hxxp://"hxxps://covid19[.]protected-forms[.]com/XSDJrUUx5S2tCaUw3ZTBpN0tsNXc0akJjanJ0YWlaRXNacitIa2k2Z1U5d2JQeDAxY0dTcjZ0ZXdYVTZLQzRTaldzQ3JkZDBPSTRsemFwVnJ5MVpGZXV5bjhxWnRCN1RSUXF1cUZhNm9HU2lKalZBakpwN08zUT09LS1CMWs2bFlwa0NFajhzTm8xLS00Tk5jUTBiVDczYVY2Z2JESjVlZ3Z3PT0=?cid=2196429275") and ContentType[:]("1"

Resubmissions

19-09-2024 05:48

240919-ghq2bstdnd 3

19-09-2024 05:48

19-09-2024 05:47

19-09-2024 05:46

19-09-2024 05:33

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://"https://covid19.protected-forms.com/XSDJrUUx5S2tCaUw3ZTBpN0tsNXc0akJjanJ0YWlaRXNacitIa2k2Z1U5d2JQeDAxY0dTcjZ0ZXdYVTZLQzRTaldzQ3JkZDBPSTRsemFwVnJ5MVpGZXV5bjhxWnRCN1RSUXF1cUZhNm9HU2lKalZBakpwN08zUT09LS1CMWs2bFlwa0NFajhzTm8xLS00Tk5jUTBiVDczYVY2Z2JESjVlZ3Z3PT0=?cid=2196429275") and ContentType:("1"

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711984272340162"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1740	chrome.exe
1740	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe
Token: SeShutdownPrivilege	1740	chrome.exe
Token: SeCreatePagefilePrivilege	1740	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe
1740	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 3700	1740	chrome.exe	82
PID 1740 wrote to memory of 3700	1740	chrome.exe	82
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 3428	1740	chrome.exe	83
PID 1740 wrote to memory of 4924	1740	chrome.exe	84
PID 1740 wrote to memory of 4924	1740	chrome.exe	84
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85
PID 1740 wrote to memory of 1492	1740	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://"https://covid19.protected-forms.com/XSDJrUUx5S2tCaUw3ZTBpN0tsNXc0akJjanJ0YWlaRXNacitIa2k2Z1U5d2JQeDAxY0dTcjZ0ZXdYVTZLQzRTaldzQ3JkZDBPSTRsemFwVnJ5MVpGZXV5bjhxWnRCN1RSUXF1cUZhNm9HU2lKalZBakpwN08zUT09LS1CMWs2bFlwa0NFajhzTm8xLS00Tk5jUTBiVDczYVY2Z2JESjVlZ3Z3PT0=?cid=2196429275") and ContentType:("1"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe9555cc40,0x7ffe9555cc4c,0x7ffe9555cc58
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3028,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3392,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4424,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3512,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3840,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3420,i,13495183810772361736,4480244790554553197,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bdcc021ed68392092b03a1f47d2ed531

SHA1
e4fae59b717e03ee0a70bbd4a0383b0b59ba3aeb

SHA256
d67ede21b0c13b53f1dee3e6f00f5da4677c4905291b14dccd482912606ea668

SHA512
632b0972e41b21d2c9a95e0b57eb82502b70e0993882a2777422af4db42b91828fef8cba0a50fadc6a5e4b3ce887371c727b54ae66d1aa5b92c65b4a5cc5f872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
962B

MD5
67b47acf0f8cafd6d244820d4d075643

SHA1
5871d6a287b3017a28552550b34a97296582bf69

SHA256
c7d93cbbcc15240a2d5c679814ddfb447a20a560f1f768474b0c098aace8f6e8

SHA512
cf7a697ef73c8b30668f75615933c1cc065835d01c21256aefc81388c07dc2c5871b181dd9024464697a82d991938ce4cccd2c90db833a34e42af51f90592a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
826613200aa657f0bcd6c9ef5e68e447

SHA1
7deb87a720cc13a2428e2e2d0445c4cb45fefb7b

SHA256
77d17ae5c64003618583ab00d12ff4f4d70d6575c809995a4e0ad3a276514e4e

SHA512
21cc720fda409a8e7a7c1234f408703b0e0132a993b6675b7de6bb1cec958026c4592f65ca4ddb78b3530b581c38bcb913a409fe88d956ea93a737d478c300e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72d811986f93484d34bced4dd3fea9c8

