hxxp://blog[.]bingocard[.]jp/?wptouch_switch=

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://blog.bingocard.jp/?wptouch_switch=

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133698629842679507"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 2172	1040	chrome.exe	83
PID 1040 wrote to memory of 2172	1040	chrome.exe	83
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 4232	1040	chrome.exe	84
PID 1040 wrote to memory of 2468	1040	chrome.exe	85
PID 1040 wrote to memory of 2468	1040	chrome.exe	85
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86
PID 1040 wrote to memory of 4956	1040	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://blog.bingocard.jp/?wptouch_switch=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9a90ecc40,0x7ff9a90ecc4c,0x7ff9a90ecc58
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,13476416249637913296,530774512410710323,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1708,i,13476416249637913296,530774512410710323,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2112,i,13476416249637913296,530774512410710323,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,13476416249637913296,530774512410710323,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,13476416249637913296,530774512410710323,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,13476416249637913296,530774512410710323,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4728,i,13476416249637913296,530774512410710323,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4980

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3364

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
97d6ad6fe930194afd7e89b9f2e8a9d7

SHA1
8d917292c79b68e127d5a3d7fb8148da8219b42b

SHA256
06b14525d72bb9818e2a25757f42a3be704c16e454df8258518843e2e4e8eef2

SHA512
8870b1c0b56603cea3c66a52e9509e56c28af01e0e993423772fe077ed9e58e586d897923d3d00ceaaaa32ffb6a53340c2d668b9917bef420d5915fc1e49f9d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
962B

MD5
e9b8becca27c2ae68fe5c739cd83c91e

SHA1
286957e4e270ae2147ed05b0e956c43ea732ff2e

SHA256
1f07a2e33c88d99c6ff8d9fb5773fc6a532b714eaad601a52b901a1c3869632d

SHA512
8886cd20ce805ac0f3b881adcdecd68468d204dfc69680dbcfaff0a9c046c36f6f7b3e904505df6a59c9d54f72fa27ae9060d8234f76fca7ff85081a06c70e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77fe40c66ab522d00c67f73878ed4175

SHA1
c0fe261670cdecd962e19d7b37798d68d2435bb4

SHA256
f05e00a6fb6678ba30a718b76683f2a1a8f9c14cb634379872461cf5e9b7558c

SHA512
92f7672fcd9259de4d8615425b62766522e55b49c26e6d63d640c313f8e661f53a08b69b5beab202a09166dfed1a4ad3918bbae49c8d1d46a4a676a375320ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5dcefc81dba7dead68d4c34286c218c2

SHA1
63ff1f79414d53fb4305150bfc7ed370547056da

SHA256
eaa42479ea014afeeebe3776a61f2ff32d13b7e885891926aa0b00a3c0585d8e

SHA512
2c30fb955d7724e2ba255d53450e90a765d3e014bb76979245288f88b40063fa30708025d135d75e4d46acd734080013e99fec65443d9390b8b3ba341e898bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad488c1a77da5311833db9acbcf7fb79

SHA1
c4ecaa0a58a46720c9e0ce4ec4669f07281ed611

SHA256
4b437cc71a68494ae095c126aacb4ff35d0bed67ed0ef111736243ff83183289

SHA512
1692acff4b46f847ce17f69920f7d74ef1a64489011d53ffc79464f4ae71cd83c36cff2c4b6a5fdcb304da89a906f67339b867fe4e532984246a7afffcb40205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7fdf690196c228e7b3bdf1f3b07f2955

SHA1
132fc8f4201d51d9f6c52776a6fa45c027177d33

SHA256
13e8685bd89f9adbbdbcddee95832b8ca1e7ce3fdbcccdbe3d1ae5e0c7b1dd74

SHA512
6ed64b2241dd3276b6c03c0a904ff301594426c744b9948b23816bff04ca7d20ef6ed7aca1cb05880d770d1ffe2935c8d431e819dd9cdd1c61b0e1147fa1d850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09bb7157281c9b778f4cfaefb7cf768b

SHA1
e648c6ad796a627a96f04bec99afbd571c2b0356

SHA256
d1d9cebd9ab3315c67d5c773b6ccca51629c134421ec54fa02353df185f3e5bc

SHA512
22e0dcd58f0cf8394a0cde5de974e769db23b06b201685a3b29c677493d000e78260751370c54158adcc2f4453e2ff3363a79f75329fb98b0210787d5744dd2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2789a63da57736b5cb5ec33eef663ed6

SHA1
e614cf513ddec772326255497f872c45f80b819e

SHA256
d0f1db571b64c8a15ab532ed086c0001d786eead3a319dfe478fdccd73c5d86e

SHA512
7142fc87c8b95d0171695179556423a8671d2f49aa37266aca42f00f28ac7d3adce1c422c73462ad021d9f2f4ce4ebce071d179664716ac3922bd070342f8629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e806c63050e5a7d3bf979e1b54f310a1

SHA1
e6fb9cb970b57229ffa5eb2e292f27f6cec2ee67

SHA256
46e04191d85366da58fd5185bb306438abfd856a78e7719ffb75f8abc5f673cc

SHA512
b1ded72c6e7a63add435e9434cf8bc202deb0020ad8d28cfe192a5a6f5c295dbb889e1812057c33aab4c3cdc8e3bc2d815984f61b1f56eae0652ea4113eb9fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5bb7f13123e4acf2b1933e73c9404ac9

SHA1
c41cc951106ea303d19e689dad1ba9bb4ff5576f

SHA256
389b72e85f369ba3c2b65c225167c527a3db26fd6014f6191102fab10a40f6a2

SHA512
7868025739473f3769d75d6f60fe14293e3a3fac618c68f3ab80fa2d3d0dc9549c888e6530f707443620a6e072c9e46134b403a39d4c556bef2e4cc1d818220a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e58ba0c600193ab6467f3bacbe2384bb

SHA1
cfe1ba7c3185461827a2efed3b1b94d5eb4b7034

SHA256
c61d8118aff84256c6a330345f6befa82f54f5c250cfd2af346f9020d03eab65

SHA512
35ddd6b9ea02e95b131bb0ab0e19be355e0356655c2a8312c16c9023c95271ef06fbdfa8dff82c531f4c9be7c302e396da267e8277ded1ab5f95a1097b975c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4d10b78d3759fe3b7dc1c93c04cb2059

SHA1
7206971d20a34d9d4f8dd2b3421ac43763f49861

SHA256
25e1ede57709d7cb80e68258d99602466a95c6bb7a253c4727f3cffbc19276cc

SHA512
e4419d84e51d8ff7f14f928dbeb44955518db84c068592a9c065aa8a27926997bec7a8a1b22ad3fbfb4eaf1e19073b01e859bece6b7cd54f37464c05e9649eda

Download Submit