hxxps://github[.]com/errias/XWorm-Rat-Remote-Administration-Tool-

max time kernel
79s
max time network
77s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
01-05-2024 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/errias/XWorm-Rat-Remote-Administration-Tool-

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590120228925654"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 4956	5060	chrome.exe	79
PID 5060 wrote to memory of 4956	5060	chrome.exe	79
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 2528	5060	chrome.exe	80
PID 5060 wrote to memory of 3408	5060	chrome.exe	81
PID 5060 wrote to memory of 3408	5060	chrome.exe	81
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82
PID 5060 wrote to memory of 4632	5060	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/errias/XWorm-Rat-Remote-Administration-Tool-
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf130cc40,0x7ffaf130cc4c,0x7ffaf130cc58
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2140,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2144 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4500,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4512 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4808,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3284,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3736,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5004,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4876,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5056,i,14532065130073294512,12222457474141679377,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3240

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8bd9f05100347e0bdd5d40544afc27db

SHA1
1b3acbe6186841ad6ee1517acb9a9b580a18b02d

SHA256
8152810a567a8ea0226419aa7ee9ba1cc3697ea3a5182f4070007293df9d5e6d

SHA512
6765bd8efc75d45f3a0fbb7e6ab15e5650254b41ed14add76153aa16a209f2ed84c786ea731debfcf6134822c2ef69f7d73289151abcdab428f97802dbec7c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ef807dfe68f9342690d4fe7dc99e352

SHA1
3de5886eb91349848cfac84d7360b26dbcfbdae1

SHA256
2f908d4c7e06bc62f22b48a172a7bfa34a1ba1248db5470c8862c74d3bea840d

SHA512
303c303011050b4da9dc1d75bd258307d10832cfff65bde4562e07787c6686fbf18b3bb050ff808933797757de204094484b1c912456580c17c196e00a74d8a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb83ee6e4ede9e1da0abaffb1348bc67

SHA1
04a8f13447b7c6cc2790091f450de6808ab0e2fb

SHA256
503e33cd44d9d5f35cabbab7c69c9aec9a5691fff499f9a035bb943e6915cb77

SHA512
5916b6e2a0fee096dd59851a591d771f23c0f1380c665c17e7252b2a400bae8b6aa826f91170617a6eefce4bd8111d0381159a15f84f8fb2286155706b9be65d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
62f74bd66d874d28cb744fc9596ae128

SHA1
159c2af91281f9fd2c747be545a1426f813b51fe

SHA256
b8196f5d222ef2b0da0d5ccb2b0e3bf914f0d7fb0bd437db8f948eba856dcde9

SHA512
0b3d941a3d7052574b72ca6c6ff84c38dfd886a69b426f9b63c32db438a11999ad38a707bc4d23ec911b49ed460a3614f81b250d6e59454c3b0f55c80d7607a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99d636477ea3cc088ce51ccb802e7631

SHA1
44d282884241104ef6825ec1a6bf9239bed41081

SHA256
51ad4638ab1f4743604528140301dc3af9aff685e0d34463b5624d7a3ba7875e

SHA512
0bafbf609ee4a3358ed3e8c4c2076dc2f61206ef9def2ae7a9360281f1af9807cc11b18637d2785657e37b06af64ce74e4dd3310670aafe5a98fe638d1d78569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d405493138efa3b12e68db40dcd5cfa

SHA1
e72773197d26fd0df8e5fc1b59f5c2e1c14e7552

SHA256
70810c036519371a11106963b7b817d2bcfd68e3b8a9aeab9448e61984a168f6

SHA512
610135359994d2842ce0f11d8a80c46d2593a9fa80f69a38f1e5a17dc902ad7dde203b53ba9793fd190208254950c597ff4c52b01629ca2629399060ce10e5cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
59edb34a3e5549dced26e9ef6940cade

SHA1
debbfeafc639fac55ca6fa84db6bc3ea640ae4b2

SHA256
092a321d95f698b37223900ce932da16d316a2994eefdc397eb8415235aafc73

SHA512
2feb4675e4cc812e7cc49574295f6a7e8a5bdbe74160873576f005f717c32f6f66d313f26a7c36bdd981cdda7cd78ac703212e0f5b0b309e75a467a7a886d603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
294a66079f5b3f4c69237f7c8a49b5c2

SHA1
17b997a9184c761f8429713c30499987f9447f3b

SHA256
efab11fe7b9d128dc7fe11c03daad6b3f97126cac66de7661610552cc0852633

SHA512
885f7452ab85c8f24737bb45ca1c97d8452026e058e30c0e73f4063b848a5ff165274c79e40d61475ae072ef939aa50f6576a6f46214fc9661fe05c2fd357823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
d64bed3446856dfbfca21b19fa2de8e8

SHA1
5bb7bd0b932749b6c6dd4211558ff49fc2974789

SHA256
81a36191ad3c2a0c5077fae87cbfdec6f53dcab3c98946237caa52ce5d9a8d3c

SHA512
c037af6936a2a2917f197e5c9d06ea6fd37dc1922b10bb58a05470b2bf1e28be3fa4271d1ebe9f3bfb587783ae8aadbf64c5d70dcab0f05af76ecd560e91fc3f

Download Submit