hxxps://vx1ziaadq-xn--qz2lyx6b-xn----c1a2cj-xn----p1ai[.]translate[.]goog/LN89cNOo/4xZqw/EbRpE?YVhOMGIyeDBaVUJtZEM1dVpYZDViM0pyYkdsbVpTNWpiMjA9OmRMelZi+&_x_tr_sch=http&_x_tr_sl=IWCmsHYb&_x_tr_tl=uyqizsMu

Analysis

max time kernel
64s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 06:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vx1ziaadq-xn--qz2lyx6b-xn----c1a2cj-xn----p1ai.translate.goog/LN89cNOo/4xZqw/EbRpE?YVhOMGIyeDBaVUJtZEM1dVpYZDViM0pyYkdsbVpTNWpiMjA9OmRMelZi+&_x_tr_sch=http&_x_tr_sl=IWCmsHYb&_x_tr_tl=uyqizsMu

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806181217339507"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3912	chrome.exe
3912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 4516	3912	chrome.exe	84
PID 3912 wrote to memory of 4516	3912	chrome.exe	84
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 2920	3912	chrome.exe	85
PID 3912 wrote to memory of 3716	3912	chrome.exe	86
PID 3912 wrote to memory of 3716	3912	chrome.exe	86
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87
PID 3912 wrote to memory of 3596	3912	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://vx1ziaadq-xn--qz2lyx6b-xn----c1a2cj-xn----p1ai.translate.goog/LN89cNOo/4xZqw/EbRpE?YVhOMGIyeDBaVUJtZEM1dVpYZDViM0pyYkdsbVpTNWpiMjA9OmRMelZi+&_x_tr_sch=http&_x_tr_sl=IWCmsHYb&_x_tr_tl=uyqizsMu
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff85680cc40,0x7ff85680cc4c,0x7ff85680cc58
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4692,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4840,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3340,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5116,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3496,i,3206886420685179713,2446649017799563978,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2732

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
241e049a8c4f0ff02aff0c7d2888e861

SHA1
ac12918c24552374a6723e8b20084012e121a898

SHA256
5e5e327460665fee2c0f25e8be5d5f4eb2820125a97c9806e4b9f265df6425ed

SHA512
617833c8856d68f76ec717088f70e5453f31b34e04ff2174e7dc2466e633c67723700610e06c3971ff0c05573c821499abcd21072f4df85ac31eb89d858fa53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
58KB

MD5
f2488a170a41b0755af802814ebbbe72

SHA1
349385c1f8f98022cf30023fbdca4594eb191488

SHA256
394c27cf98916570b114d3961211dd11cd3ed6e432bd381c058be780b5f0d7f7

SHA512
a34e091225e1eb3ca424aa22ad142436e86bb31c2eb814cdd43e2b179be47bdb20aea7157266cc6322557c2c91c0427305d5e831695aeb203114eba73e41a2f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
d9d78de767add91f368a1484e68c82e1

SHA1
c20558ea356cd94403b09736d75a04e5a2706dab

SHA256
84d39d5f251fb60ecebaae0af0d274bf8b450cfb2ebc00343e1df4d3c7326b99

SHA512
2189e8b73d6edd89cd2481259d323f28e57075b11a5a9c208b6714debf1fb1c05108bf1c403184f43e860d2f1958fa1596621c0e32e53b4e51e068d35baacee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c3d6c47a27d01a3d64f3f9aac373027f

SHA1
66e5d37fbf6ba2164cb24e9a3e064092cfa8f4a5

SHA256
31b7aaacb05e102aa01a97fbfa117b622caa24f1299e4a02717c48ccd930062d

SHA512
26d99ce22a422fe8bedc5a71e80794127832a66490f3950f3d1ce2882b23191d0bf0f95fab62fb4eb83b461df675a8a5a11fce975f6d69666dc5e4a089572bea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ba55b1d3d03682d25bf632a942181b9

SHA1
7b181803653264a61e28ed4106d9011ef5af091b

SHA256
13e632ccc429ff4029520d9c0c832bd0ed7c98b4d2c8ca2813ecb550b2ea23b4

SHA512
cf499f7d9a8b99d7c60218efbd30d8827b3c96f247f1c013f2e11b55c34e28d086a49eb50ff1a899986c2f6f1473c3062c923cb166121173d35e417a9c930061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fa75fafd8a351fe1da25efdfcc82e345

SHA1
1d694f6b04f2426e3858c4822c2699fd40aa4efc

SHA256
1ebb6e9278eb8d3df6943c18ca5ea5c7d4a7698f5eab1f991382b668589decfb

SHA512
020ca981aeff0f066761a9b617ca41d0f0016d93b2cfe37d40f09111e228e206251cd1d79ad2b1f4d708e6327b88913b8d87477b347569b8f3aa904fa927fefa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a1ff84a370621780456c9df2615a17d

SHA1
e8324533d902d260c25d60ab66683dc8595cfb86

SHA256
9406cdb4db3309821345aeccbbdc52914eaa12db6af1fd67c99654d51173686b

SHA512
edf35da04064489f296e68c73f58cf62ea78f450fffc28761428fe38d628c34b391168aa3bece29b12750ed8815fc0b1f8ebbaa033364adb9453a355756b66c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6d74e96cadf15c039cb9cd7917dcfb41

SHA1
6bb08d9aa46cb8f14f763520f1a626c5d5477eb6

SHA256
c2709aae2de9b8f6bd399d4da640a75c254019c53699826eb447a0f605ee1528

SHA512
d231de81e65362a8f03fb19450298c67a0a81c8534725eb770d6e82b7ed028ecdffb050d8022c319e7f8e8a377537b0cf7af2bf24280283e673688b9b7eb9543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f510a04c1222512b4a92bb4253a71de7

SHA1
fac82dbcb29e6308cb8c12012a48f0a3fc378f49

SHA256
dad2030ac3d7a4c53ef76643f552fce33c141bba0704f18bcfacaca5c80c3af7

SHA512
c09a9d1b7fe06c4c575951d55be54e2d7d344c369c101778fb358cf790b48db79559a7ee64f331e3222664ca9e35e9c525e5d36c85375d2654d1ff880cdb321e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a7816374655a094314be4287fc338370

SHA1
da13830028a8f546649935be9947cdaaeaa71f5c

SHA256
a23674b5d7ccc82e7a93ac28a1e5804107299f4261575e02a81a06d521eb3e75

SHA512
227bc2edab2701e1ed3306b23e1b7a2a34443a2eb4b00acf777ab424b0662906f62a694f1851b9c4b906c903013fb8d8bb9e142d0185bb8912651dc9d1358b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
906c6921662dd102d79e3cbdf12eb8ef

SHA1
979d3dda99bff817ada137dd5906ae438c5c083b

SHA256
884e5cb5ab4ba541fd4f8702148121f241d801b73edfa4faa515cd62f63850e9

SHA512
8cc70945ba47402ebe2b2c49a735690a6c244f7dd5898cca86aa99f1bbcdd42ad95a4aa3058eabe62b31087546ab15bd6c745951d8b7722362d4e7c8c14d2f3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
6591c5d58e0705d20afd4f117a2fa08d

SHA1
b26ab254e9d4265604be1ec815772885c0cb97bd

SHA256
99fed7ff2a46ac289a9a7ad35b7266567a144fa2f1f48d7a9185e4d742330061

SHA512
33d84ad6a567890c4ac8a9cb37afea135c1626c2b56adbcd8bd31dc5effbe444661da2f7c69c1fb30bbaa61139bb1078dba0d55e2cb8fcf43c6481c0b875721d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit