hxxp://cryptodagalaxy[.]com

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 21:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cryptodagalaxy.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628748283328318"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
3776	chrome.exe
3776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 2076	832	chrome.exe	82
PID 832 wrote to memory of 2076	832	chrome.exe	82
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 1668	832	chrome.exe	83
PID 832 wrote to memory of 2408	832	chrome.exe	84
PID 832 wrote to memory of 2408	832	chrome.exe	84
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85
PID 832 wrote to memory of 3128	832	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://cryptodagalaxy.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd1bc7ab58,0x7ffd1bc7ab68,0x7ffd1bc7ab78
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2304 --field-trial-handle=1912,i,6133989956437823967,3601414409834181805,131072 /prefetch:1
  2⤵
  PID:2916

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\18c70069-6944-4f22-b705-28611ea05039.tmp

Filesize
7KB

MD5
41628ae9781bb1cba55d6071d311cbaa

SHA1
d1cc7ad2fbf837d0411c1b598da9aebde9844877

SHA256
3409640aaa40a0a7d80a9d33458a305955fe0d547bcd5aaee3a2381c0861219a

SHA512
f69b96c15675379cd68bbead2f63baeb6ad5863fa9514c6653d2d8bdb78f9c288b11d68ef3d2bf725ccc1103a4ee914bc7ccf84ce956a66e98abe890ba387aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c875fcd6696da76135166ce8c633cea7

SHA1
3360cde9a4ad11693e074b7d8a428a1d06faf610

SHA256
f90f3fc7bbc7cbe3eae528d5a8fda153beb23b57799b087e73cdcee5b4240236

SHA512
593a05333e4eb87a2da1f785ec136f47252cbcd1bc3da01b78c810f3defe934263290e4be39568511a7d1da085370656b7afb8a779d13e5fbeda8e675217a98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7ec24fe4a28e92223f03b26153228caf

SHA1
104c0da9b170a3381d7dc84cc4c58e09b5f35cf5

SHA256
8ee01afe240feb24473316fc4d1e0b1e7c50f585e2c5977b421515ff7787afa6

SHA512
f2267efa7ea939c21526020ca6d5e052fa4b83ca478fbbbc2b5e3b3cc22e3241d451b78d50a06db2c75a97f40fa0cd0c1a3d9429a46bf397be86b2e7d737bcf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e4d4968a419bbf66d92135fe07418b16

SHA1
e79004b48ed4c5010f536658ad0c3ad59208b86f

SHA256
8e57bdd559abd04f9e2ea77a0c29c58e3e8195c5be809de71a7bee0c5c96beee

SHA512
f2b2d13e2d188c6c1f0143b1095af8c0418a3870d0ebee437ca58d7af959d0fb25764c6e92b8e58377fba10f819dcf42e6f01a2c4b70d2e4d09d0b1c40a92c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
9b91e9aa66291fb6a7b2dbc63146186c

SHA1
39424a80d866fcce75fd0ed042d85401d9685a9a

SHA256
40d293729d8960991d8855d053cda053f2de4ebfdbff0f6ef2234bdcadf03fe4

SHA512
1e34e93b78ba005599e0b09bb55a3f0cf88973424e0ab484fa659442c9c778abaa90ffdfa38d1df4f4ca3a63f2a5c2488dade5f841b04ff9007cc9fdb9e55a11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
2170658b9fd0936cbaf2ad725b46d90e

SHA1
aaa795856ef13351d3ae326ef7b1c29d592e84a6

SHA256
40086355656984b8703f56b854603b74d947c8ed132b58b514510b6f9bc06b37

SHA512
043d3d76120af9d25221b9447d4a42f4116a47e2d0de5181cd49dcfa793f20137f9f434faa5c8cadfbc41893d25968862e3febbdc32bec06dc32a98e6ca3c0f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f674f6f3b0dfbdde8f05b2f36782e943

SHA1
6496f2f53089b9b9f067fc17c4b16be5cbe549c3

SHA256
91e9bd1dd77561a6526a00d1cf4fda5a8ef3d942504a3b425efcb25a5506350e

SHA512
16d14aeced5ac789df00c9ccbf34ac2466e7815cb3236e9fa3bc52d5b8bd3e8091e4c04f0c3ad249c94c377632fd91d860e3795fddd84162824d99c1db26b2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f577a0a32e3d1ecf992980ee9ddb0cea

SHA1
38801f2e7a6f961f56fabb2e21f2b13b2b6bf1ae

SHA256
877ca2d00f2c49369c4137c400762c81ae0cc2495b6768086c32ba1b3f850eef

SHA512
c6b467e8054823cbaae1c5cdd662fb21e110d120b132e9790abde5fb4f14426bc12c29cb30bc109b530a7235782572d99bbed060ae15d18fa82ca8b68704a2be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
0cb024254de2f513dce4cdb6e72c6f30

SHA1
fd98c469441765ed5b7dfab1829094e413cbbb7e

SHA256
be497eb10ea2525153c428961b42b24b70c760ab5972a97a8602475629d708f5

SHA512
91608f1c303d66ec9b6aee53fbf8b455b3ec26eb852e8594c2c9ce5775c4e20f0421e4fc2f6f137e4a865f35d2974215459cd487386178ba08920e3af3cc9139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
054f26ba59e87b6f51da0f23d6f017d8

SHA1
6dd88320b7b263d396bd7829b045069b432e7479

SHA256
9b479dddeb6f1fd245fd225aaf4eb6a851d30d7a580014daafddfe2bef703cbe

SHA512
29c56a110c801b255c3e71a05c8734665aadfa4ec09c531ddd4917ca89df1c1f9fc7acc74e8a1dcad621b1f2964732f8c8795c648439f9e8c0cb21ceb5c04ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe594ee1.TMP

Filesize
88KB

MD5
35d69b08eb788fdd9443c9a05496e55a

SHA1
ecbc02401c77a1f0419fae16359b87b4d833dc4f

SHA256
fd7377876edbf112fd63ebdc947c1d404ead8375e09b2daeb8ac80ce146ba4eb

SHA512
2302dc20f39a716488b62a2210a6f5652f80bdd00dec702796def2cd285b1b85e25ff6d0a1bf09d3ea24676e6ed72b031457cd76b1b3e2f47d56206861c39145

Download Submit