hxxps://github[.]com/RoadrunnerWMC/Reggie-Updated/releases/download/2021[.]12[.]04[.]0/reggie-updated-2021[.]12[.]04[.]0-windows-64-bit[.]zip

Analysis

max time kernel
76s
max time network
75s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
30/04/2024, 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/RoadrunnerWMC/Reggie-Updated/releases/download/2021.12.04.0/reggie-updated-2021.12.04.0-windows-64-bit.zip

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589862648383107"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1648	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1228	3028	chrome.exe	79
PID 3028 wrote to memory of 1228	3028	chrome.exe	79
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2336	3028	chrome.exe	80
PID 3028 wrote to memory of 2604	3028	chrome.exe	81
PID 3028 wrote to memory of 2604	3028	chrome.exe	81
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82
PID 3028 wrote to memory of 412	3028	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/RoadrunnerWMC/Reggie-Updated/releases/download/2021.12.04.0/reggie-updated-2021.12.04.0-windows-64-bit.zip
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb7f0cc40,0x7ffbb7f0cc4c,0x7ffbb7f0cc58
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2320 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4492,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4500 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4840,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4880,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3288,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5028,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5000,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4916,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4688,i,6482192119561477967,1706914641878809734,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:4840

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1012

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
571007fb0bb2da81047407b1bdebfe5c

SHA1
b4bbf15a818ef6984daee4d79a7b8f68f7191979

SHA256
e50424185c45f46d1c3ee0e2d32687d452c774d8e9dd82dcc2dbe530d21b2a16

SHA512
9fd5f835b11e6a2c72740e3f4fb07db78cfe65382dd9ea395c1653a80f3a9d7cf498280b3334e7386c5797a96e7440632cd286aa4af26d93c989b9d29395bb19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1954de4d27ec3afdf418aa6f1981a276

SHA1
3900b6738408699e9a9a167a9c4d8dda227d6a6d

SHA256
248543eddb0d6e9845672c3d9d93aeb6555e34054596ac3807b7ec4a5c37dfaa

SHA512
58b588a15aeda910725c0427988d95e4c3baa0a1b6bf86cecad26efdd3a753e459424e3f0e28d2160dfffe72fa13ce8702e9db7e9129056531f500da8f515e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
49179d8f487d1d07a25c59ea8d80503a

SHA1
c2ec5447681e3840eab87e31baf342e1e3bf44a2

SHA256
c4abae63b7bae6e8b60f31be87580256d5632d324a473daea23f62233cd8c741

SHA512
61599d04f6ebcba6d14f742cda786df75bc78fed124269d7f3d91a588732ed2b5fcd2bbce34c88cf6dc41594a3fd4bad8984b531a59bc93b7666e0e36b80f0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
352726eff70928851a248c5c2dd920a0

SHA1
a65b843a16129705e89d32958a2ad18937df174b

SHA256
3509afdba410bf2ce04c0085f7b9475594629e9656e0b525aee7268c8ee52920

SHA512
2d01d0bc21aa36c603a7d704645fee2bd124773997d56bbba587c33b8a6dd80fe87a6d40a0409b91e5fcaa80203c157049b9e3fcb98b71ea251ed84d12dc7d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b921c3810576a1759360e860fc93f01f

SHA1
401b8e433eb086b47a58c609fd51a2685e461f60

SHA256
2075c7f0563b25b6e955d3a7f26e93d89c123f57e3b3634c737605245a81ec23

SHA512
ce52c6549b9ae1e0bd4933966f51683b85071382c8baad00783d1c73ab425b5f494af1a4aa1836ecfbec084a0e37d7bfe10fbd28f976cbc25a4069ddafe96537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6bfc6336eafec31656df149edd0f6bdc

SHA1
2bd390b510781616fad7274d195420dd1d582204

SHA256
1bbfeedf5dbf5c2aa75ce5b269189d8c31b6166ed1a0c4db8286f9ce84484654

SHA512
ea8a22515fc1adcf1b0afcaa6b123a7dc674529ad39d9e48a41cadbf54240c3e0d8365a394b1744e356fb2f159f40d9a58de74960b9d4e94638d1183df09fb4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\df9b60c3-b143-4a87-b5fd-b53ab6e60bf2.tmp

Filesize
9KB

MD5
709486dbec0c647bdae45df346d5227a

SHA1
19439556590f92b81be8ac64acad2fb23513ca62

SHA256
76ea0f368af7f2d2c83052637fd3d60b1e8b151af9e6dc8f46deafbe20b69075

SHA512
c815d4075ee89e4717c9f65dc8382197370d6e7383f00b0bc47fbc40767c0f9371c59177aa5f77db05e7c69b55977ff8385abf1f00c64887531c9fc1b0cde7b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
b8de0d257b806b067698661772ed8ec5

SHA1
226e3008c05a9ad704fb85a0281693f7637bd892

SHA256
a1898ba2a396d6b496760acb2015154d867d8fd25d8c0220f2bcb4aed40579a3

SHA512
98b0e39125fbfbad3935b7001dfb008aacb508355828dffb9c3bbf911a3520f51f123b99a58d22dc8da66afdb7b7719bba391420c8f188d91013e369a51c8535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
2665b4f566d6f486f00a4fac9c5367cc

SHA1
f4579be819584983b60ad348cde8f5b0050c84f2

SHA256
a943aa70e97af0ff38aac47b2eb7b1ebf70eb18196d6a1b527b12b7955e52071

SHA512
2ce98b2aa7ca216ff20b0582eedd13b4067f849407c8a97f91704e8c3cbc98e6c71612e6ad9a5a05b66daffdd2a126ff838980bc89e1750e07361d65d6abe0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
0c32963b99788fdcbc2debd6750b1323

SHA1
c23b221d9e7cec51a81c4fd380972f046df7162a

SHA256
c553bb7faed60161522461ed772069d4cd633a430c68888b57478efb7016e42d

SHA512
9ada9233a6c85e92cc4841365ff78ceb0233cdcab21f7d0277c39315f7649b0562487faff033235ae3d3779282bb55f1f4e4a8d14892eac2707229ff965516d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
e83bffc71e3f05c4f6ee39cac4f53c2b

SHA1
9fd6cf405375ab04fecbd8b0b9ebbc8376cdbc56

SHA256
1d9578f0e7df61452e8f960b1a131eabf48d369cecc700aa5ec332455bf57d3e

SHA512
6b1ffe47071541907696e334dd7901b3c144dd93558a3452644b6ffca1e22b189b0211213e139919ce55665306e816d5cae6481e61fdcb7888091225739c4600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a7874886a3b36f628b8040319a2239a9

SHA1
5cd6da94eedfb9ef22335d02828aaed46f824319

SHA256
7200fb955d6a5b87fe0274e212cf889ce610e745d80937c06005f6bc0c4e660f

SHA512
b0dbfc9f21f8744320459f555d365fd4c372e9ec9380a1fae7f745971b951a94babf581fc1b4d339cc77cb5923ed8d36fc0d10a723af34434969f04ef96a0c29

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
2f686552f463dacb3a39e97d1a410c9d

SHA1
e4fe9947c26763394b6cd14fa1df940c9af7de73

SHA256
6cad84b8c5018d81884c058a9c3482291eaed55fe439371ccf677519652b51b6

SHA512
9eb4a075437e51691420c8c25c32a905735c686f6ae2206a852405a3eae902fb6f66e23b8b817e724505257a78c8f174481bdd4b6f229d2c899983c77826a449

Download Submit