hxxp://"hxxps://covid19[.]protected-forms[.]com/XSDJrUUx5S2tCaUw3ZTBpN0tsNXc0akJjanJ0YWlaRXNacitIa2k2Z1U5d2JQeDAxY0dTcjZ0ZXdYVTZLQzRTaldzQ3JkZDBPSTRsemFwVnJ5MVpGZXV5bjhxWnRCN1RSUXF1cUZhNm9HU2lKalZBakpwN08zUT09LS1CMWs2bFlwa0NFajhzTm8xLS00Tk5jUTBiVDczYVY2Z2JESjVlZ3Z3PT0=?cid=2196429275") and ContentType[:]("1"

Resubmissions

19-09-2024 05:48

240919-ghq2bstdnd 3

19-09-2024 05:48

19-09-2024 05:47

19-09-2024 05:46

19-09-2024 05:33

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://"https://covid19.protected-forms.com/XSDJrUUx5S2tCaUw3ZTBpN0tsNXc0akJjanJ0YWlaRXNacitIa2k2Z1U5d2JQeDAxY0dTcjZ0ZXdYVTZLQzRTaldzQ3JkZDBPSTRsemFwVnJ5MVpGZXV5bjhxWnRCN1RSUXF1cUZhNm9HU2lKalZBakpwN08zUT09LS1CMWs2bFlwa0NFajhzTm8xLS00Tk5jUTBiVDczYVY2Z2JESjVlZ3Z3PT0=?cid=2196429275") and ContentType:("1"

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711985303244540"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4696	chrome.exe
4696	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 4412	4696	chrome.exe	82
PID 4696 wrote to memory of 4412	4696	chrome.exe	82
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 3516	4696	chrome.exe	83
PID 4696 wrote to memory of 4404	4696	chrome.exe	84
PID 4696 wrote to memory of 4404	4696	chrome.exe	84
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85
PID 4696 wrote to memory of 1036	4696	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://"https://covid19.protected-forms.com/XSDJrUUx5S2tCaUw3ZTBpN0tsNXc0akJjanJ0YWlaRXNacitIa2k2Z1U5d2JQeDAxY0dTcjZ0ZXdYVTZLQzRTaldzQ3JkZDBPSTRsemFwVnJ5MVpGZXV5bjhxWnRCN1RSUXF1cUZhNm9HU2lKalZBakpwN08zUT09LS1CMWs2bFlwa0NFajhzTm8xLS00Tk5jUTBiVDczYVY2Z2JESjVlZ3Z3PT0=?cid=2196429275") and ContentType:("1"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa1fdccc40,0x7ffa1fdccc4c,0x7ffa1fdccc58
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1568,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4480,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4908,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3684 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4508,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4916,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4688,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3836,i,16344903910583475634,13449111081986899144,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c8bb2ba1be5ac7896783f69aab99ea5b

SHA1
05b796bcadfaa7693e9d3ef94819b26de8161f7c

SHA256
5922cdc0182b9965a911d9c48363e36c16d64dc79985564d45ad538cd6be7d45

SHA512
64c057342661cfd2b19dcd681e7f8dc2f8e35164246920a4b154bc1a785b428f554f29681b0dc954711202453d0399edd0b4cb3448394208e4d977ff6bddb7c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
962B

MD5
5da6ac926ca65e08b44c9262c800b096

SHA1
a99059bfa9e9386e8086941594872aff18c4ee40

SHA256
d001268d34362f3757d8de8b7a72a1a0da06c209d0670d918325bc1727d35952

SHA512
32483c454b845a00950417d51a0b95f123152d8817e955e6dc9cfc6cbbf26eb3c87ee94c4516abfc36ed212492358457a0bbe7b423957a4645a749a1f85d81ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c1f2a97454487394dd69b0fc83cd78df

SHA1
accab283c8eea18c35c8d13d2deb460938c981ff

SHA256
54c9ff6571a09cdb9deb9a36a2edbc202f398e51f2c72291473950173c61da41

SHA512
899bd84311a7e31f497f43ca5e447805ffdc0afe613af93ef4e18e227615791c3e3a5cc52dd4e1bcc09ef5c19738bc1a3908aa43f74f4cfec5a356d22405f9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d38ba803ce230a473278622a60b7901

