hxxp://51[.]20[.]32[.]129[:]5000/victim-info

Analysis

max time kernel
1799s
max time network
1691s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
16/06/2024, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://51.20.32.129:5000/victim-info

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630271157361276"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 3336	1300	chrome.exe	70
PID 1300 wrote to memory of 3336	1300	chrome.exe	70
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 4884	1300	chrome.exe	72
PID 1300 wrote to memory of 1436	1300	chrome.exe	73
PID 1300 wrote to memory of 1436	1300	chrome.exe	73
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74
PID 1300 wrote to memory of 3556	1300	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://51.20.32.129:5000/victim-info
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff99bdc9758,0x7ff99bdc9768,0x7ff99bdc9778
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:2
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2672 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2812 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4252 --field-trial-handle=1852,i,688133250136218933,13444340832076824446,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\302d96bd-4e86-4abc-b85b-7011fcc7756f.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9ae0e68b-9c05-4046-859d-83749e094dad.tmp

Filesize
93KB

MD5
8aa1ed144a80a18c7810ab66a69282ef

SHA1
2bc606cc53203421e598a6341865bc2ea92b0c01

SHA256
abe6f0a88856403bd2dc32fe94a60da3a5a8a48707cf44bc9030ea8a55fbc899

SHA512
b4c3186298608b265e11b10dcc6c6c20859468ff2d052a0e8799154c295bf50d0ab9f60e14f030250582c38c8fdebad8571428e5ea86fe6f9008f52d08253cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
854eecaa32febb508d85399d22d97260

SHA1
7669881b49ef53ae24157cd9ab0d67b31e51bcdb

SHA256
9e656508af53c78d4572c49bdc18befdb7cc6839363afd5d0434ad938efb03b8

SHA512
28fec109bc162344e33b5f8bfd6be4036109cdd4c4471e85b489b0064a517c21ed205fa09fea047e2e9c06d98eeddec0b37d9cca85bff2887d56efda0432dcbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c2542430523cf437cf51ff29efe2b523

SHA1
3b8bce4e7b0576c694dd215c400a6a38ec9e31cd

SHA256
907fa9dec34c750fed2b40247e9a222efe37a6724540145709befc3e3e2d666d

SHA512
65915a360dc0b40d8242f4de8b2affca203d579d5b4e16f722300e7988482e143331e40c81e019d57886500790c157f1161237ba749e2a222414e23a17311829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a7195faad207ec6a94268807c87f7ed2

SHA1
e56af080802596a7e09961163209e2a2d36b3ef4

SHA256
ca4515e1430f98e1d59227560ec2da05897c37646b1f5f6fdc8ad1730e119602

SHA512
466c2827dd6d0f13504e177cc529a015ea130c0b7d41722eb81bc341b2bcffabd608ee97c15564632082257bcfce5132b6d184945032f42a97aea802625d2765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1165b2bc7063379a44b681b45cf2740c

SHA1
93a5736c0315dd32dd3a28446c7be6d7bc972e99

SHA256
5112efda602aab0984a42f2890a7f468528686a7112d897d394185a9d5c6a7ae

SHA512
f3bea1028f6e8655e729caac3568ab1323e712c8a197fffedb19b75493f35bb06d02bd6fdb9908f120838cf21640b770c6f7f381f86096e1ec58c9a9ecb16623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
972d8643e5b920769c814d93fbb4da43

SHA1
ab6ffd8ba0b2950374660d9bbd1ce58042324952

SHA256
ea64518e12448226a70e839c76dd1c5aa78e90230dfffce19df91965df966aed

SHA512
2db45b97fd96f909b1819e75c9245e82d3ef360f0a1870f155260b47bfda552668a9f194f21a2e194c9b7b617b8254e5a0c4c6fdb49ffc43e0d627094ea9c42a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
0cb637e118032b19b3c3e7070629fbbe

SHA1
adc0542d0ca34527d8dc42898ae9ed2250609201

SHA256
949afbb3a94882e9b0c004fd38546081f5f20011a8c71c957c8dc50b652c5359

SHA512
dcea257e81fe3dd3aef43372fa74fc505327401d629ba526b31e0d551322a080b77f48bd58097c32dee0d1179cb2cb4caefd9eecd7dc6fd856dbdddf8f9fb7b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
05f7aef735c66e865f7d8968905ada7e

SHA1
cc5fa129a6554b1d9cd6d5dfc85132b0fa2edfe7

SHA256
3c22df6305788bfe01a4d405d383880a07567d035e6a23e289e2c42c47c747bb

SHA512
5a3bce4a21933e43ada7108a1327431a2dc115d3ef29acdfb366847ef8906a1422ffc685746888cc89a458c44151bb856e9d2793669ca31302ed8c290146af88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
0062862ca319196a0211a50a6a7d73e5

SHA1
d2b1ca0bad66305204dc8ab364a77d4a3451c631

SHA256
0d213a5f8122cf58958dff009d34b0cc5ca466483a94e577174fc3d15538502f

SHA512
c7946c3b1a525e61cce66deeb26914bb2ed81c0793372bd3b657e8b68c46b7c8c3ea9162e606df93adc308049d65e317858c72651b9f27c56de200f08bf751f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e124.TMP

Filesize
91KB

MD5
ff69e01961c89b0287487ee02c289c3e

SHA1
779ccc2646f1fa3a0aace86d489429e46e2b7707

SHA256
17a8ed6640fa7f97655730eb0496b68eadc1c0dca3ceb3cc1d1821da4c9a210c

SHA512
00c81ca0575d16b3cc9c42330f45f72a77f5a6db3148121508089fb3c1f002976820d47788ca55f758c9e21938272abbc5281472348856bdd401650cc89609d1

Download Submit