hxxp://hrpayroldirectoryupdate[.]softr[.]app

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
22/04/2024, 11:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://hrpayroldirectoryupdate.softr.app

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582599120126485"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4392	chrome.exe
4392	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe
Token: SeShutdownPrivilege	4392	chrome.exe
Token: SeCreatePagefilePrivilege	4392	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 904	4392	chrome.exe	79
PID 4392 wrote to memory of 904	4392	chrome.exe	79
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 2156	4392	chrome.exe	81
PID 4392 wrote to memory of 3444	4392	chrome.exe	82
PID 4392 wrote to memory of 3444	4392	chrome.exe	82
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83
PID 4392 wrote to memory of 1564	4392	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://hrpayroldirectoryupdate.softr.app
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc0b4aab58,0x7ffc0b4aab68,0x7ffc0b4aab78
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1780,i,1257220284803548366,1087235589465784145,131072 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1780,i,1257220284803548366,1087235589465784145,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1780,i,1257220284803548366,1087235589465784145,131072 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1780,i,1257220284803548366,1087235589465784145,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1780,i,1257220284803548366,1087235589465784145,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3788 --field-trial-handle=1780,i,1257220284803548366,1087235589465784145,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1780,i,1257220284803548366,1087235589465784145,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1780,i,1257220284803548366,1087235589465784145,131072 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1780,i,1257220284803548366,1087235589465784145,131072 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4504 --field-trial-handle=1780,i,1257220284803548366,1087235589465784145,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b9da3bbc3f6b82a3611627a24b947c1b

SHA1
6c37caaf3b406353e7f16d44c9c92f4929189f98

SHA256
bed622c9bc49ddd9880e1be9e87b5bd244b666cdd1bfae2ac8ef889a96091f00

SHA512
821443ed80da55bbf98a8fb1e3ce1749c385c7c260c63e900b6d6fe93a45def2c6c0d3376e25b49954d5878be20a70cce9274c70083d2e7d941502124b310ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
161fb8fd3a03f5a70fdc4a3fa90c9b04

SHA1
bd9231cf17d81c686fdd7f8fc593ffe2a8ba0c66

SHA256
1ddfe092522ab79bd67fe6a832696ab4f03233b1d519e5a4d1ee67808eaa6b95

SHA512
259089f42e4fc770902299205080dc9c7e195121356e7fc39245e616f4fbce9e7a87a587b9b1b358b358569c60cfa55eba718547811952101bd3bbc3abda17be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
c4d0329624f20a8b9877765cf2637e63

SHA1
e839ad20d6cd774f9e98d1ce6feb5dc7ff2a978e

SHA256
5bcb062bb11fdc2193002a566888cc7777526ffe5b0696c875f68c6a3cd96bd6

SHA512
2c4cfb2a1015b2cd82f9159de73ae971cc0b5e0567a4345b2f25abf8df330d865470f92a9e9fef15a575ad5bd52aa95eaf075e44e6167075ea1c716703113236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
53d115cac319eec1432b0f78a3ac59e2

SHA1
97678e3d294b2944708b7448e6b947a8257ddc11

SHA256
cb86375996d0a92a85b434f03ee01280dd466dd543e2cc7f0d31a88273b675d4

SHA512
5d9a6e4a69a3c337e275cc8f748d3e442177be9efd3a755931dc28b6c76fdea435c57d4c4c2af78ec6cabb1e19e987587a7e3fb5d328d70eaf6062d74964681d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dc22a4ad36c17c90169241ac65db9255

SHA1
6ab4c648c887db3fb1cddeb749bba94e11824c76

SHA256
559712142f5a1efcd7292fbd21f861e8c81ce197224f725b63e6c61f245c9deb

SHA512
9b2cd4fe48ed6ac2379721e8657d8e4413072f6b922d9ade4936ade5c5b7e45481ab649c286aaa281d34194b4b8481a6ebfa99a872fb632d0a750d16c99f09ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0986dc03baab9ef1ba130e84e0e32124

SHA1
b5b85963095e90d6945e26882215ae7805291d83

SHA256
81e1dce697b801391c566c3e8c8b10bb729969d556102bc0c1d10463dce55fc1

SHA512
dcc194d8cab3d8347bff210f8005ae8325bb3f339a44391c291fa23619f7f94b0b6062360cfb4497310f54b67e2b4c8659b8eb4dbb5174681fe5a197ee586025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5c317ed74fda5abdc428fbeaf2a0bf92

SHA1
ed51600183682210520b61eaa5b7daa0fd29528c

SHA256
279ec2b6955aeaa2b107218ed47904f8e7a69604fef0ae770a390799b5a5af20

SHA512
9f0121d2d8136265db7b57e1a55872255efc165715ee9e32d52418f7d74cedb07dc389e0120e7ed904287b8c9c21a25bcd9aab7ea07283e8a3cf1d849e33c119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f7fb5513e92d828ffb69b816e1aa071e

SHA1
0783a8f65bc3047679ac06ef6ad24598c158f734

SHA256
ce97bae0b80030ea124dbe076673dfbf5064a82ecc9a7e2aa3660ca222431e29

SHA512
ecb015422e2651e3f76c329f794a0d37b7faefc0c971eaee3914cc30afb3b402840b0a1adf9213e2fcefdbf4d2aa16319840f5574aa67d0b850435f54648ee02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
2db80edf08846fce628cfad16330ebcf

SHA1
173a5455f977d626e2393ef7ffd7f56a0bd9da45

SHA256
90d24458b11edf5282e3bd6531a34062fc2595e917d2a0e557b85d9862ba66cf

SHA512
34272299779285782b9ac17ddd9105dd29d4d683de122923c8b80fe240b1840003999afdd05c3bdfad828dc11ebcd9ca65529669b230666db1a43add2bfb67e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
10573a4e772f746edfb677aeb47b0552

SHA1
ceda61b035ad8774f508cb91208cd72976767103

SHA256
7509bcac189d9bcdd5e7efe126ebf94f5d37e64aca789ee052da4eff04018148

SHA512
7fffca4b667081d4db4c69f95771144a4025dd2e9f84b9311bf058eefc9c7eddc94d5a31f0f264e039f7e350d8a207b4633029ab7ff137742802eacbabf2a502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bd35.TMP

Filesize
83KB

MD5
8b608ca5061de21f34f9a11e3b10c19f

SHA1
778a1dd507358b4b5b01d134e9c9f65390d93f66

SHA256
58f6ec5e82eb383cc7df0b5aeab5b43d756dd9e43ece96ba124d272bac0f9743

SHA512
622647d126595cf98eb317914b633ab606510a1af0623f92dd2f9fadf2b92bf7a365c5a23f56b7454cae5f80c5a0917fad36be9e10cbd1e1af4075d8dc6a3ac8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit