hxxp://ontidwit[.]com

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ontidwit.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133721855817667614"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 2460	376	chrome.exe	82
PID 376 wrote to memory of 2460	376	chrome.exe	82
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 2192	376	chrome.exe	83
PID 376 wrote to memory of 4908	376	chrome.exe	84
PID 376 wrote to memory of 4908	376	chrome.exe	84
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85
PID 376 wrote to memory of 2748	376	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ontidwit.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe54e3cc40,0x7ffe54e3cc4c,0x7ffe54e3cc58
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,12375065990230948503,4239785373303299343,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,12375065990230948503,4239785373303299343,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1616,i,12375065990230948503,4239785373303299343,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,12375065990230948503,4239785373303299343,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,12375065990230948503,4239785373303299343,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,12375065990230948503,4239785373303299343,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3664,i,12375065990230948503,4239785373303299343,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3100,i,12375065990230948503,4239785373303299343,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3196,i,12375065990230948503,4239785373303299343,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5605acdd4ca51c523325988af11922e1

SHA1
77029608d8e5462b77442bc0219364e3d9eba4fe

SHA256
9c2c3d47fb474b0cebae323c357b5fd81eabfcfdc1d10a5c5907942b3b41ad30

SHA512
b0abee743ecf326ff4588affb78269b2662dbecf45605ccdf13005307c4bad273e126221465608b8c15489a98e675d9c126cad0847f826cfd2dbb552741246f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
962B

MD5
47cba0679b89582bfd50d2d0784f48e7

SHA1
8ec25d65b5f47f762e0a0022fd24a37c98d75f71

SHA256
f151a9d33666475f678d880d4c489c3563de5206d9ed004cc890bf212db2c62c

SHA512
ffdd12d795edcf11805363c0ac565f6b0630954507e98e6d0e830254fc7af5dec3d95a4518feb2636eb4fe6a9ffea011050d2eb515ba5b8989e1a34a29b1efde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
eb61d4eb2db3b98b68899575e368a6f5

SHA1
d77258bece3e2d4db06383a30a769203215c8984

SHA256
3375109cba94b1bc1a9058f2eb657b15c1dfe6243e1812bf380f58472595d11e

SHA512
41c702d6635dfde168821e2b31d5d1363ab36482a8cdabca43ac4c6b03135f3c1c36c7b1f02fdb72f278324adfbf67ee49013cbb68cdf00bdbd30d1afc58e3d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
434637945bd9b6235a8dc42d75aeed99

SHA1
919b401be65b4032f7075221c5a3d78755f74f8f

SHA256
316e766e5e59b9dbd5858353d911e84d9ff7aecac2b5c8d9b8cc99956cb1840a

SHA512
07adc5084c10cdbf03cd65cf51b879a70e96ee29fbae531c7ba4a7198a7637dbd1cfca0c14790b194d28d3e0b7c87a3718d7d5443ff9ed548928d7d9706d36bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a66ab6f762b393e193e86beac336f3d7

SHA1
b70a9f0e469e7e3567e7cb437bbc17556e4ea52d

SHA256
1ef1c3997bf766cdcd9422e4913e9dc62e235e4b5b3ed5d25461f7a8026a321c

SHA512
c73013383221a310ab6d5c7f10f2879c858c035d39b2d3a4e9fc362cdb92438ea79332de9f9a2a3d464fcd8b7ce82edba2886a5a2a4b82e93a19f6ff10850709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75fcbc372a3645092d4be9b19c9164f8

SHA1
a2abf67d35626374bbfb878fa5c425f8bd08f327

SHA256
591e67669480d75a1e8e7d833fa6c02e7c663b18c6f81d3ed9fb104daffb4666

SHA512
c9a7023c141345b3fc8802518b86036b4d4338cd91d955026f52ff1820eb0544ecef17304c1588a61c42419be361f3e9af43dc81d77c753f7a3dad559189af0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0cee0e535e95af899f7f15448b6e6d65

SHA1
58af21e565b9c278f67116c165ea18656a116621

SHA256
81e4697648178cadc21bfed610e9cc43813bfb6171d616ce3982510f5b34227c

SHA512
f48fd5ae2c07c93dfee68cb8c37a14de869cb94e53a35e3a359c06373cabffed1571fab27b66140c15c618082751de5bf59f4d51eacd77499e29972946f548ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37b13dceb17eb1a5e1451a6318137470

SHA1
d242a566807964d3efe9af6bc3a8e7bdd49170e6

SHA256
d72dde56e14491df901441d09c0b0cfe9208ba29d6e14a5d2c4117f1cbfd7878

SHA512
5a1cc37d4fd1c9eaa2320df4465ea1331a0f5af9f07d162e799596eec3041b94ce0127b36bad3a1cb03a6843201628fba6004543eaef8a71095a101dbe731188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4dd9ecb4f576203667f042e92243eb34

SHA1
2ffd1cdbde8dbd9fb51711523099bdf22c353654

SHA256
09a9824bb4255186c0bd95b9d145f25fb55c1eadfd37684c07f02781071c86dd

SHA512
6888c42d570eb8601d95f6fb24d4f022c0ca7227d0e5ca6489fb8a27ab032b3e6ece4c2577eb3f23b964b91e1b274f7fd35c20a8d3c3917d70dad639fcdc629d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
caac5128c0012e0ce38148db51dff7db

SHA1
f7c85d171c60046248cbb3dd2fe497079999a8b1

SHA256
2d158cba396a83672bc3fc9d35005311dfc8baffa4017c89d50c75801a7f46a3

SHA512
1b9cc040bd75c22e2cffec6b7615d8ca55036d6c0589f6de72fa8df80c71e1f51da8ce59a8a9698cff08c2c8477e36113d6d085c0948092067e3ef7af6f9a2fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
2b45a550860e7f93feb4a4ff114f3aee

SHA1
d03f6f058e44bfd3728fb82ba58539155ec4c07e

SHA256
71d8a4fbeb1092f8e434b763864116737329230e4d3e532bb2950044ccaddac9

SHA512
bffcd8d492eb2cadf5ed40e88e992fbd756c7d0f65040f25d1af41db420530024dbf6c9228d5b0e4a374756e920bbf8bd47082dc7f7577bfb5095c6f60ffbe6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e59034b98ef66c5c395ec974962aa9f9

SHA1
fcdd22b60bb02110df622cf337a1cc5c7e5277be

SHA256
a8c30004f798ff6d07595fddc924ff07f570b25f6b5ce93a0bc006e93f7bc3ac

SHA512
a9cc677d9797375eaff20feb53f8ed4f04e139900078c23ff7d0076f524180154831c94ef95368dad6855efe0f5f7c355b526919b8373a7706efcb70d991896b

Download Submit