hxxps://test[.]com

Analysis

max time kernel
509s
max time network
484s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://test.com

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	systemreset.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596362850189611"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1896	systemreset.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeCreatePagefilePrivilege	2492	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1896	systemreset.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 1700	2492	chrome.exe	83
PID 2492 wrote to memory of 1700	2492	chrome.exe	83
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 1196	2492	chrome.exe	84
PID 2492 wrote to memory of 4152	2492	chrome.exe	85
PID 2492 wrote to memory of 4152	2492	chrome.exe	85
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86
PID 2492 wrote to memory of 692	2492	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://test.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffabf9cc40,0x7fffabf9cc4c,0x7fffabf9cc58
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,13553787786829012970,10745093474040556659,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1616 /prefetch:2
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,13553787786829012970,10745093474040556659,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,13553787786829012970,10745093474040556659,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,13553787786829012970,10745093474040556659,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,13553787786829012970,10745093474040556659,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,13553787786829012970,10745093474040556659,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4956,i,13553787786829012970,10745093474040556659,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4640,i,13553787786829012970,10745093474040556659,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3652

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5152

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
PID:5648

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\New Text.bat"
1⤵
PID:1424
- C:\Windows\system32\systemreset.exe
  systemreset
  2⤵
  - Enumerates connected drives
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1896

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:3744

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:3292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\86441277-4f88-4e37-ae5e-ed7b733e6e8e.tmp

Filesize
9KB

MD5
91010d70e1bc1ae84abee55a1b7311ec

SHA1
97d19fad7d77af8b18aad6627be2fa5332ccc7e1

SHA256
7fe406352b8d3079b1b3e9d30aa34e1e980587ec85b55c9d39a73eb3d2125c24

SHA512
5f716ecae3fbb932a4a7271e5a39c4bc675cb09b36dbbd36c9c742f8e9cc1df6e80500a519a7d584ffd47d9fdd77694d8c7a56343a5180444442e080d1ca8c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a602d5324f3d546cf7d31405f833bafa

SHA1
78733faea9615b6f258951bcc33c5c2b43eccc3d

SHA256
2f76e7fbe7f79d12afe5e501eee37de05b77d559ebc9cfd4e94bc99d0487496f

SHA512
b0afd597dce00abcf6a5a61791518cc085e3bc767f9611fff76307e7441d78c469d6f20e314dae8c5b40c1b0a858631e0d413018bf191139d75eeac2a810b9e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9fd0a889b8f5add2bfdb7da0b264ae8f

SHA1
f74a8fd75a3f678085888cdd221f614551882fb3

SHA256
3477d6f6520ef8f5d41e94fa197fa84a7bafdf156804be4e82c40caa1995e88c

SHA512
5f05249deac7669bc41b2daafc2f4c28ef91360f28544c734886c8ee35492ee151de9bb62153376f04a9e781c7b690a2e9e73728e6f9626960fb7d5f327113ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fce60c1bc4bb13c278122a37af56a23a

SHA1
3a5ca29b96ccb3a37c2eba2135ce98c7b872a586

SHA256
5640d0ee96daf9a75cfc43bf8597673e5a884cb099767e1fcc56b205ec6dc402

SHA512
5e5f2167620560ac7f8aad212b9ed139a13969844691b6019163aa8ac137c61c158e078ce2d5fc4f7ea708333d0c5c131ed9e4cdcb31226100ea2d2024ca79d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ecd43172888fddae26ba7e1553928a2c

SHA1
20deb2ee48fae44ccb2e7a98ec8d87ae0f19322f

SHA256
4af2348ef8045f55e842bcb1b398861bec4331af6d6ea0468c453a4b7fb8a6b4

SHA512
a967c556bd87764dd51f9d0d734a2f40fc016594ab9606c2ccda6037f602c8b1ee44a13a51ae566a0046e390a82eca301681d7bcee7e26f09686c0ba80705261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7da6f9cfe95d0e667f23bc71fd3e2710

