2268 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,9070476233711314243,7219912979448928722,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,9070476233711314243,7219912979448928722,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,9070476233711314243,7219912979448928722,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4872,i,9070476233711314243,7219912979448928722,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4996

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4180

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fdb381e31803acde4f999e64790aabaa

SHA1
4a3115ccba3e20d16fdc47fb7b73804cc358937d

SHA256
904810afff5a73c3e91ce96f56829a5f99d032ccf1d4b509175c16454dfbd06c

SHA512
878997b9096dfb26626eecdb5ab59d52dfdb5b3d8326c9bd5e6bab63dfb191babeec16b758211f9991d0ae97ccecf4f6faddae1d8f3ad0e461f20a6b345ca62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b3a13b503457059db169d8be04f9f0c2

SHA1
dbabbe12a769871f5e057ea9f12fa6c242f97746

SHA256
79597cc003436b10eecf0e0d13eb67b135f6220f248b31884bbd905ec9f1189c

SHA512
d13b52f321c00a967936bec4aca6ade95bf9fab0159d621b0bea8d0433cee3d5cffc2c52357ee7193e6b095bb00f04e44060564e3db98c342fa285b3578655a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
7233850b2ca66fa68b5b20eeed4f9450

SHA1
2fcd1e90294000f97d89b7369c0dd8c5b733cf56

SHA256
972f6d036d40675436ffc19b04baff5b98583cc75d9a6094bc102a4b853bbea3

SHA512
341ca3c66d04bb24510ce19b8fb83280c0060d498030fb32f570d5b851c337083143964fefd6466b0d1219836fccf6329567f843e6141a14e8f3dc0de645795d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab4aa8115b878ccbfc87b7c7844ce222

SHA1
7d1ee296ab35221d0cd9c846c2cfd5ba83337c66

SHA256
7a7faba29d68576cc40c9d78bd6bf5ca735307e8fed1c70940e0e09c630cad5b

SHA512
4d48342937ca95ee7d439eb7e5cfd5cb75197cfe422c41b856add202734b8021a944b9f7bba5596ac4e3f6475a00417e5aacca6d47452ea92757f34cf0e9fab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df281ce4e0469612e0a15df8d80a9db4

SHA1
a5bcd310ced4222bebc392e0c2cbe11005ef4c4f

SHA256
d8acd48e0a2745f3e63c8d73765fa84784515b9b0127724f36a06e366c205b46

SHA512
cbdc457f8aded7703e0f300ece08b8c90280b071ddfaa2af331e6b77784a298839f764349628b4ff7be8d2db69be710dc8b339c3f614fb30260cfee2cade47e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fdc8b79d0a7c01f020c1a9a729342935

SHA1
aa3310fd1422c35313a3cbd26cda3f4f39c31ed0

SHA256
5c215c9a8bda3d1b88850d2d6832640ad5c6a4beef46259a9b8b7b4992f18d9d

SHA512
1c2ca0e38a90c628a076f4f15a9766b1f8fa19dbe05b1112761785f286400c9400367ee48ae9e6984d66f82420377082b25561e3e15f166ba8ba33b15313c4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9955e6b487181f0f3f3348e49081b6ca

SHA1
d0ded4d712a7f08bcea1bdc3732eefa8191f3ec2

SHA256
e2fa693f859861253ace07450f6d63a412555ff7cd69a811e928c61125b658d0

SHA512
437c68811dc8167da97cf30847d1bef774c2276e9b4e0e1abb0821777f3c5711a77df682977115e954370cb0e9ed91edcd63ebca40f618247df85cce545da933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c305a527c0ba7be34686a6da932d8693

SHA1
31413dec6ffd07d3483ae05cdbe455903c16aaa6

SHA256
3f5a66ffa1bc9433198ef92f705cdeea7a094b0a16e9f8b8f4cabe628df260a2

SHA512
63455f948e9603b36bfb591ee17a9ee93d7f4d298ca64222a01c1d00c2c28c80bf76449a4cb87759f1525a535c802882027caee17dad7b91600846bb2037c7ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe04a1ec2e0e7770685e3fc28250afb3

SHA1
266ecf958ec6e30ad407e760afb74367c3c99a92

SHA256
878aa08c8c50e3fee67fd8c42e417e6c19d65dc907a88d1d8adf60736a2824cc

SHA512
6bd544917e64349c08d3d878d9a079270ee32d805d7400338b52b41822899c1432cfa8bd6cf6c0518df267f3b05afd166fa56a160d817d9210115287e94dbaf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
fd7e28abe264dfdfcf6e9c17882a8550

SHA1
7d992f3f4b84d9f9f4b3b37eef3b72664cad6d54

SHA256
6a65efd6187d23437747318d8f8f8c08e1518dcbe10bed517c26fee4e3ba4d13

SHA512
3602faf01b5e85f71b45fcd5fe37cf1b91d670e3cf2b7d6d6f071f60929199b3b09e82f833718f1976f3e037d73785f115e6568439baaf7d1da67d3c40d8611d

Download Submit