hxxps://v2[.]api[.]sawgrassexchange[.]sawgrassink[.]com/user/service-token-legacy

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://v2.api.sawgrassexchange.sawgrassink.com/user/service-token-legacy

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706494100194749"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 4544	2460	chrome.exe	83
PID 2460 wrote to memory of 4544	2460	chrome.exe	83
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 4724	2460	chrome.exe	86
PID 2460 wrote to memory of 636	2460	chrome.exe	87
PID 2460 wrote to memory of 636	2460	chrome.exe	87
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88
PID 2460 wrote to memory of 1596	2460	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://v2.api.sawgrassexchange.sawgrassink.com/user/service-token-legacy
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaf28bcc40,0x7ffaf28bcc4c,0x7ffaf28bcc58
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,627254003928163429,9648573582516191276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,627254003928163429,9648573582516191276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,627254003928163429,9648573582516191276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,627254003928163429,9648573582516191276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,627254003928163429,9648573582516191276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,627254003928163429,9648573582516191276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4760,i,627254003928163429,9648573582516191276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1296

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ab532bad4f1bfdc2e0f58862d3670bac

SHA1
e331ce20350f5f835cdf7f9723e3b69ff8aa6d55

SHA256
94e09d2ebf37a72030cb9ef31d494d3010f8460ff8f24b22af6f49465aa099a7

SHA512
ccf887a24df8d417c2ba856a88dcaa55aa3a1f66f0e8652a4f64dfdf89d38c3fb49580d856a62ce5baab3d5b28c8fe2b2300f195443d7b3d657f7c451a89cf6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9860f59191c0acd9b90f2e6fbfa23d6a

SHA1
6efa1ef84bad88b9af8e16adeff97419cc0dd7cb

SHA256
b9d6ddc0fa313cbe2cc902f3f1e3871303f010af729fd6ce635fd7cee2f42fb5

SHA512
738e4076d0e9d3c2824364634d5a1e82ca6eddc6948b1516e15348b75d66d4c97c46873903467cacdd7b96354938ae24e94754cebe2998c8d97b495b9a952621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
49f2572804ba120554ca45b569f0ba35

SHA1
e2953d00b747ce15d0bd7066ecf9c856ea30e8d9

SHA256
dfd15b1a6a83496a0f1ff88fcdfd7331e4ed10d12c2bfc1ed34b8e9e1ac5d9ee

SHA512
2699e154274d53707067a5df52783029010d4eaf7d44107b0f035e193be4ebe6550816eb066b51b18eb2b805618544ce99f76e062440d0438311c472db5472eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a76e2e83ccc60b89522584714dabd0b

SHA1
1ea8a04775659e69e90a4fdd4cd9ce96e1c1a1dc

SHA256
d7ac70d60e39c484bb4133b127cea10d3111facf460508d6b12c79ff7570d421

SHA512
6eb9e2d13a821954eef3f28a6bbcc460fa9ec367782ad21272e4a0881fcbab3ee0092e15fa19273c5de94df0d4cd238540b4862a26cbff884fb3e4459ca40ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
253d90a1ca3b7dcf8f77ca9aad0cb549

SHA1
5f27b0485b7cec61a9d5c38f197b5c7bb5453ced

SHA256
171c3b68e8a9ed682677473c602b5f88658168142b3a9a7312de55632ec4e929

SHA512
21b6d6c05e272a4a1bef0901817e061e9be97ef653eb6d5922b0ab2dc42a8bc393859610b51ff229b5e51c87a926fb693172740731e5252826e5834c25ff9222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c38403a64f9e0fb2d32aa93175f312d6

SHA1
323fe802218bb1259c23c74aaf6b3a15e3e14ff1

SHA256
c08680635adf1730eb2376315ff1ee99d1869f51f7c2b76ae4cd6ac2bef04f1f

SHA512
948810bd33b05c66c63423ca17e241b2e000a46da6a484a038fc5adf91f0285adf312ffe9fe1c776be59245e391e3a279971fa6625950461b207cbbe3ea2b366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3481ec8a526d31277063ab10d14eb455

SHA1
7141522b11a779823f1be3dcf8dc347ee7ebbc6d

SHA256
f0e4b88b47cf3fb1cb9bbb54573fe15d7be7d0fdf5d0ef691150273c11bf2e00

SHA512
bb3364c929c5d378d129b495420c8d9589fb6d8d575bf3fa73369b5534e706f7773cb622a36fd4a4734acf21aeec3c0a3231734ff5d885ed70840a4e358565e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3da645bee348e21e6663ad50a0d8808

SHA1
414c7f8a8672d9e6fa0406f7cb4818889473c97e

SHA256
d094c7f699926ea53be41403a98029b0caf3ee52c8abc0b6842e37dfc1545ea6

SHA512
d1e1081015e6c6919a6bcf3836b089d74e0cce132367f3e6adc0e0da56ed898c733db8e5bf46d6cc27e2fd8cc193ca51e03631e52b769378a9cfb4f055ebfcfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c935e07b24d2cf2f28891ba81d16a1e

SHA1
5717dccc886f75cd3b67571c5f2558c014516ca6

SHA256
106969a7b51fce711feb5c2e81931989806dc90fee8733e4a216c8084d8cab85

SHA512
ca4078237c93d35a852efce83d7860d2db0d78f5b7f39d58db4e0077ef1329738f442bf884e4c0041be1b012fdd77010e07e2a0ec26e4a8b1e1faf75a50ee5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6588fafad0694e71ddd36c13e020354

SHA1
560adbd0774372b10261088e2320574d3fecf310

SHA256
5dce34b0bef0ab8310d99fd5c021aaed14538ac4f008e5f81f0112f118c2c482

SHA512
7471bc6e7c61dbbaec13f96c8f8f00bc3a49941825bc4b86a5f008868a5664b64fef0ed316ac70e8df8e76d3d4be33e52c761ebc56db4263e6b84422630b3559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
57d406e7062072b3cd53852f8f298ced

SHA1
67c183ac92fe2d2955bb7992de8cd9c5ade1423a

SHA256
b41ad7cc5c9728a394e6ab8e9e51d5c7067c378b61caf5a102f28a5495fa6baf

SHA512
2ef2f8f7847a6f6fb527339ef84379000c3976b2a4ae765f21b47d3c2ad70a8e8adda3fe0fc913a8e6a5fd940986fc63bfab546778b9a0539f0f2d64030c9131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
932679d64000c98df6ed5297a599d041

SHA1
335d7da04aad11d71db767e924da0ed3301f4ec9

SHA256
a0eae81c70c0c3cf3f35d53ac6558541f022eb4de088d90f211cf18fa4956f13

SHA512
a9176ed411eb452a57babf89187ee20620cbb29e3822a4dd0a2d4bb5901fa8dd69ba5f937a572ff8d0884da96afafb1c1eb188f2314d6b1915ac7a9a60b24a3a

Download Submit