SHA1
a800a2e6ee77054f760f4484fb68e51eebedbd7b

SHA256
7c07405e536ff4d3312c93e27041e06f86dcec73b5a04bd6dc0b5165d7b91a80

SHA512
625fbcbcddda6efe4810f95292febf8a97cb10a39b3018c024845faa0f169dcb2e304668cfddb4d77112658710ec34399943cfdc88ccf8fe1fdfede0e254ded9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cf1557479e27bc7fe0842ca4bd18ca9

SHA1
458f4461c8cbd053f0433a3841af4494c65d525e

SHA256
6cabe83fe497cabca2602f502ffe4bf6b6a0aba4c13661ed6ee33713540eee35

SHA512
c9b371cc10e5f18db26a109aba06697fab540687a1242c6e57152e5b40dabd01eedcbb5aa0cf5151bd0a6973c11fe1456c3bddb80b3b4495445493d87ebaec46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
58783aa1be4b34fb67c09d50ea6a0e5b

SHA1
fd4db42e4a11eb2a22611b2add7d6116f8b4ff51

SHA256
a65c803a8af219d5ee0a655ff35b111e7fbd5b41d04c374e7842c1123a9941c8

SHA512
39580871b324cd8488ada22550f16a52877d8ae83ea332261dd81303772ca098dced0fddc121b8ecb86806c3121b2f23ec10f74df8e69fa81913e4e205e24b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
411cee046cebaf909c5cfe844707f2b5

SHA1
13623c37157dd2c8031f646ce03d00694001f34f

SHA256
c3f6fba774fbf538039758df633ea255c1988bbb1104e3d1670c667f61962c23

SHA512
896c952760e8349106638734e9cedc99d58fdc4b3da3cef5d3bc83d5f3d42c9a03e385b394b26f2b192ac9f3cdb23c55572167aca14bfd2d37867d509e1d28df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6fbcbb9a0162288520ce9fb5b6dbfcb1

SHA1
8f168f343251f45259cf87c03880dcb0c105b708

SHA256
2a48ca82b89e33b966bc0986d96f38d97d8f642c6e173b901e235a5b21096517

SHA512
f529955b65ccee4f9830831027e3b0bb7eba90e1db7d22cbb4099f0b7da851b44b0fd2ba7ea201250eed96c82290d91e422f6335519afd945428b6c35a888fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3580e00eb25f838f73f36cb1400713c

SHA1
d31d7f7724361cb51d806ce504c79e817961c4fe

SHA256
310100898d8f97b3a69ef4f8da117618b007159918f900db368843173474b084

SHA512
dc1aad7f55b0899d8ac981c8ddf585a072bda79dee878fae53ae495dd06bc025fbe73d3afbba92276db3e4fc0213c73ea73bd38fa309f357095ce0ecff730fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b2090bcad1055c9e0783543d41f71b1

SHA1
7fce32c931c39d9f4bd589f1eb597b34f8f97a97

SHA256
5c2a18a0b8ed041639e40c4c56e785f6f8aaf464d4becdc68ea1ebba51b6ce98

SHA512
007bbb86266543bdcef9d228cf5ba6db54a4fc629dc2398061876d6bc4cdd3d76f5ba06e7c05dead809141ab8705b161ec550617fd9e9d06df6948b4ee8dcbdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d711cc8dbc2be6bdaef7b4e80338d542

SHA1
bf1bf4cf1825d0177131c7062d85d953c3fe05ea

SHA256
9d4366a0794e1ae312181bf86cbae64788b426651d18d303109dbf3580109549

SHA512
052729174b642e79f54d1df43775187a67a718b6b359e1c20cd292fd9cf46deeead5973d533b1f0122f1fee1bb7f2e506f3535945092508629f2f568d9e163af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
cf639ddb8f8e093d16f1f89c5d2df3f1

SHA1
135ab9649b24a3fc7b26838b06e12e05ecd704d3

SHA256
7508707c54026125a90e94d8be9bb7c64eb46a64f0cec2e0a8027cae50a1ed7d

SHA512
da162bb07af2eb7e728d87cc858ac1d944dc5209859899ecdadd3397a83a0c8f4ef589847bc2cc2f889d84df53aae2a560d6631c26e189391348fc4ba8c0e2aa

Download Submit