52c2a5490cbfa4780940b18d6a288453e9115af91f8c10c4c99dbcf1eeda03e8

Resubmissions

26-11-2024 18:46

241126-xerrfstpbw 10

26-11-2024 18:25

26-11-2024 17:52

26-11-2024 17:10

26-11-2024 17:06

26-11-2024 16:26

26-11-2024 16:16

05-05-2024 07:02

Analysis

max time kernel
149s
max time network
150s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-11-2024 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Plugins/FilesSearcher.dll
Size

478KB
MD5

6f8f1621c16ac0976600146d2217e9d2
SHA1

b6aa233b93aae0a17ee8787576bf0fbc05cedde4
SHA256

e66e1273dc59ee9e05ce3e02f1b760b18dd296a47d92b3ce5b24efb48e5fb21b
SHA512

eb55acdea8648c8cdefee892758d9585ff81502fc7037d5814e1bd01fee0431f4dde0a4b04ccb2b0917e1b11588f2dc9f0bfe750117137a01bbd0c508f43ef6a
SSDEEP

6144:ZAHdfUpnnBuIbE7SCQeGtSV41QJDsTDDh0Yhe6dwxLV/Quhg08OwR75:yVUpnkZ7slS4Ys50ie6Cfzg0M

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771121223473861"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2380	2192	chrome.exe	92
PID 2192 wrote to memory of 2380	2192	chrome.exe	92
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 952	2192	chrome.exe	93
PID 2192 wrote to memory of 4608	2192	chrome.exe	94
PID 2192 wrote to memory of 4608	2192	chrome.exe	94
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95
PID 2192 wrote to memory of 1880	2192	chrome.exe	95

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\FilesSearcher.dll,#1
1⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffbf059cc40,0x7ffbf059cc4c,0x7ffbf059cc58
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2132,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1572,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2324 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4776,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3392,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4524,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3448,i,1139436894788646837,5015993772172928332,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:2144

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
40052d5cdde95dfd350a5ffce54ddd33

SHA1
f0ce5434b1df4f183b8e80106505499be9b7bd3f

SHA256
308006f7148554250c2c8b30c57b7fd12a49fd87a944d926c4efbe27353a422a

SHA512
7ba2eb5f13736379dce677ec3d2f07318d69a16e96e35af86ef05142b604a22b2207dbce2d4e373b2906c12c55ddaed7707a910316cfa7ec13e2f2ebdfea27bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8f82872c252e51a0e6a98f503b9c2efe

SHA1
2855c436b1d105ca37535f9b531d02a480bfd086

SHA256
4d1bce1d47a6b14aa1f2b75bcf80c018a0abdf1731598fd0051ed95e7deac1e6

SHA512
1e986011004d699f87a13209dcbe31b6e4596931308eaffe3d23c3bb34cb73b4bb6289e3dd9ed2f46fb3f6aa9bc52c08f65dbe8860856b8c70d7a85cf1310897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
f5e3ac23a70b1fbbe6232e0c413a245e

SHA1
732e9b47dcac24d7173c41f96f63a478cad35e9e

SHA256
382fcf9dd53e3fa12d51d547de5d99859b6f75919782fc9794a3a69b6f15f5b0

SHA512
738280e66a6aad4dbfd3600c3d401e63ec070b81d1a3f69b6dda38a13e3cb0b7b955d5fa120c1b8dcb849a0adac5b18b2d40c05c2e51e8893a1a47337e2fa879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0811629700113cd882b00b8e213fc6b0

SHA1
6fe1581b47ba988dfcf8afdad28b1b92c129bc51

SHA256
afde366a9c6135a7f61a53cb8c2800cd5b849a4c8d93832d7f14f6858af8d0e1

SHA512
401adb411831519c335a2ab3eccb73f6ee65ba602a080606ae737fa6fcb28f78ad1fb8edc8d509d30018a47acb9c381e479e5a25757b5b4550e883728117956c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8de138fccf66bc507d821f155dcfd722

SHA1
65129897eedc3b6227be7f6a0e9b0ca9154b0d00

SHA256
4f25cf2ebf58cf0525a85f5a764463b0be8d3a1e882b81e9320543cc93afa5ac

SHA512
f908a8ea3bdb3c8f8b0293171f72c78b03ea8e4ab1a0f1e95609170360ae91dff98ed2c359b0b907cd23327b182490009801a6c07ed448b7090e4dcef9db84f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c91de5c0f892f97ad3f69bf54177881f

SHA1
d474ff0a27e1bde155123638eae8406a0a9764d8

SHA256
be10564e750d14a99f0746688961f84a737c5a27b855e5dc62b4eba4e8e415b6

SHA512
b0174c7c713803453d50533da45b2fd582ac0e76505aa00bcace7f46d106b8749b11e01e8173da45b31ceb90c2ffb76fdaf3c7eab6048efd7760a34c6e6fe23e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c1c120906bb896b96a84341c08b7ecc6

SHA1
7010c8b486d3c0962043f72e7a530c92a99719cd

SHA256
7c7653072fb0bfb986ce297c5e701940b7167b807298564e042561800dc613e5

SHA512
dc76ad6017543f8702fd924f7bc2517c5cf1b500b3889e96ee2adacbe9f386fec53d0798b619d1f23e09ba2469beb75ba31e538695a11f5d2bea15a1e22cd9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2ba079e670e0e5aed14944a756b86987

SHA1
6d66999b54c1b9b6a6fcffad8b3e61890d3e65f5

SHA256
885c3e477c3482afa32242e3689201a2c588c6d7b583afdd547a2ec049314b22

SHA512
c5c9dfb7241061a620db3c5568499a33c26d0538b6a24fb00c55f3f6a9445c5a6186d90a272ecc1e9b7113abc243fdac87b869b6bc7a281b98a33a8231eaaa5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
deebd8733f0858cfe5093d15408dba01

SHA1
3f6ec0663bc548fb51bab9a722f2c3fcc38b4162

SHA256
c133c29aa8a48db8ecc2803c1b9c8497072e774bf31087d72e133d7017bc82dd

SHA512
234ca9d49753504623a5eab547d17ec0113fc24add730f6bf244afa0125bebe9ed6a1f9bd71f3100e8cab2be78f6a54e691f453ed8715ceb2c787c7599436309

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
75a564f08cef6ada956dbcb1b4bfa856

SHA1
8483b3424ea519a7c6eab15e0dff240afcac93ae

SHA256
9f4653096bc20113ed06114213fd22443d29abfb4c620096dd7208b64f5856f8

SHA512
dbc42894d3a53c2a1ceab0148180e90bc5b167c97d3d1c553f7a22e59fc891bc8ee4835291eb4c0f67c4ab63d963c7477c1aed70b212f85a7efce1eaaeeb587b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
113b5384870fc3fe09a49eb2bb9b8b53

SHA1
622156c206a17770ea373fe5db30084716bdaacc

SHA256
db2f33cb6591702bb9c0003de8aaa5269f9419010adc7c174c39ac7e926f1fd5

SHA512
b096c0ea43491f1c66ce60b95f960c772fb3e454226c0f5800d3d94990ac377519b086c8c6b18b705f376973449208b446191d195cf4686704b05927796a1220

Download Submit