06f03c671ecb399a18f1deaf75e6cab4c6fde9d7f7b0202475c2767b1e1b7bd1

Analysis

max time kernel
149s
max time network
137s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01/12/2024, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sglotz.html
Size

4KB
MD5

64072f808173e6b2cdbad75306c91e67
SHA1

f43c55999f3bbd457ff97bd727ba7b9721006f9a
SHA256

06f03c671ecb399a18f1deaf75e6cab4c6fde9d7f7b0202475c2767b1e1b7bd1
SHA512

f927b1e5b5f005a4d049be8873fe458306e054a355a47df75b97a8ca412c94bba881d58ede37146e4a341249772535cb3bd9f0587c12c5393638a29494682956
SSDEEP

96:6zYRupRsDpRYpRGZjRxQWQhFS+burexZCe5VadYCzK9bKwof:6UIp4pWpUZ1QhFUa5bahMbfof

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133775353550793795"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5768	chrome.exe
5768	chrome.exe
6032	chrome.exe
6032	chrome.exe
6032	chrome.exe
6032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5768	chrome.exe
5768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe
Token: SeShutdownPrivilege	5768	chrome.exe
Token: SeCreatePagefilePrivilege	5768	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5768 wrote to memory of 676	5768	chrome.exe	80
PID 5768 wrote to memory of 676	5768	chrome.exe	80
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 4944	5768	chrome.exe	81
PID 5768 wrote to memory of 3788	5768	chrome.exe	82
PID 5768 wrote to memory of 3788	5768	chrome.exe	82
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83
PID 5768 wrote to memory of 2792	5768	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sglotz.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffbac68cc40,0x7ffbac68cc4c,0x7ffbac68cc58
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,7054558911492856408,3994477053774375821,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1772,i,7054558911492856408,3994477053774375821,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,7054558911492856408,3994477053774375821,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1788 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,7054558911492856408,3994477053774375821,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,7054558911492856408,3994477053774375821,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,7054558911492856408,3994477053774375821,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=840,i,7054558911492856408,3994477053774375821,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6032

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f50644e3650afa57f00bcc064ddb9757

SHA1
8477f68f57acaf37df41ccba0cf44649ff5e690b

SHA256
f619673652653d83d61d3f9ba679c5cf0bcc72ab1cb366a3c319e5749b596adb

SHA512
26b863afaf1ea9e231fba8d2111aee21ee4adf482d42968271ec8adb85579d3f64f337990efd8a4fa72d76dd0e395a78f31b698ebb06e20f7059e74eaee811e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d35d5c094e229f648da415d29c6316da

SHA1
ee4a10ee709a1d8cd090c3f3c51db53c64bf0872

SHA256
acce49b005ca0ce47a24279092662e400f1fb74918ebe9a509576408d0f5a735

SHA512
9f93ffc2161018fe2904fbd2bbbaad7ec5f1d3e977a96af0dbd386dde72df1f21b1e07864a611d6f0754099cb73cfbfcebd60ae229a507cb8d81bf6f5c8ba316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e79e55fb4d60a84132872c4ad7f4a42a

SHA1
6462793b2fae84418a3983405598d474c06c576d

SHA256
2a3d059cf92ae1fb682b5943c242e5a69b076a9eb51735bf34a69c36679772d6

SHA512
d16a229a2596736af071289540df985b21e2a1909291fb744ca84e12e100c5b87345addea246596f7d61bac6511cb8c1302fefaca8a306abe7c9856c6c29efce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e80c58274edb5171fdf706869f94b58d

SHA1
088c7a585abce9cc2df19bfe1a07dfeabb6335b7

SHA256
7ceb5af295b0eccaa15856aa7ef5d39b174cf2b319f573dd2d204c28965dd129

SHA512
134ce4bfaf123c11e1a8334e3a4725371e4b78d9c020251b89bf55793c6358ca30ba69e1e10ec7957cbf500389e97a2c7f1845a9cbeb2794bb3f8adee442d1c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2755a273b23f196d8adc885b49cc22c7

