hxxps://covid19[.]protected-forms[.]com/Xb2dsTU44NU01dS9FSVJVeDNxUVZNcmU2eFYyN01jV1JHdE9sNUpiT0g3Q0xmVitydFBVOU55NFQ3TlBvYzA3K0Q1ZWV2TzVXNGxkQUlnMjljMjJPRWZIM1ZXR2FwdjlyMHFhMnlKenJJMzV6UFVzb0I3RXE3UWpMb3prMTBXTUxsRkpNcTJSMXJ3RHczMVE0dmJhSTRkZHBTN1gxc0EwZlFleHRFY1k2K3dVL0pKdWxLQU5sMWUwVExqcz0tLUFwelN5eU9RaUl2aUc1c2ItLS9kN1Fac29Xd0x5dkgxNERSQkJvRHc9PQ==?cid=2196429275 Detection

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://covid19.protected-forms.com/Xb2dsTU44NU01dS9FSVJVeDNxUVZNcmU2eFYyN01jV1JHdE9sNUpiT0g3Q0xmVitydFBVOU55NFQ3TlBvYzA3K0Q1ZWV2TzVXNGxkQUlnMjljMjJPRWZIM1ZXR2FwdjlyMHFhMnlKenJJMzV6UFVzb0I3RXE3UWpMb3prMTBXTUxsRkpNcTJSMXJ3RHczMVE0dmJhSTRkZHBTN1gxc0EwZlFleHRFY1k2K3dVL0pKdWxLQU5sMWUwVExqcz0tLUFwelN5eU9RaUl2aUc1c2ItLS9kN1Fac29Xd0x5dkgxNERSQkJvRHc9PQ==?cid=2196429275 Detection

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711973879275587"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3780	chrome.exe
3780	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 4948	3780	chrome.exe	82
PID 3780 wrote to memory of 4948	3780	chrome.exe	82
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 3968	3780	chrome.exe	83
PID 3780 wrote to memory of 4620	3780	chrome.exe	84
PID 3780 wrote to memory of 4620	3780	chrome.exe	84
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85
PID 3780 wrote to memory of 2312	3780	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://covid19.protected-forms.com/Xb2dsTU44NU01dS9FSVJVeDNxUVZNcmU2eFYyN01jV1JHdE9sNUpiT0g3Q0xmVitydFBVOU55NFQ3TlBvYzA3K0Q1ZWV2TzVXNGxkQUlnMjljMjJPRWZIM1ZXR2FwdjlyMHFhMnlKenJJMzV6UFVzb0I3RXE3UWpMb3prMTBXTUxsRkpNcTJSMXJ3RHczMVE0dmJhSTRkZHBTN1gxc0EwZlFleHRFY1k2K3dVL0pKdWxLQU5sMWUwVExqcz0tLUFwelN5eU9RaUl2aUc1c2ItLS9kN1Fac29Xd0x5dkgxNERSQkJvRHc9PQ==?cid=2196429275 Detection
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff96f57cc40,0x7ff96f57cc4c,0x7ff96f57cc58
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,2330867785352259757,3135151730067747424,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,2330867785352259757,3135151730067747424,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,2330867785352259757,3135151730067747424,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,2330867785352259757,3135151730067747424,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,2330867785352259757,3135151730067747424,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3672,i,2330867785352259757,3135151730067747424,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3304,i,2330867785352259757,3135151730067747424,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4864,i,2330867785352259757,3135151730067747424,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5064

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0279486011b3dd72a6dd271f683b6558

SHA1
660b4c4da60ec95c788e99667c2f8ac56d307af2

SHA256
da861c550816f2099fdcfdd7bde449611a459fe332acb2181dc622b1b9be5b0a

SHA512
323d38f9e6ca996c572949187300ec62319706c717665b164849d0c22cc6bdb032c4c751a765f493713261e6558ee79f2e7441a8293cc8b3a0e9e8374a13e32e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
471cc69de3387aef3c1112d6da82fbd3

SHA1
3145071328ce42d640646b6eac7e1b119dcfdae4

SHA256
597ed071add7eb2ee33748388aceaf58323da4e7e83c67c6aa38608d5807aa2b

SHA512
d8e75da78b86ec64fcb0d2703fd7bf4f0ab6bccd95027ee9e74d4c21d3146fb14e0565289a670030139a7ed37f29ddc3ff9edcbdc717ca698041c2d7105445d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
72faa7d1c86b0c4a068eac233ec76d8c

SHA1
89e0e6dd7e53e0b8889b492cbcedaf120080d72b

SHA256
4eddad88275759ed95ef1fdff713702ca09065dcac1b809e0febd11eac5b44ff

SHA512
eb3ed5b96b5b7941cac54012477d7e199f7f362222907afcd51a9885b194168052f7006aeea9f31c90245b1c42d74b07a61aa16457fc646269364eb4d24e8d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b5b5ea29f9ff31e1de0e06df59007906

SHA1
ce79fe3046bb93c93d8e811c5cafa530279ba5a4

SHA256
92b5a1a03702f067db2405079b00d01ea86e28b8a589bc2b7995553a08b59696

SHA512
e54610de9bee01d2dde06a48657ca65a7089226d4bc3bbee7c64af0a405a1a0c5c881c8d94e6b12358428b7ca485655d21b2ee0dc5b10cc6ec6e5eb46eeffb9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79cf68430523bdc56ca863c95066405b

SHA1
23ada24073490b79e058aaa407d2261f23dbad50

SHA256
ac92f3ad507b92a84c3acdc9e953bf666c578f84811977bb86c8ca0cd16d6cf5

SHA512
c99832c66271d2dce51714ec09107a833821fdc009741f80f81536e829dcf57b6d06d19baf1a0986f14666d3809ced2b4c97ceebc7731da0d0a04b91257afaa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c33567fd85984cf9b5715d50c8c4ad81

SHA1
958534a556159e15d8245a9f0a746d77235f1dee

SHA256
54355de9e78ea5beb437a708bda1721e93aa8099159a5bcf987ba5fddb8acb55

SHA512
ee6ef604c651f52a0e9e3b819b2ce5537d7728b8fcb92a0c5946a90b5040c7f608baca92a7e798608893308754a977f7708ebbd563268ce78c1ccefd39ee3bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5ed648eb114fc812ce85cb2033e3f346

SHA1
5d005fb1934996b6dd21a35b391aaad017bfc2b4

SHA256
1aeca23720386250202363e21597b3359bea38198e793c2eb8ca8a5110fb35c6

SHA512
9c3178c564d93abb634d31585f783f0887aade60e082b31b2d82ede14f597ca9723e7aed14d61fc4dbf3a24fd4367dac433cf435e22ccdf5ee603e52526ccda3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ad461fb60f41f09219ea9bea934a235

SHA1
897971d7e46c6f886c603c9a07341882e30b6b07

SHA256
fdbd4f88e54025c42493eb4322929ac2ffc455440cad514060e9c412186edee2

SHA512
5a2ba9f801732dd276bf4866758a89b42b83eb24dbd0eba800469c5f604873f8838e1414134cf2a3aaa01efe93ede06cc384a2c4d98098c2ed347757be2ea144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff3ea9c4c6f36cc3a06455af72987614

SHA1
91f90d0b964fbe342b12ab8a1ff132eb970acdf2

SHA256
6860b10f63d971e68234ad9b1971504de3a4ce76d73c9303f5f14b67d48dc393

SHA512
e850c46d6aca3bcb15042641f664e8791488f06ebc2ee8667b9260db1f743078acdbe16046f55e2e1c8fe38a373815698383470e28b0244ea7916c0c526a9fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78be93b91c9e2affc0e9fa93ad295da3

SHA1
8b9e535df90f5a56982ad37ef2519dd77b49b66a

SHA256
c56e1f38407338800d85e121c8306ab3c7101b8fa901397adcc636cd3f1c6c07

SHA512
0716add546f70f9996da46257ed0190aec6810be76a62ae02c2d18247d4f3d263db8e07b01bf13ba8dc13fcc9e523feb7f1dab539536e8204dce608e32755ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74e361653478a9d976b29b279fdbc23d

SHA1
b3bb0b4a2634d965dac1523183ec429918e5c852

SHA256
970ff900f381154c84b8c7ec13eb496005ae409fc1897458ca253dba9feee4cb

SHA512
2c8caf805e1b911b64e6310dac2de9042fdcbf279a17de20ef6642394ca6dd0e3a4ac8110ca442a27ce7b89e3a85596c5bd6c80c5344d6a0ff33731ced142f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
eac60b4c08b6cfd3990386efc375dd7f

SHA1
310ca4516fc587bd8d915ab37c1fe3e92e09badc

SHA256
2738c7529bef2fdf5272a2c08ae591f3e5025000829e3b30862d3a0d9ab008f3

SHA512
50cb4ca54bc056d98f22d999d4cd36fe8cb29d4760c553a3a34e996325421c5b534857d9eed22b31b37e113326a500a926ed533c33e9d7bed0ae65aa4c7a7da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
2689a4eb478b599dde336081cdd3c70e

SHA1
adf460699c5c7eabe637c7c4bab2e9a39d046883

SHA256
f52a6e4c35c1d840872a5e8461884fe07740a19a634ad94a719990db57f020ad

SHA512
d69b1dbcf7c88d60be31b8a53bfcf65d54f23bc9ddb233465fd27730298b5be96cd96d129504e9befac06ff8897f9bf001302b5f5531916247d6537b3c484307

Download Submit