hxxp://cttportugal[.]com/

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
21/11/2024, 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cttportugal.com/

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766618790360000"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3940	chrome.exe
3940	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe
Token: SeShutdownPrivilege	3940	chrome.exe
Token: SeCreatePagefilePrivilege	3940	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe
3940	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 4864	3940	chrome.exe	84
PID 3940 wrote to memory of 4864	3940	chrome.exe	84
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 3976	3940	chrome.exe	85
PID 3940 wrote to memory of 2876	3940	chrome.exe	86
PID 3940 wrote to memory of 2876	3940	chrome.exe	86
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87
PID 3940 wrote to memory of 2952	3940	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://cttportugal.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffffaeecc40,0x7ffffaeecc4c,0x7ffffaeecc58
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,3018631471946035913,5894358071537600593,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,3018631471946035913,5894358071537600593,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,3018631471946035913,5894358071537600593,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,3018631471946035913,5894358071537600593,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,3018631471946035913,5894358071537600593,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,3018631471946035913,5894358071537600593,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3276,i,3018631471946035913,5894358071537600593,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4004 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4884,i,3018631471946035913,5894358071537600593,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2096

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fef1d7e7b676b3898bb496b6ac5ce76d

SHA1
36c6a6c1adfa0213b767fa552fa4ee0a59127029

SHA256
bf7eaf0685abd5397ead2582bec805ff34765a4479250cf25e1d4276d3ac0424

SHA512
787169bc671f1dfb5bebf1feb55c69ccfe903206aca77967768e5e51d23c2615956ed187bb54cf4543ec7fd5e89951d79cd87b6999eca4d3d65b8dc886f32470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0ee4866077b5b7992b919155f664b49f

SHA1
b0c23f552626a8522034c7678b2253d1cf20c70b

SHA256
574177cd494c359b34934190d168454cf3543fc8f38bdf53cbbfca52a6f0e68e

SHA512
2436095b5b2766899801412460e091ede44ac1fb7b2d1bfd36233ebb79885b2c6a0998108268b07c4fee5b4de08fbd9418ebcbbece7f7546aafbc28edd1832c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ce9662614d9ee7e11de2476945b56aa

SHA1
8c2f85b7428324baa9b118ba82bb6700a29375e1

SHA256
33bd3f4fd0884733e6dee301e2925969c7ffb972edd60d17c01339ebf7fd05b2

SHA512
847d5e3f5515099b69f81bbc9dc1c228a8ab2716e9dd1de3643b792c640d53b810bba7526e504010a7d64f47ce95ed0905d13f5e8879520f5976b6974781b9f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
985789ed3b50eacaa6e580098434a85c

SHA1
2cd3806d1f1cec26724d75573c9e28fd11485afd

SHA256
d54d3b560505a3f3fdbfad1a5e82382da32dac7c7c079378af32be95c37d50a7

SHA512
c33512f6cce8f4339cb850a0fa9dc6041c286edb2f2df9ffe6a6035b4818eddb99cb01869350d9c92422a013c03f31ce1dca4aa6072e989b09b950f380c08b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4af57e8e12e84e290c8d346d7c2f93c9

SHA1
c7f0f15de1d9d5d267dd8df90672906a5707e2f5

SHA256
03c0f23628a451b63cac9c5add6a060b33d371c8c5bc8893db443ea204f934c9

SHA512
1f4d0ad4ff1fd920842e12cf637574dd40f6cb0f70fbf3133e5bdad643d0cdd091365d95650a67f8b46a6452550201a0e1e2d8e1211d1903af1a15e11a5f0734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3dbd73b907817b6c7b993496482d238

SHA1
d1e43d8a3f098373e38b6b272007a241cc3cc0f4

SHA256
dee0a880fe9fe3ac4b4fea114fe6947f6be04ea12245704101f0d6df3c7553ae

SHA512
306a9589876c1882f1b01c57d49fd1e09702e9f1ddd6725a52cad8719ed3ebfd52f2aba2d897a990674df1f36f47fd0ad034c73e4177f4e216e1fea2dd903ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73bc05b4c9e89e3253688bd7104b482b

SHA1
c7a5f6eb5cda52602c9445959337df07e5f6b493

SHA256
82d40dfff4fc8b5da328b61c88608f56605179ed8eea0a3ff0d244e9c44c5559

SHA512
8b2036302ee246f22fc75868f54a06ad28eab6147007274abee494bdd7dc09892fdde8f3d3758839c70a2f75b256b0d769aa2dd2c90b92701ba53568543006bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
577801719af282ac1515808883d485b0

SHA1
a1d6ee4c04fcf40e649aaa3cbca9a0409666f0c8

SHA256
9fb598ffbb33737c45210a4e26823408dc4b534525d40c9bf4759a96fcb5cfdb

SHA512
f7dd972bbc7ae6aaffa05ed3231a62cb84381258597496cb4a1c7c7da55011d7eed728aa1fea57db6bdfa46f8e274b7db68d731680ea35888fb398814118c593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9269a1e0c2a3b63c3b441f267f1dc6de

SHA1
a75d0c51d15c1fd9715016624a9b3cc68f4efde8

SHA256
64085cb43b522114380d4eaa2dcf91519bedc0508ef73e74363b3d581285ccf3

SHA512
489c0ba923f958674678a7715c77aacd9102edcd206ab3ca08c2bc5f2fbc066671a401b20716ab91a8929e45842b8f1db1b76d601f80f14128b43c0a4e0755cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
537b14305e5a2037ca1d9f255979f9c0

SHA1
64d3249d618e74691b069d887c1319fff3245a0d

SHA256
d7eab66cc57f77c9d425f6e1a1e76e89800067db212b4adb8143de8a14f18835

SHA512
0bfa7959c3c32aa332b91c4ba0042a6b4bd7a235fa8b0820d0056d7c53f28bdc289d5d5286248c9ad2b631345e9a90534bf00f8bec2a2e4532771d69cb2a2b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ca8f4c3de4c650bfaf1025520cd27294

SHA1
e08a04710a2e6a7bd90579da321c684fd701704f

SHA256
270a002c7376004af18501ada095cd0ff946930b2759198c2378543cb349578a

SHA512
91cdfa4c5f7859522bf4d3bad8e18eb2f2eb83225c58f2cbff6da9c1345666256dbbeac9c680729e1de06094c70c1a8159e5fd3d643cdeeee70afe618e4929cd

Download Submit