SHA1
9d0f814af9345dfd5fabc7d0a285d0682e6b61cc

SHA256
9b28cb484e3729ad77968cc732bed5efba354f2aff58ddf6e0b6ecb02ac988b9

SHA512
8752804fb6324f8fbc5d7bcea213266960a968eba52967d7ad8e61ef8dd452ca2f3fe0e4de817390e9252d857e3a59712e3130476f84907fb658ef4e2135660e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21aa136c6b1658cd97564ce7d1464985

SHA1
1940bf2475fb061b714bf4eacfa4da4d1aae96e2

SHA256
51ad8d89387b851572c25b9ff282e44b370dce3e63a9d103863ec0bbd64727fe

SHA512
468013d9923744e3d695efe6f963a748970c3641fe0051c02dcd3ae3625d9b2b8b29cb3f5876a78642b067104dec5b3d3cc14e9980bb0131e42dbdc73b1a3513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a15357cc80a9bbb646e7390f796e0921

SHA1
0d8c7db3b01e86c74e6feae5d876750c01abe799

SHA256
61e218ba9c4ab7bf90c9e7ac53e7aedd26f1cf93b6abfa2a090617a1488c0513

SHA512
caf50f11fb468569ce078ed946d49aa726401a094ea41ac494d07639d214b7c6ac6ee65c918b8479835f50f2d8dafdf0b15bd20f0b0eb739b513f16ea8152ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a01060bd4a9644c07cfd4365bb7f53d

SHA1
722fd666e543798ed38a4ebbef93b83b7261f885

SHA256
82372b1be7d177715ee2ed0f2cf861806d6aec627435f4ebbf1fc305b855b01a

SHA512
d1cbc26ba718f4562fd09141606657643b68a95530e6ab42d7861da9862dd8d3adce505b50eae3bd5a6d72c0df5ab4ea88f1c61c47a96d6116db247d46a721ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c472b8e8182b03b1647971815d709531

SHA1
dae83b7aecdbd35408088fb03ea85b9fbc11f2da

SHA256
f01151b6f2b7d7ae0d6bbfebd365cd1a3b538c8e7c8f4e5e21194a38eb4a9221

SHA512
1945f0731adbb2e44216b7af20a7d37540db133b6f82d43d45d603f857c53a1eb3a07de757588c041a2ce92d82f04c5c28acdde2def1009f95378a0d62c3e4cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00fb6b45a95447f86fb8eb14ad4bb56d

SHA1
0f8d93ce5ffdf1ddca8dad40f7522efeea6080e2

SHA256
39614341790b8fe0301be59b201241cc5ec22eb1486b7feae1b45b33675ef9f8

SHA512
4b137d0c30e30e07eec509f472e12e6594363a094dc278e2e13b73afdbf5ddfa2bdc8c19c73d16b2303cf626bd90ca1024ca005a946bcf98fc2f21bcfb329526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
637fea74f3385999f184e5baee64518a

SHA1
8f36c94624b091573b8dc6a978c66b3284f43e79

SHA256
99add5d3628cb6b14ccff8782a6dc100a552f50b0b66e5a64462144f4e9c2b84

SHA512
6d8075c0343d4e2c03a8458bc93ae789d729ad44742ad30d6d78da1d09014916e8c49aaf9b5547bb68c2bb8d15068cda04b2a6f69d3bff23ed8e53e42fd51964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
972aa0317e62b39d7000109ebaf3dc8f

SHA1
8ba92ac6766965ecadb47683ef7ec8771122ab9b

SHA256
5beaab39bd3d0134aacd5e22e90c67dd32ed2a824e1d3aab32954bb106a2f194

SHA512
90d4336131a143c1548d953e5ef5ea6f9471051f31ecfa88a5fa02645265e0081ce83e1708bbee2d58f4590445b658001c436c3d6528f357508d36ca0dc9c0d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
eb68d4a9baecd9fc7ad30c9533a74319

SHA1
c0fe44509ce0b34f71b1aa4678b3aae951707cb6

SHA256
f6a37a1f2ccb991cfbd53df8b6c2236e953546aa86a0b1ddda9960a858bca251

SHA512
8819cb43a935eff714d7b2e146f86cee4425ffe009b7ca5b2b3bc15cb6eaca4669969639f5490f6a7ab3df7ccff16e1e84d7390ef64c8afb20f5eb81210fccc9

Download Submit