SHA1
199ac2944d0700e6b735e12288dc47b4738386b6

SHA256
4aba9eb7774cbe4e97e6f9935969fd102a5bbfc8bf8be12167e04094993ae07c

SHA512
baac2505a8cc3b12cb744b10b4d30dc9db2e2f183adf197049334d016c8fda81b75a917f7663d4fba800c60c0bde5577d78787e723e91c2930d714d7852aecaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94061e6a7f0422436a1d0f6c7d1f9e68

SHA1
cbc5a16646b01255321e2b4528b2e5a51f08cc34

SHA256
6687dd13f26fbd54e4059b8e8fff477484053379021491ccfc4ad95e46f1f4be

SHA512
528cece17b79a69343590e6e4a604f88fb1edac79aaa1469b9c6355d7ab187358bd421e0c5fb7ac9327dd6ffbf7e4955c22b14ebcdd7046b3cbdea44206a2dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5191e20f62845ec688f69479b985bc53

SHA1
f7f97a4f1e31192c590a0f8864bd82da8ef6b38d

SHA256
b3fc2ea584a65a67c270cef5eccee2cc4822a82411535a5f3bbb4ec1f789f64f

SHA512
4f3659298d9765a7e8209afa5f9ef521a53376c33cf29a311af526e482e2a08d154e114adcdc14b2ba9299d26cbb920b2e266b4dbd976ef1dac38c6c8745729e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f063c10d19c7a5ac1ba31cc80addabf4

SHA1
3a1a4256ceda255c0d417b19fd5f2ef88d237c13

SHA256
b9b4e1dfad6c502ad622d15657b94edff1b908cdd9f39ddd586b7353c10b6832

SHA512
8d3501d09c1a82f15e9ecb17d5eb733c8d85695dd4b1ae440f8c9910a6997976205a16c0bf4841a59996ebae3916564854b086f3380fdcb23bd5b559174eb1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4ddc2abdc5c3d77a709ae1c2df8f026

SHA1
1493ec9f1a7e00ae632a3be23be7a5e003850ba7

SHA256
f392e014ead099fe607d35de96ba914e85d7f35bcaf51111fd7a1898f85d718a

SHA512
a561cdf32fae17e15df3e8ca61ff4730fa9c471d0a730cb57bb5745cc4ed45196470f634ed42cfe6d535a72fef5ada6f6a9bf1a889ea652849f4935eb2b6646d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3db6d66621ef2b50d9f869e360653ee4

SHA1
5f0829bf03e5db37e77257d383089e02713d72d4

SHA256
204dc456bcdcd1d8061808b24b294bf6ef88bb4632d56f1881455d43e2fe85c9

SHA512
a24dee9be308a22e9bd3de1cbb6097c06717f780902eca4802472d2c7294bff2d3675085f198f81d42f81b2ff26f37e79126125904f0951795ec9db1fb7313cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6b3ff5fc23f41ccb7e59064e4f5a9ac

SHA1
3f81762712c70389f9958fe3d4f8c505c31f80b7

SHA256
c27fc93615c5259124c4e7ea14289783113f7c29b0b3a1149a9b63c9df8f6778

SHA512
d835a864fcfe360ba4da95e09e04500ca3436a1e898b298ecf274d7e619fc18fb48dd5b696e2b9d0b99afd0694c232312dee14e43a3533b2b3c2d7b140e61ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e00bd120478c0faeca688460a487e37

SHA1
a23c70e8dd951b61b8be5ab23900e21cf859c34f

SHA256
131e8ed186258f68239b246276e300ab01a475cf3362d6eacbc73dc2facbde0a

SHA512
ff0230f33c7d84ed35d0054e99db4b93c556c1aaf664f3387b510c70fb7954e301e82b3bcd0604799dd63be7862a721cea5731d1292a2c30d37fd73e061d1e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52e993c0cb13a18f89efba030de1cd22

SHA1
0496bd99618ef8b38ae4b3d08a41a07f6cc994c7

SHA256
e1ea8f0420d8beba5fe8e9779bccea640d98a44a545ac5c7c501265437652646

SHA512
230271505226f3b9924a4a408de13debc70b1c8ed88c6ec0e918ed04a91a0f80bac2c272d4843f6145070c354d6707010e86ade99c6389aac989aaaa6b4c38f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df46f2ba4e092f27af3ce85acdb5118a

SHA1
9d3d8c25bdebfb1fc8dc34b07864717fcb6a4e6a

SHA256
77a1e30a7b9f012c77cc0769f9980a0ce03aed42c113f0f3a9da0ce33e6884ce

SHA512
d2e5090bec6f2e7e38e643a8b7881903645f43fb9a24254d79618390a2cf5f15406bbaef799a69446d21ab014ed2b0c83df524f69f2add0662f983279e9c08fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae5d53cf643a52b4e74649ad275363b6

SHA1
237a863ba891bbeb68774e71263bf260927e027e

SHA256
5c9b961203e9b97edd684e2095bbfee10ad0c9382f593cc0204eb02589a202c9

SHA512
971a27f4e6270ce08a4648a76b54c797108a6a887ccc6bb2cae6d3c909c08fe0b44411b5f7959072cab7271059936e30e4c0a615d6ffcc76b14fbcbcb02324a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d89d89ce384cd189bf72910d567be7c6

SHA1
578a0e5e276885bd7ced962850bb64c963548c72

SHA256
c6cae691415715d2d003090911fdf1845118a27e4551b34590a17443b082a093

SHA512
744f678b1ed138e0b133c67d66659bc41ac575449ebf798007b48dab2fdddaea6aef9fae392c759dcf62fbfd2addcf05309d26d1af80e0927caf1b1dc77f5237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a2a6bec8429b66085018f742c856ba8

SHA1
ad40d17476c922ae7275c1911b57b7ab4ac10166

SHA256
12115d342589f7202f14678b8ea005fd399eda8ab45d50d702b18a41cd379866

SHA512
83e4684a82f7f27ada4bf4f3104eba7cf319933e1e18d2e1c0d294adb0aec52a69fe115b3925612069c592dd7941df7b24a50ca56a805bebd08f37510f8c31aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b415530817f443258d6f5f70aa22092c

SHA1
4bb04917463622ee9c7c64bccb7bc992a6fe5770

SHA256
97e51fd1b64569af515f51bcb1f6278d2ac2fb50f1188532fd2394025dd3b25a

SHA512
ef93cb2f487541f8e778c272deefecf23bf56a7854e46ff64d87eedb8da269057a53dd3c23e5871b9ba0fa25e1d7e2587f8697cfc96361d08719f1f913a9f010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fced5c77f9ce72140010d0c925362301

SHA1
61d63ae9f1ca3e21c2dbdbdd1cd0b9223c94e307

SHA256
e8d3d2db68b71c49790e324778c66dbd5321ccd4994765d122f64a9844299234

SHA512
be682f27e6ae8e11373066fd75b00bbfd35c18623f6c2fa29f7e320f66b506e29228ee2672ac65e07d36c4c846bac9acb2d235ae79f797a2138456d3f816ef31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76323038c271124611ad7ae9f984a06d

SHA1
cccb6d1fee4ab9996efaa9d3540e3cc8b48d1fda

SHA256
7b0ee18b0c5a0845a5eedc3bc77fb61fe3ffc1dd221ae399c4fae444d8d9ed3e

SHA512
3d5153a56a06533dae99299fe131909b274e6e0509ab929bb783451173148d6cd5f02cdd0dc66ec876b8ea632ed9d8510287f14e4e8f57c75c0971cea3a86172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f392766b1382b7f8240f3b93fd240321

SHA1
c3b8b8613ba08dbac96a516452ffaa95765a0cd4

SHA256
0562485de51a2421ed98683fe815b1f1188670dfe1d29fb1d0354ecf5eef845a

SHA512
4a09fe31e85eff6334047e16ebea739225d45647af08637d53e79a16400432a18dc8fd793104dce6399c194e8b2e5c16940049ed4103c8bf6f522308ecd1a909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd5bbaaa954da8c8c722d30ee727856b

SHA1
990abcd626b592844d266bb113e2dd16ee3a2ac1

SHA256
22fd38cb4b7040c140aac709b13bdc654f3731697d00edfcaa3c149060f85e74

SHA512
204b8227ded8e2c1c9019c749592a39b3a4b9e4e1cb5710c720d1160d8b0f93ad3fe139a1c49628fd06fbd117ad3580254519fe59edb91bb5a5e3f193b2a6460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89f807aad186714399167cd189705efe

SHA1
578e0f2d456fd8ed558cbd1c5fc70b2ab4a80c84

SHA256
3f0bdb6ccc911d2663ef2904cce98ab150ba2b87c7722788f277ca0ae02dc679

SHA512
848b3944383d5b3a9e043d8df31baeb149d122a4e60955ac8bfe3c9d561aa946cf476985fc952847a67aacf8060cf8fd6c284c77dbf6407ab4f18897495fe832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
effc77fa71a127d1320b9e53fda7348a

SHA1
f2fa274fccb20b125d2d792ee327633f317359d9

SHA256
fe3b6b77ec590b91961df1c81e1d37836deeea91486987d48ab8c682ada823ca

SHA512
1c96b6f92b9a8af1f84dbf13984962da070c36d179fceadb5ac0c452194107027f3ad26048c35054f587f28ebd8fe771fceca4d6b242ab59be755c36721f0df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0adbe11e0e057c499d5cfef0bd5af247

SHA1
a7b077e457797b8611fc17555d36c104faa87810

SHA256
42de5a42383f503c6439710e124bd2104cf3879e5dfcb3ec899f95bcddc1d180

SHA512
fd76628fc6a6d123046bd74b9b22e216c5731e451e31815ba2de42998fd1b6363d9b431091b2b299609a6a30fbe3707b737177a56e0343982a46af6bdd3455e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
051e609efead93e134be2bedd03e39bf

SHA1
7637633ba296fa17a3c1e8c918bc6ea46206e3d9

SHA256
4dd63542601f8b4ee32a2028036141194ca247b47168577f6d1a328ed5ce435a

SHA512
6d3eba580607b1dd16ea8598191592a58ee2b88c13716bdca7d42037186e27e0b1efa3fe21fa013029ff5cf949877ae322865f42a1aff7a9011193efb22df0ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42d2151506b02e4789845bfb396d90ed

SHA1
259b4225c385d6f351eda9c69665500f1b56ee27

SHA256
8a6b59d93d96c803e02394bac57b867ea485ce09ede418c94ee8b4f3b5f0e1bb

SHA512
5da06eb891b1140ef4dd845e87e446ae4aa8c298baa8d3cf0b0ad4946bb0a3f46db3af689712d0078de2289be117c8ffc614ad628a4af88821b36ab73d31ae3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
44cb4553242d293381c0f5a755b6e852

SHA1
215a40a49bf20429b3844dab8b1e890297901b46

SHA256
f3e7ff6fe7bb5f8c994881eb8a806061a782901700dff5c8dac8192ce458a836

SHA512
fa1a2aefe4a541ea4fe9341f47a466533876c2dce0a4c2a090c06a0d5744f08c7c3657b73b66eccb458725932e17d3e360aee3c1cc007f77c2a97d7d4c8309b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
5ece4e901eed3fbc4f188499429c7301

SHA1
c58b923b2df77064c6d36ffbc0b8c24ac76d3bbc

SHA256
b6f38cfba59a8f0e2e8a9cc7cda497ce5e298ddb0df133a1cb7219a475fa7ad8

SHA512
9d5ed14e86a4f718e43c593520815108291928b3e2de060249a2bfc259fa16c281fa365fce9f8da6891eb111baf883535ee744132fd0b762dfd6b221c203ec27

Download Submit
C:\Users\Admin\Desktop\New Text.bat

Filesize
22B

MD5
03da1ae0a26f4d09062366e94ce57961

SHA1
63d60b1fe420d52022714581e53b75ee29aff45d

SHA256
68adebabefde6cbcb2e2a55ca76f1abc570548e433b8d41c63cbbc6d9c4ed6d5

SHA512
f345226506873aedbf0c82464a80b5056dfd887f091c7cad8eb37006062fd1ce9d4cfcd857f0f33185b1ae255b3cfb343d273414bd49e2652ea8a66cf90b9240

Download Submit