5f84f636cdcd12e0bd43b25164a3834613e3ffbb29942137f02c5de006e74743

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 21:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

896KB
MD5

ca1344161b4c611a458f8e12a2728c92
SHA1

b026d48e33d679ecb0258a0c23e18b986d81602e
SHA256

5f84f636cdcd12e0bd43b25164a3834613e3ffbb29942137f02c5de006e74743
SHA512

d50a8a413d069c0f0f20d57295bcc0438ba6c88678a11c931c8b91dbf9e68a9ec08fa36145b7b880322f398dfe3da6b9253f1aa15b079bb5c791f2b97f01e1d6
SSDEEP

12288:UqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaJT+:UqDEvCTbMWu7rQYlBQcBiT6rprG8aN+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722052932677561"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2732	file.exe
2732	file.exe
4772	chrome.exe
4772	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
2732	file.exe
2732	file.exe
2732	file.exe
2732	file.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2732	file.exe
2732	file.exe
2732	file.exe
2732	file.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 4772	2732	file.exe	82
PID 2732 wrote to memory of 4772	2732	file.exe	82
PID 4772 wrote to memory of 3756	4772	chrome.exe	83
PID 4772 wrote to memory of 3756	4772	chrome.exe	83
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 2708	4772	chrome.exe	84
PID 4772 wrote to memory of 684	4772	chrome.exe	85
PID 4772 wrote to memory of 684	4772	chrome.exe	85
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86
PID 4772 wrote to memory of 4828	4772	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --app="https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-features=CrashRecovery
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4772
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffd6d60cc40,0x7ffd6d60cc4c,0x7ffd6d60cc58
    3⤵
    PID:3756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,7488780246284678694,17587536550720806189,262144 --disable-features=CrashRecovery --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2012 /prefetch:2
    3⤵
    PID:2708
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,7488780246284678694,17587536550720806189,262144 --disable-features=CrashRecovery --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1876 /prefetch:3
    3⤵
    PID:684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,7488780246284678694,17587536550720806189,262144 --disable-features=CrashRecovery --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:8
    3⤵
    PID:4828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,7488780246284678694,17587536550720806189,262144 --disable-features=CrashRecovery --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
    3⤵
    PID:4088
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,7488780246284678694,17587536550720806189,262144 --disable-features=CrashRecovery --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
    3⤵
    PID:268
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,7488780246284678694,17587536550720806189,262144 --disable-features=CrashRecovery --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:8
    3⤵
    PID:1668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,7488780246284678694,17587536550720806189,262144 --disable-features=CrashRecovery --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:8
    3⤵
    PID:4504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4956,i,7488780246284678694,17587536550720806189,262144 --disable-features=CrashRecovery --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4876

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7495448176043a5f666b03fd9bc7d18a

SHA1
3dc3f01bad213f13a4fd8ec8d8582fe9d1749fbe

SHA256
aee7beb3ab1de00ccc860cc102e5021aca16cc23c45d3f50aac923e0b490cb91

SHA512
a98570ba803a9e8f58bd4a0dc88d0f80d40e89a0d767efc7ea9a57d0cb6bc3b1cd55f1ba3613273e54b92c8c7912b6f14f5b07a3f812db27d1093c891c09b028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
31dbbdb5ec6470792078b5178bdbaa58

SHA1
b12e3ca1a80c2f8dc7d5525950bd6a6d17ccc41d

SHA256
c9259bf78b4b0df8f65bc6b2c6b5b45f42c7c7f70cd8c84715a1cf96e627390c

SHA512
e6278933a4854cf82d0546bce997a1a2b57679f6a4955bea01d1f118af62e53128f8d4282a2ea1789e75964658c88d82447633e35cf596ce243fc52af73b9aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6afdb93b029f9b4b50a8578fb4cdcd1b

SHA1
2ce60905f94231487bf5aceba710eddf12f238e2

SHA256
109aa38205806900b0236405d3857de031c929c70a79dedee5658730334b80d5

SHA512
110422146a005ad3cce9a0c79b4558b51f29666c9c4a1288f48b575de94f1ce947665a80ca63db35677ea56c528615d0bb28d9042dd9f572b8ea7044d2424e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4e46ad32ca846961313bcb1c6d6985f5

SHA1
223efdb01b28d0a29cbb5edc44458afba1f3d00e

SHA256
428093091efd11ca90bc8bbfe5c70a4a97486e65cee60bc836068e089bd1f8b3

SHA512
f937d9143aa8ceb234912d0ddb7a882bd5e94c899b68ace34619ac09c2227ca74b1e541a3ce5f38cb9b081beb076db5d36d90bebf29ed2ddfad57051b675f9c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
a660e4819481472e2a0b2d8227ed6336

