hxxps://padlet[.]com/jeniffer009/primivo-group-rfq-z4xz94m1jy9y960r

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://padlet.com/jeniffer009/primivo-group-rfq-z4xz94m1jy9y960r

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705705498907685"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 4112	1096	chrome.exe	83
PID 1096 wrote to memory of 4112	1096	chrome.exe	83
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 4128	1096	chrome.exe	84
PID 1096 wrote to memory of 948	1096	chrome.exe	85
PID 1096 wrote to memory of 948	1096	chrome.exe	85
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86
PID 1096 wrote to memory of 2384	1096	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://padlet.com/jeniffer009/primivo-group-rfq-z4xz94m1jy9y960r
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffd50dcc40,0x7fffd50dcc4c,0x7fffd50dcc58
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,15349084135430619738,16359275226763313374,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,15349084135430619738,16359275226763313374,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,15349084135430619738,16359275226763313374,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,15349084135430619738,16359275226763313374,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,15349084135430619738,16359275226763313374,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,15349084135430619738,16359275226763313374,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4828,i,15349084135430619738,16359275226763313374,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8fa64ce1-fabc-414d-a858-b829e1cc6493.tmp

Filesize
9KB

MD5
77fac20739ec944b5662400c2d9c42d0

SHA1
29639a3ac5601e2caad36451b0e17376c556acea

SHA256
ec40fe0d0f48a01714f8f2fdb2a574ec89691f9cf8ceab14da01c6db860906af

SHA512
00ad5a9c61d622812c5373e2d5e7797d1c85f65a40f24e8e1dd001c84d99e17b94032816ad7cad1a63679131ac820ee2a206767309ca9151d6af29f64fbd268b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
07d4472c9fc1f653d9f4a8b8bf8a6e02

SHA1
d575ed54274feecd30d5084d3d94947c5d5e802a

SHA256
43cb26107d002ec36ae17f2804487d23498df4de8cafdf571d66052000d15e7c

SHA512
1cafef4b0cb24ecbe2e2da02b72e57aa2cac55203bc01d4b5d1ebe528c12f012f8cb6fb31770db389764efec7b7605971d5b196c5c45b00ff9a7f4543fca548f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c100cccf8d6ceab2633a3fdb43136539

SHA1
c7b573be47b27eac0dd8050c474c0e3527cc5a89

SHA256
87f602658a7bcaf129c675c448de8ca5cb069f0ae3f136607be8ed66a663e381

SHA512
da47bea07b4a21556185774135ac45497d3f3ce16175cab8ca98fd5edf34f89dc5ff3178c7909b4347d4384c0136a4a9704e039dc26b7151ab16f787e6f4fbd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
2e00fb610931d8bae2fe4685838d6092

SHA1
9012ff5f2dab4b9960e53f13e6a8d6601c845e4f

SHA256
c3869f05cbd9786080066b36dca6608e4f9a04048420e3d9e535a30a91f1fe4c

SHA512
bd06a96c8706f89ac75611b28f9bd0f72effdb8ef1f047dd0091383cea9c17200468b546c190696ddbdec0b208c33cf1e28a7b17e8ae8a0194e63ddedaaf7405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
10e8bb3c4e5a4ad53fb2d2819cf5936c

SHA1
90a08624ee10c22db698a471fcddd7f9adcf8eac

SHA256
11e8261582c33bb78265521e1d115d70de96bba795400e7712908eabd38d6ec4

SHA512
35f8b252f573179888d64499f2486956ef0922b906fffad1610817f40f2b8fb661f7e81a78dcc5f6a95e3ca8156d28829587c98d3d9fb126b4298b6baf0ac91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d52c1ee4c5fb98ff1848025d7f75567c

SHA1
927b60416a9c25b98e2cd21efd364c35750f9307

SHA256
95679c1ba702f687703ccea898a45c627ae4bf8cdddeb40034e9f3b85a029fd6

SHA512
9704494685a57d4e735456334f479421c93db88a7dda4c5fefae31ad2b121fa5fa2d5f244769e097462af1d8ea9d3172edbf3424211fe89de05c514cd4cc26e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
5c6edb202eb9607aee8f455819a00b60

