hxxp://www[.]ade[.]gov[.]it

Resubmissions

20-01-2025 09:11

250120-k52m5aslbq 3

20-01-2025 08:51

250120-kseb3a1nby 3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2025 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.ade.gov.it

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133818379174365424"	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
672	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe
Token: SeShutdownPrivilege	672	chrome.exe
Token: SeCreatePagefilePrivilege	672	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 672 wrote to memory of 4760	672	chrome.exe	84
PID 672 wrote to memory of 4760	672	chrome.exe	84
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 4564	672	chrome.exe	85
PID 672 wrote to memory of 1652	672	chrome.exe	86
PID 672 wrote to memory of 1652	672	chrome.exe	86
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87
PID 672 wrote to memory of 2660	672	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.ade.gov.it
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeca3ecc40,0x7ffeca3ecc4c,0x7ffeca3ecc58
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2044,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1744,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3276,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4480,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3308,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4380,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4460,i,8491231687010855300,17470515369179163876,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2684

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
173fa3c8bc89630321a5dfa8940e01b9

SHA1
04762fc006ec32167fa28717917454e1e5500132

SHA256
e38d9bea34df4fb794122b08cdc45a6aed028dda317b61f17dd8ac424d37a3b5

SHA512
932ed91f0386d6ec487fc59a9383b1e8fa91c3b58738efa52131909d21297dc3acb46b1444661ec8597469bd28b8cd2a25868b49d6ef679515fe020b1f5bb6b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e9fdcf01f5532e3d60ed16717250c409

SHA1
0d817d4757d358bff147bcde5d18852019e90a6c

SHA256
381a4d0bcb2a4c261f88aca249790071d9ac3fd1a15d16c01ea484065c5ebc54

SHA512
2b54e364b5a244a301598477f8b2854e2cf8dfdb62e8cedb010419be70082ac757aa65c8f187abf20bd9375f06a2487cd6e2f26166608fdbf12275de7a6dd6d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d295cdbf094363a295d63e4804a107f

SHA1
d45f0b35cd7a44476f092309e15b6beed9984826

SHA256
1c8571ef08fdd8dc5a36cdfc66299b4a873a2cecab91f13a1f8c92a28c4bf790

SHA512
defe83c84b25d99dc559d45a194dc3841f7e0663c44eb69db2ae33ee6ebde48c6beb5a145fb8b63f38f01443f7a2fe0c271cea2fac3e6367646978c3519c4126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00e825f5fe3326482062558a94eaa6d7

SHA1
09e5dbb22838efb1955be241fbf4a3e3530c59b3

SHA256
28b7fad8bd9db9f140ef8f3ede1c6dd0da5dc3b88cc475dc6346f3e879192da4

SHA512
81ce0a155c6eda1225b48b367471593600300c9bbc44a1e9d8748d85333c275fcdc2ca6c2c92b238ba2b9f2eb0b0ce5371356374c6916ee4127f56bffeb0f889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b815d6f0c59efda160c2abe1a791dad3

SHA1
76cc07c60fb0ad613a6b80113029b83800699c18

SHA256
83d451aa89167209fad617ef1477a49b4a668ef9a2690a3a5e5c713960a8c277

SHA512
c846016aa35df344b6e64fcd7954db6e4b2a23ee90c2f8a62a5eb451b42d960c1f3821ca63100f995185669eccf3546c6417e0069e44b5acc3f4245659545365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c9a50edfb684aad0c5c097cb22f51d6

SHA1
8f87072a2b4a820cbf43e483ffe98c638f0ee42e

SHA256
e4c1248a9bee48ed204107486745ca6aec38a29c404ff786e22525abb0453e92

SHA512
c9214b940b3d8e1b13417ac9f64bdd840fd5438aee14e6cce5f9ae66b93ef8191f150f552b24615658bdf6c46ca2544a232bb03de9b2c02bfef0b4becd0dda3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e3c1ba81955ce6fabad66f427e1d8b7

SHA1
3c8f4eb22f91b01d173fe018e23ddcf9249d00e1

SHA256
85993bb8a1c2de8f652effbd2894cbef013af362fc34925b6f8f0417e07fe3aa

SHA512
d6c2eca56d1fe5af30d1fdc45142af1a2fd9dbd25c7f417daf9557b4fcd832d10b90ddf90fddf759d31963dd33695fcbb5b11d9dfa45822a203e8588958f3243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
460ae3ed68ff9e0dc42c0bec45e00fe2

SHA1
1657f8cf109a33d4ed54c9ec09aa2c7b54b70ddc

SHA256
7ba3d8c678b8d2b305aaa3b5aeaf4ca8c25fae0a850b74406fb7f7e0612809f9

SHA512
9c0f5ac7615047290861e29d15acf9ba6f6250231779e6a0753cfa8f8dec76a7f4151fed120cc69dcfe16cf864edbeb84e98a38f1069ae22c20c225fa3e003ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
024345186690491423a7f4a6bf4c7a42

SHA1
134300cb47f46b182c15e96f8ae2daed30b859e9

SHA256
10d917f752615e39a27f1af9475152c7dc09ba86d0f493075d4eccaf0bdb290a

SHA512
ea0fe66ae837a527194e3d9683cf39f4a1667b0b205ed8842217d6ee57b3eb8df4b2bc98f0eeb247db18ccd802aa5c1f25662565d457093919eeaf5047c31441

Download Submit