SHA1
37767dd86a7a0a3966d70c887ff97a2c939728d3

SHA256
5a304671a1030826bcc24a50c7eaa0308817bc17751d9821b2739bc9e785e2f5

SHA512
0a120a51d7a57c7fa7f428dad25d295cad15c5d10956fc776b5fe856d614769151d584e961bf484f2ace85cb6cdeed66a00b70b7dd2bc7a01b3b49abee524833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0529fbfa3cbf0dd487bb7e672c4897c1

SHA1
851e23e739506462e2a46db56b7e8163b04f94f0

SHA256
d0ad19c3919e6f60d5a61895f9eab15057b781f8bae987d71f2eca1ff1db0ae8

SHA512
17471df87383755c925232b79242c2fdf1fa80aa245e34b93dbd7a594da4fb9e826766dcbe6bee7553a780b0807670084bac1a22419336a2329434bbef038d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9bbd0148a58ba1dd6720482ed040e100

SHA1
36a6806cc3717bde464f93c67e8b06076cd8662f

SHA256
f423853b9b19908a023410a55e0e77d725b9d0ec75274c58903966fd012ca2cf

SHA512
fec8f173c60e5e47bb6dbb0862c62da2d6fbc7dd687eb63a276d3ee261df67caf3a1abb086d18ab83edd2d0e5ea20ca081f88c0d1f3c49a95d7216fa34decc71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f22f40eaf08fabb36c56f2f80fcf1a7

SHA1
b42352d2ccfe757b22be4a6b5c4e0bf02275aaa3

SHA256
8cc51606d44446458e67747ad6b4e6fed29234fbe7e3e6814cb3c4118ac8ade7

SHA512
203a828df0748ce85c2e01f3de2947a9da57143a5284331b7d83b77971bd0e37efb05f588d1c43f3cfd077b188fe432354c749a9b7f951073cd668597bf5647d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d572fb8f665385ac7244e3dbf70bf3e1

SHA1
d4ad6eb795f7535e23808b93dc1a8c30c8603ae0

SHA256
28c70c8a4fb35449b34ec1343ee6c69ed94dfb2276631ce4bd7f9a2187e47f8d

SHA512
9fc556dac80051c44a98c7ec57b848c1848f6a7838717398f83263756f443d1fe1e75eb9bcd34104c5bd1051bc0e67f192ecc40a3758e769301165e3a09ed988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6ee774517486d162998f3e693fb88c6a

SHA1
e6bc001b9dbed7d8073456e67bd785c107e65668

SHA256
e3dfaeaeec2c1170726b2a3ef3e59bbb0f66a6b086b9f0dd49cdce1d95f0294e

SHA512
1d7046283f729bc0711a22b87ad889257f6397360be65f983d95c3f75ddea9da1a4a894a4c965d055a87d2ff4a9939a3bb691b9ff678b4a441c9136b16bf9d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b88e817b90f79457b60ff89d68962653

SHA1
cbd00d037088fa426b92c30ec1315a52aa7d099e

SHA256
28a8fab4c4cc80ab87abcce71cede716e585340c3f0c112d9ad737b76a6e58c5

SHA512
63d580ac534633210f9e94cf47ed6e780ff9cd58fc586a52fd59cf54ec7bf145cc8aa51b38749b69caa77fb7020660871b6a1c7d89a73d522b0ab1e690c36969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
c96a4af06e1b78a67cf799c026bc979f

SHA1
350948163c147c97559e4c509cb0fec4581c3a9e

SHA256
f7f2593d4419e503a84bdb6f917f8dea12a5c8f94d7cb79b827551c8ed1c8d2c

SHA512
d9c619d57e5cb9d6e3355d9b251ffee0e5ee3e767106439a9e82344c1d6bc6dc84333ae2c20f5a9044d0dcb5851e7406a77006ac21efcdb0385750369b963a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
a1dc66aff1ef92583b237bf7daa495c4

SHA1
e69da9d2c1664c05a7c3d794217be7231b43c321

SHA256
f7cec7d53184b2b0e00a90ec25cf9ab54b9f6988b45f59127b4b29cec2815d35

SHA512
98dd5b0458d38b61a8b5347afe1b2b2eb3699f346e45e66f6edda0e53b05022c14af13923c55e845e2b55ed1ee9ca540e25578e35bd4da4e38e7662d81ae24e0

Download Submit