hxxp://"hxxps://covid19[.]protected-forms[.]com/XSDJrUUx5S2tCaUw3ZTBpN0tsNXc0akJjanJ0YWlaRXNacitIa2k2Z1U5d2JQeDAxY0dTcjZ0ZXdYVTZLQzRTaldzQ3JkZDBPSTRsemFwVnJ5MVpGZXV5bjhxWnRCN1RSUXF1cUZhNm9HU2lKalZBakpwN08zUT09LS1CMWs2bFlwa0NFajhzTm8xLS00Tk5jUTBiVDczYVY2Z2JESjVlZ3Z3PT0=?cid=2196429275") and ContentType[:]("1"

Resubmissions

19-09-2024 05:48

240919-ghq2bstdnd 3

19-09-2024 05:48

19-09-2024 05:47

19-09-2024 05:46

19-09-2024 05:33

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://"https://covid19.protected-forms.com/XSDJrUUx5S2tCaUw3ZTBpN0tsNXc0akJjanJ0YWlaRXNacitIa2k2Z1U5d2JQeDAxY0dTcjZ0ZXdYVTZLQzRTaldzQ3JkZDBPSTRsemFwVnJ5MVpGZXV5bjhxWnRCN1RSUXF1cUZhNm9HU2lKalZBakpwN08zUT09LS1CMWs2bFlwa0NFajhzTm8xLS00Tk5jUTBiVDczYVY2Z2JESjVlZ3Z3PT0=?cid=2196429275") and ContentType:("1"

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711984962671204"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 3464	4752	chrome.exe	84
PID 4752 wrote to memory of 3464	4752	chrome.exe	84
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1340	4752	chrome.exe	85
PID 4752 wrote to memory of 1248	4752	chrome.exe	86
PID 4752 wrote to memory of 1248	4752	chrome.exe	86
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87
PID 4752 wrote to memory of 3444	4752	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://"https://covid19.protected-forms.com/XSDJrUUx5S2tCaUw3ZTBpN0tsNXc0akJjanJ0YWlaRXNacitIa2k2Z1U5d2JQeDAxY0dTcjZ0ZXdYVTZLQzRTaldzQ3JkZDBPSTRsemFwVnJ5MVpGZXV5bjhxWnRCN1RSUXF1cUZhNm9HU2lKalZBakpwN08zUT09LS1CMWs2bFlwa0NFajhzTm8xLS00Tk5jUTBiVDczYVY2Z2JESjVlZ3Z3PT0=?cid=2196429275") and ContentType:("1"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaa069cc40,0x7ffaa069cc4c,0x7ffaa069cc58
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3296,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3760,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3264,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4696,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3168,i,4787541818334829057,696651132732724665,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
621132c51c75f58cdb6fb07f95753a2d

SHA1
44f262e64f68525aed7ace28cb570837673c0194

SHA256
aa006f24eb933087fff8daa390335cb14ef7878e6538a68a02680ff194b2e66a

SHA512
dab6daa073079c031cba6e7983b9f5e64bf894f97691090d16cfb9af32d9ef5c5ce599ab37d50f809c110677266a5e95a008a740b88575ca7616c540137afa16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
960B

MD5
8f10f1701a314b38d192ff6b89c99edf

SHA1
d8ac0f7e8640efcadd4fe368c387fac03462f427

SHA256
56df44c8b5988b08c82fe5a19241cae49ae67fac1e692d1e54e41c4fb8873bd2

SHA512
77c2fb87da8fa2a5791c0e700918244f936e2b3ac1fa17db03cac350c4576970a896cf11058d12957cf32b8e6170d661758b81f5fd0f5264a33ca9042fa76024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12d9c8cd78e420667776e4fa9d75930a

SHA1
b6d0b9c0db455f516a6812326b611d21ceec07e6

SHA256
086db95e668bf448468c01b82f257a656dbf4cd1973e877185b4b477fd551622

SHA512
b52772a9aba8b0e8b417761d52529807c02396bf7e39674da5e5380cb6400d311c97963f6ace7719a46584bf343787064c66f6dd50d4810908510e231f2ca21c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
785c4fe2efa0d1073278c1adbf80699b

SHA1
11dc136e016b9bbb5eb95562553b6b9a4f9006a3

SHA256
6ccda712a36aa13973dc431566a830f1750597dfd7741f9a50ef9ca0eda27978

SHA512
f628281e7c34800e8c296aa065e04621349fc0d89cc9e361af8680e4a87e1e5e44303cea13e59f2eb4643fb8794ab6c12884980291fd8863f612d9d96247fa95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fbe6adf49ada7d4b80136f94539df4c

SHA1
f9e0e50af082c26986fa73548a58b8a7537da173

SHA256
f248226c0d44c4d43bbdce008f8c43df941530445479ca3a467e170a43b1fa41

SHA512
2effb931a11b14bb8f3cef9a89ad65c09c83a93e5f6823138fa8052a8c45c6636f1f85bfb1bd8d5f3ce1e35bd8afc2aa35631b52ed5e8244369bcf9dab70f1b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
058bf517e3a857d58d1615ba44e50ac5

SHA1
0809ff8e76b6c727d93928c4f228081f971bd4bf

SHA256
fe5ec5009c8c1822ec98904c31f5c22b42524ccf35866eccc9671c7722677f0e

SHA512
852af4e0f62dabf5c81904f1f1dc9331cdc6f243c1d456c8760388cce638ebee5d85e16fa36ac410ef75df2bea96982d1c998b13e98a008aa068d5f0d9a73f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf31508fff403c9e4f807fde45682b0c

SHA1
fec9b56114ceb192b90a3d3e68f6bb497114752f

SHA256
35e5135dfd4a90212ef657687224a1cbc62f62e6d0fee01a520bd7294c711b5a

SHA512
9efc9154ae4800b1d36b9822f7df5cc0c82a2d5939948b0ac26b9f36057a800916c16997886e7cdeb93ef0fd603051f4d9e104130a3ddd2c806daf814a0c90e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67016b584dcbf861157b157c457bf174

SHA1
580115a4b75e65ee344ccc21aea42e3f543927b8

SHA256
6064590fa533ae87d51f2f9e3f7fe0ef5dfa3dd7641c98a87e566889c457df97

SHA512
7d80bd403371cab09cf5ebe564905cacad904aac6fef02057dba11a77541ed2d6bfc3bab6279a27b5c4297af1ef14fbe0a13ee14a93ec9108d8a1a7751afa4b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57736c8c44525260efe396b034b1c38a

SHA1
303e54bf19e21af9a2228ec3668ffbbecea1106a

SHA256
6f385371951a0bc5a05da107b566d78dd316847ae9a05277b8bc2550d2b2aaba

SHA512
b22eb87a8bf27621fa2e8053495b12b53a9d67fc8c245707261fae89ae821afe827e2ad8c757d0e14fe672537defb4774c48d7b475b7cd3bb793f066bd86acc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
547adbc9f805e12b7ea69db70b5f0a80

SHA1
fb77152ee2b3ecacaf98f44b6891961846320435

SHA256
c6b92f04a26143cb49ce44313af24da4194f69ab43ee2035d88fe622e5e003a7

SHA512
be684d79897a7393ce798978cee62bd6689bfae582c4e06c6c3222949f4ea7c2fdbb02909ca866aeb28ab14ce3c1edc897cf062f370666d8e641885c6c915249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
62a56fc180108377c4403cc65b80bbca

SHA1
9535d7aca1e9ff2f0a017c1c470f5f52860a31c6

SHA256
72c236e05a738878c28bf6307b87775bc60e29ae0f0cc47ca3b6d5571e13718c

SHA512
1d280f6313d9da9bddc4ebfd2169aac55276b2060bedc52491f6bc5c2c89d2396230a88ff723369c1e685f375b1108d44e6d8cba809702d8338498dbcabe9ddd

Download Submit