SHA1
7c1760c5f685af6119ca4696a222db12fc9d4213

SHA256
4cc4f03a51186a9b4326eedbcf753ad1cbcff587d648b8886abccff2bf726128

SHA512
8b1b6adcf8179bc676f4a26ed3971a595a81c0a91dba6a2e74bca32ee60af6bfd337dd2d8ec990bc2439de9750bc885bb441865f149b5bc4b49f8ee9b3a63969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef7c50bc5b00d6ee71a566e0141de2c7

SHA1
e4ec42fdadf4726c863319b737b2774566d2a82f

SHA256
784c1b9a335d90d5097f1a05d72e4e6db1422af97e056511463a99c784c8688f

SHA512
83c49182a129c684acd67c3999b4c7ea5fc04fc9af324ee4aab60780e8c48aff71dd8742f18fb704a0f96100de8fd7e12e20dbbc5cae3da9e8c1faaadfafb126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba8df129b5f53f07303ca1b073604a84

SHA1
2f9cae21463d80149554de66388a70e77de199a4

SHA256
cb0f2f0b5f8c8c279fb7aacaa8ddbd62921e782f2c3d4d3e729d3dc37db025d2

SHA512
f1b8e9753603d097c5d1266281398d40b5516c0c261e4e9615edd0e1e1665d1c523a1d631e72c3a07c4649ece637d5406e66e4c210404f35b38a13807267a4f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2203da97698bd429102e6ebf3cc956e7

SHA1
a8bc40b4877831e17add0b958ccf567263356078

SHA256
1b87775b562119dc1c0ae2d80afa9ae146bd81e8c6830d8892644dc706c22ed7

SHA512
ad3041c20936cf1cf7338835cac8b015c69a9ff733496db7dd5405dbdea80e5d7678f217bb7fa0e3cb1a87ea6c58d5c2f5b2127c0a89ff9a677e0b75aefc9bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f95a6a3a6d55f1faeb0dc2e8feeeb030

SHA1
0d8becb13ada87405216d2202270a675fda6003a

SHA256
6a79b92fc14f0ae015a995f35f7cb06cfc9cbabaa3489dd23b2cc8e5539e028d

SHA512
f2b3c2ef3a393ddd8c725fdf07954f9e9757cfa6aef3a9bf0f1fc9e1a5d6522a4373c946a63d850a1d19a9aafe2dbc1588bdd7ed163f2c6d17b3d800d64073be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed765e196e1bfd9bc5913c74efd5457d

SHA1
876dff21c86f2be899d73cdbef5f53cc590472b4

SHA256
88af20440d07876b9714ddbfb6395b9b2c395a46f61881c00f873d1c02ece2d4

SHA512
dc3c26bc5008027368a5443d6f792ba1f7fd4655ab900d49952011cda297abeee76c0f97b04b91ec22a9a29dab4c0984c23d203c0357dc16244830b1ab610d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
55ca6cf681cdd8aa10b065a89bab8f31

SHA1
1400d559f94860aa157cec705f507e9e173b20d0

SHA256
34f92cb2fe77b23eac64a071a50e50505d321c82fc5afce4b284c6585402641f

SHA512
1591eae08b2eb9787b70c9fb453e7eb8e87adf7ac1e48b46992af38bf79e3447263e0dfee89ba9c4519d707a1104d7c05cdbc994247fe16ce282b81425af8a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
3e5aede930801bd3f37500d4ec8ab9e1

SHA1
b98dd046a80e4074202cc31c401f226811a04f09

SHA256
d29d17d93708352d3935ef6a91ba02efca396cff68059badc395259a797ca8ca

SHA512
f75c19822777dd7ddd3bec73946863dd7c03b7f1a70431ab134464e77df7f3221015fdc3d9641337c19109df894805136c87fe62b1b0367771abb695882d2b30

Download Submit