SHA1
686504261f79ff97fd4bda4a447c198d8241a1fc

SHA256
61ff85d9d754393a9f7b1a597978675a6d7bf0639895b4b447b9bfd97327e250

SHA512
dd894727407fa71f7156b99daca118cb5d7e6c6d6db6b6f9ba7a5827480e95d739c621686c670460ffe94ff6b9bc2ba2fe9bef07ec5f582033638c7b634654a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
3f3726c6cf5e7a29907e75220d277ec5

SHA1
f4a7c491bd319973a124fbf865db3215bb431be3

SHA256
22399180f9c175938d0a6681f7504afce30dfe15fd1b021148aa823e4957177f

SHA512
125c5739e507f8474ae1c2ca114342721acbcb618fdba5bb7eeb2a8bd4dd140ca6f7df9698f8bcc44bfe40de70f5db21fa3725a1d55e80b73aaaa720f49d5d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78a78d6cb541f009fb89b4fd4d1bde0b

SHA1
cbe6cc76eb94b8c4d27bb9ff1fe4a83451d18756

SHA256
226433fb1b51fb593a6e44ff34c3636b626f311eb13f53d9cf2cad724fa0a9da

SHA512
e881ff602e670269daed0e79725cccc7f596acd7fac42ccd239ac3a49b2982c38fcb84fd14b5e5b8963c7d14d8e15d8ac520fa697359b4b3734f9de0172e7d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2608f2b4813bcaed2f0b9c359d78cba3

SHA1
66e91a05dcbbf8a27d513d192d2a86bcd4f6bae8

SHA256
af25554449773b4e7720504b8f895ff0e257437f6efd22ea32743e8a6a22511c

SHA512
e61f8f8b2f56816e6d39322f1a2585b05053e4ab2df403de8d0178b9ced9d8ad70cb14c1a0dee9acc6f81f65d60b0961d595c657f61324130344af21a65a0351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d9300c6ca9824d62c7f2edb1f8115de

SHA1
ac920c70f2f12039038bcf48b6b8c9c45c67ed7a

SHA256
c33716cbf78965a01cdd55a73562d8a15673e9b7ad1a33421654ce5c588e2251

SHA512
8af9df49ae8db87bc15a3538a17cd980344d53ecefc299b081fb759427c0164006bb14d5ce9c960be9f6e4129d2fb433641068d7442e56ee312aad568257cb2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f66bb32abbc634177f11e7ea7b7f850

SHA1
fe5c2da3aea609b9f8b73df5ed65df15a9172dc8

SHA256
e2477dde575f858a4ca1bcd16723b53ba602f7622f4bf47f9b8b80a02688ef8b

SHA512
03938e1b4cb8cb8595b561e02ee14f5d882a22b7f751f46eec87dcb4076f29bd0e1624be499215e57a42fb644726d8e019eadd564e0ca5baa9598744ffd12458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a08a009f5fd9455a49e844dfc7d00014

SHA1
f6181dacd74bbaf3ad5a18c3084866e8700b5e22

SHA256
40e96d24fd62cc3f2393463f981d47680fe5d3529799d0e0ff181d405c569fa3

SHA512
8afcc256d96e3fe2b30d7c38ad1ab35633afb0e693f85b48fbef003ef19cc3e52a619f297de7a5da43d8458b7fd6d45cc2beb13328f2ae7f1d8f98c5a7e4839f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0ae82644081801b47461d4ad8a46118c

SHA1
dbafadfbe289691bfca190d4475ab4abf4c5fbb1

SHA256
ac11d1ef4fabd6fc7affe22f1220af018e9ad6bb8b457e0617a9804cc3655c5d

SHA512
18b9e06585ca55400874c4d9d2cdadb1c9169d5713a7b129679ddd36bbb168fff76b7135c061a57e010c95cad9fcea113ccd101ab3f9f320f0f31227d22a3e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4a6455ef2d588fee0f02ce811ed41615

SHA1
259d3650da5478d131cb7b77a30e2085611f7818

SHA256
ecccfb474446c29a904368487f283d90ed6e0941d3adec3c0a903d20d376998a

SHA512
533ef1eb9a21262a1210575e4957e65147d756af373f8d4b15d7a987c9af85f52c85be3595d10b83be62ea2d3a21742c5c8a2d387cce13614cfaa22a559a3b5c

Download Submit