a24d62f32199969e2da69c8cb56d6091c0628d336730d8effdc0034c0a5bf66d

Analysis

max time kernel
78s
max time network
147s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fusion1.14_[unknowncheats.me]_.dll
Size

418KB
MD5

27b5f2daf88f2ae856ba8823193dd641
SHA1

2821b5ef48a4f0450cca0f13fa98ce58bdbd8fd8
SHA256

a24d62f32199969e2da69c8cb56d6091c0628d336730d8effdc0034c0a5bf66d
SHA512

cf513b700836c99c4522bc5420b0dc6f8f4f4312c317e891860c7c34c7132c48d14e7d2368706c220d207c91cbe4cab38ddff563617adcc5253780ca3808fcbe
SSDEEP

6144:uTUjh+PivW6HVZPIhMW026tpCGt1y3SbVtcnVYscHGYxldXWizsVEhanFu5L:uTA6l96jfrbVuV/cfxldXWiyEhan4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1740	rundll32.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2892	2600	chrome.exe	29
PID 2600 wrote to memory of 2892	2600	chrome.exe	29
PID 2600 wrote to memory of 2892	2600	chrome.exe	29
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2288	2600	chrome.exe	31
PID 2600 wrote to memory of 2460	2600	chrome.exe	32
PID 2600 wrote to memory of 2460	2600	chrome.exe	32
PID 2600 wrote to memory of 2460	2600	chrome.exe	32
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33
PID 2600 wrote to memory of 2588	2600	chrome.exe	33

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fusion1.14_[unknowncheats.me]_.dll,#1
1⤵
- Suspicious use of FindShellTrayWindow
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d89758,0x7fef6d89768,0x7fef6d89778
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:2
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1260 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:2
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2964 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:8
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3400 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3784 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3764 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3712 --field-trial-handle=1224,i,17872864040222083638,6985173090593644124,131072 /prefetch:1
  2⤵
  PID:1504

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1240

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\ShowWatch.vsw
1⤵
PID:1940
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\ShowWatch.vsw"
  2⤵
  PID:856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\058de7ec-2e5f-4240-9315-20940fc7a82c.tmp

Filesize
6KB

MD5
ab23c429ef7d1506f1599531dcc2c943

SHA1
da2c468a302f9bd510f16bc7743b130bf8083ac7

SHA256
6be3821c58d5e4874b124fe651f558628de8515d499472c0c491c2f40f5a4d25

SHA512
fe22a589f37e68d14633ed207e21f0aa3fd82379ef3d6696fca77e607556c4d28bc1674c99a8a4e8c52cc3540d4a38b020be685d81e28529e2ed026469ee0c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
191eac8cba6dd9ccfbf3dea88bbccd1b

SHA1
e189815d6f3d79902391ac68696e4d816e2b7996

SHA256
041feaad8d35647c69ed637265245ed99f0d066abe7c32cc7dd68dea885b8db8

SHA512
6ca598c885ebc0a9c08eaa1292f363e5d22c893e7317433c66908898964fe28914680a6e74e3bea0bc0210cf8477af957ace4675af84fa42b51e8251e1addec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d9d8d7ac2f8d86deb543d62a55c0b3be

SHA1
0ddbc8061a79ea1efeb6182c323f221bbe8788fe

SHA256
e5cca655e88baeff9dab03268801957f9b662f4833f7061cf73ff924546ab544

SHA512
70eb355956cd1106816a98f054e4328c0822fdb6bf2d38ad3c3de113683cf2aa81c3f0d200730b5cc02d5335f7e65cf86b47792b541d5409556238545a5b3aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2b306d0cb3968a3413d2e5684b614905

SHA1
27a935705f88b2a31072f7642d9b50418205db63

SHA256
2dec204f5941da8c94c794214c3b48696b83659800419c403d1f6efa37feff2e

SHA512
7deaaecf358c1e3adf8d62075c97df1569739e2df3c86d922f76a23a116bbbe9b6c859296e6ab7b7b01a56be3d420908180d12f12aab6ecae28db07294e1d715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e61a6f17ee58fffae7ec2a0d24cba2f6

SHA1
e1cf744c8bc660688be7dd99eca98415fc50d1e2

SHA256
b62ea26fec16068854ba7858f93e5e15512a8f65f952d275dad4cef5c3e79ed9

SHA512
b215c7001969c3895854cef0c241085427679de80977d5473a90e1ffd10f3e25b471aa3fa58a161f767e556e89269b6e98b1ffda3196b25a810ad3f39aa1aca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8fa79a6896bdc9ec14cc99324b0b14a9

SHA1
0e4a39e8c31435c4cc0ea82b6104c157eff0c007

SHA256
c6bdc822ffd846c427393447a06de6a0ca7751f6c734fc83e4b0a67caadbc5e1

SHA512
9320ae16a059bdc2442ecedd5d247e6d71c520bc528ccfe20e52bfff5dbff2b59067f2f87aeecccec79b48e6e85816ac081752a712b6f4ef609f41d56cfdd9d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
271KB

MD5
4d88e9f3be21eefacbc7b1afb3b12ca3

SHA1
69c2cb33d22a17fa7a61ac848b31111d92f2664d

SHA256
d7e43c7c3fb1616b5ba2b2c78d1494aa2a0a500fcd4bb7191efd664899c6c284

SHA512
42997515467bf9524eea72a8c91c7a8743a833f8c42bf0dba26ba69d9d532897c3c0f945917f20de9cf452e9220fa81c012b3ee088824788af34db114907bc18

Download Submit