f8b73e966bdd1ba5fcd33ff8cc0bf6d470e09b1a9d041ce8bee33ec9877f2786

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fattura di marzo#1759.pdf.html
Size

4KB
MD5

a9515de721d9bb6ac00b5e20a4597e99
SHA1

80fc227afa2b8068347205d30796e305ee7a7350
SHA256

f8b73e966bdd1ba5fcd33ff8cc0bf6d470e09b1a9d041ce8bee33ec9877f2786
SHA512

f919071842ac873d7e2bb80f93ac27ecd83a7ce7adfd00c30460422c3c8d4ce6771729afb1e32ed16a015e0edd9a966354dd35b2e120f0a11679e0a07faab05f
SSDEEP

96:WXFkPgR7l2/HnrBRH5JTdRH/FOdz5jG6/:MFkPs7c/HnrzZJTdt/F6wY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876333480026307"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 4724	2956	chrome.exe	86
PID 2956 wrote to memory of 4724	2956	chrome.exe	86
PID 2956 wrote to memory of 2704	2956	chrome.exe	87
PID 2956 wrote to memory of 2704	2956	chrome.exe	87
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 1220	2956	chrome.exe	88
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89
PID 2956 wrote to memory of 5716	2956	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Fattura di marzo#1759.pdf.html
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdd995dcf8,0x7ffdd995dd04,0x7ffdd995dd10
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1548,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1972,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4264,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4456 /prefetch:2
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5208,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5596,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5460,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5416,i,1304337109129962990,1264547881816010588,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2800

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
02c265cc88acc08b8f7c39e66e4f5bee

SHA1
e318b32fb96fc0d68b0183920dd41f52452ed31f

SHA256
08d779b4118f878890da4ded0907448c4689ca18d3e892a42ace004b6e5685ea

SHA512
ab37be789bc7574ed1c88280c5f297bd1d6fa25e4eeed44cfec95b17f3d5c0c166a08b4b38a0304f2f98057b4defdcbc59d2020ad5e73bd164c5dd6e6d4a555a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ab42caecf50d8078fdf8d250ff616d44

SHA1
4ae3eee5d8669def351dda5f07b0bb62bbfb8688

SHA256
7f2033571072bfa97c070f065651618c144ee51fdeeb2d3c5c74242317860f56

SHA512
24fbfa15b48a816ceecfea31119d2aedad5f84097ee4f5076258f089b35f330984460c75aed6f87998a12d9df7e842b039c5003f7e434dc7efbfb42e25626b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
093ccbf089418113bd89b96af6da503a

SHA1
ba262999b4371cb211f1269f09f9d6c6fe92e727

SHA256
35ce9cf1bcbc1971d53e49aeb5e4b7e8d11c973b924c7870845d881536cf8270

SHA512
50444eb9d82bf0ff73889a66be869c7d32b1ab62d6bbbcef0757f080468aceba40f14d8f6ac6a607555a15836cd3b6b68ff22e98af25191beb143d2aa1ad6dc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
87186ef28454676be80b9f8ae2edf78f

SHA1
75f1bb0f81b8529fdf791c4826d7b828d78ed536

SHA256
c0bab67241e88a62d74770409faf1a9abb24b992af3a634f661ffedd7411e8b3

SHA512
438be68813f3b5ee77937fd62dc7ec2e9e72789b17c2f7bd20ab53fcc186e2517b2a848eea6c25c2197e1337d8b70f30339cbd2f7959945e33f46a79ed05e55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
83168af53a3d29a74745d6da17433911

SHA1
cccd102cf43669e1232371c9d51a4e80571f2eca

SHA256
1ce0de6ade4654230aa637cee2d46031dfbaaf726db6dfd1a08db167a0203aa1

SHA512
debb0e81a7a2e7b72cb5ae596d374bce0facf309df5dc9d15cbf5135f67eb49c324a8ad7caf1d77a4a68685bb2d42f45d405e451264b5f09bb3a47b3a747fc15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c1c9.TMP

Filesize
48B

MD5
02e42f13ad4b960036b14846d87016e3

SHA1
44ed45dffa972e0d6fdb3c2da301d9be2b30c705

SHA256
6b4051c97032d251be916f7c2aaa3fb5667c26d98ba211a721b7ae663917c6e0

SHA512
4f065d2c21377353fcb3a69237fa78a96b031155a8dd2bdca35564d5526ad0cacb6b3d3f4e7d946865d24b4cd3236ed1f38f7e1f0da4d2fd407ecebe6026655b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
6901fdaebc17997b86b01b0c9c83fb2c

SHA1
6f41384ca505204c1dd6297257f7d26f2ffb0fae

SHA256
bbb77c8c8b75fecd573b7a400cfc2017bb1721a36647bc644d705b5f082a7d2b

SHA512
5c5ccc87a5877a167ec7bb3a4310dbc83fa5ac114e4a208f8f84ed0f6310d0356e5ad8406c0a5b014f404629ba90dd134f897d78848a1012b917cbbb33e55c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
567b58ef91e7bc469daa1fc950ba986a

SHA1
cef8f0404d3994d6e3be7066f8c223e018831bb2

SHA256
efbaac8f42400413c3c0dc9b87b21d1d047f47a59b9b057437b2329e2a82cbc1

SHA512
c701f81adf217b49d79a6a710b2c599ac4961ee60bafb321dbc0ca4afb595103696e32cd83e491a9ba52e2f51252bb0b97546e5794fe7c8aa225f65b2e032332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c3742293d6e687fdb689e5749cc5473d

SHA1
48c6eb376810a53a4ca1354429155288c945ddd1

SHA256
01bbffcbae21738ecca9b1e4e27cdef2b1dcba072f297dd88c7ee9f85264896e

SHA512
209b5a613b43fbc4e52310b0607139d329dd7a7e66c4a6725db9044ea1732c0035f012e5b7d3a03c6840414cddeaa23aec73cea9a66471196db538f7fe9e729d

Download Submit