hxxp://185[.]196[.]10[.]4/mamonts[.]php

Resubmissions

03-07-2024 19:28

240703-x6sg3athqq 1

03-07-2024 18:57

240703-xl721svdld 1

Analysis

max time kernel
570s
max time network
485s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://185.196.10.4/mamonts.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645085412436624"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
412	chrome.exe
412	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
412	chrome.exe
412	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 412 wrote to memory of 1708	412	chrome.exe	88
PID 412 wrote to memory of 1708	412	chrome.exe	88
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1936	412	chrome.exe	89
PID 412 wrote to memory of 1064	412	chrome.exe	90
PID 412 wrote to memory of 1064	412	chrome.exe	90
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91
PID 412 wrote to memory of 3928	412	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://185.196.10.4/mamonts.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb46dab58,0x7ffbb46dab68,0x7ffbb46dab78
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=2016,i,3657757265070967115,1412856146229334003,131072 /prefetch:2
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2016,i,3657757265070967115,1412856146229334003,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=2016,i,3657757265070967115,1412856146229334003,131072 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=2016,i,3657757265070967115,1412856146229334003,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=2016,i,3657757265070967115,1412856146229334003,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=2016,i,3657757265070967115,1412856146229334003,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=2016,i,3657757265070967115,1412856146229334003,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4568 --field-trial-handle=2016,i,3657757265070967115,1412856146229334003,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=2016,i,3657757265070967115,1412856146229334003,131072 /prefetch:8
  2⤵
  PID:2464

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
149KB

MD5
cf632242b53080564726fa18c86b0e32

SHA1
2dad95c1482e07cdb6c8ea21f1c6174f4384bf70

SHA256
070a768107296cd6f257cc9412fb3931ce1d218a0a118887fffe46b541c527b0

SHA512
ab238bd2b0b699b821b4a0e1d59fb79f8226e088293e6da4395e94a3d421b7fd5ae775cc00267643dc274f32eb1fd65920d72a9089395e0d832e1979d1bd6bc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
354d842979814e95cb21a814f01d39a3

SHA1
f86ac694556b7cb80ccf49f5c97bc093c447fbbc

SHA256
20c834db8de9c60f9aef37b550aab8dfd73a7f681f8aee35ce6c583d8cefec96

SHA512
af7676dc1a5871071e35746d4d4c15677bac50c2fc72aabe40bb0f38eae2e01e49be3b6f74addd94cb1631f3aebd61a71eba8056ed5aca935ff7cec0b3d4bfde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a116a2c359d9539fd30f882e6f0d0755

SHA1
4a48107f8ca3c5a1ad2838eb216371ed070faaec

SHA256
a3c51c1e53bd83071b0267d10579542e2987129b617a94bbdfd1b2941a192b92

SHA512
651ec407dc9b73fae288e5595fee4fdb9d2ab0196335230a40698dd4177f9695fbe20dad45794665cbfbf89700997dc43f693a2bb080d2ffc9740aa6f6bbaa6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dd7148b36a3b0516b570317efdfa8878

SHA1
98cd487d98dd0f1b0fc674fa223f4b85901c2254

SHA256
6f0f5996e027711240294935a29bb07f7e525ab2728fd131fbfbccf2e35b57df

SHA512
711600af056b12c130c470b99437dcf66318602872ab270d4435c2fa18ddbce1f70a169572033a900ed438852695db9d3060945ef1f86dc22ec106bc6451a6ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
439ec05f64fb506f60b128c664f71394

SHA1
c3c3080fe83583b84fc64abc6f8f6ab513c51d6f

SHA256
31499fba746eb7c674044c899b7a67adb86d23ae80d320681166d902052f0755

SHA512
1cf1285e06b408aff2eeef0a111f3c970377d31ef210a805ca7524dabd6ded28466de2584380b07329f859724889c7ce78182f6fb1ef2d962560dc319aefa998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fed44df182718a19e16199f07eacdb53

SHA1
3db4d164dc75d2c2e61b5e9d0ef4feb7b48f4987

SHA256
a3092edaaed5f9b950c5a787fe2900b94c4a21149b788a705107fd3b8bb30ab0

SHA512
05305b984bb86a072da98d40b7a15ef081c4ac4f6749b745e085b6879e5bff3c05a91579774a12a3ce5a9f12dde4bdf97022194ef14398d007728c0314dc0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
561de9776751ea0dc9af0065908b5486

SHA1
324ffdab597f4847693c98c8d202800e90c36474

SHA256
d934370d1a4b930cbcb6a84f3799a8ef6fb2dcd7a8b55c0643f423f0c7535e82

SHA512
c5c8382f94d23bd46e38e644008fd095dcb80d8b9b4cbc6ad69b00e364db56126684e93303e73f6b06c17c4765655146efd5c3a4b230f28514c574aaf378078a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f43af31c-21e9-4760-8492-aa0d6a84af85.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a0f869cae9cdf0be16746b80d8170bea

SHA1
0c457a1b6205321a3682fbad24be27c7ed7bfac8

SHA256
0786bf2bd4b3a72751957c3e911a9e9d531997cb393a9006d4978e81aeeff17f

SHA512
419d8ad4f0a99f119c8febb5e1f08b11c41cce5c2448ae459ecec2595b1fb5fb605c154cf8a7475eff797ce2dc1b7391c5f7f0092c567c016c0f6d943a9f634c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e39a8cf4a071af35df82771f27d31682

SHA1
36c4e2c8f96ed4fe2d4920086bde4cd96f0e78ef

SHA256
8e93fc21a9ac2124c9c6dfe1677aed44988bd9998d14c1217eb2ffa659f3d45f

SHA512
b049fb23be6953ef63f22267cd416e151149387813d51330566681caef94b11a5009e3a6aa689a267415a36b7843f294a1d3ad37db4dd1e8302f002b9ae53767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1b5ce591d0dac565c231b76cae5d0e9e

SHA1
77f4a67ce832cccf9d9c813503d7ad2d8c5a36e8

SHA256
3edfbba92c37d5a2426cbd577aec96c251250efc5f105002210f1af6e805f530

SHA512
43921fcc5bb3ae9da61be853c2b26ae01e2744abd5d2f4ed6610b05af2f39b90f539d73322e7daf8a47ab3c388e1a38b4a3cedede42ff96227d3d030a0baebb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1f822cf88a3e4c28b286b04df61b73aa

SHA1
370c7d245d3438ca0c4233ccbd6ea075f27c8a44

SHA256
68bb4906cf2539019ca10721f37b9caf04d4e9c4eb44071618a81d1af0590afc

SHA512
80cafd56297f0e6f9672e771f3153438f1439d689fb6aa7fe858cb832af3c6a962fe5af9394a9d6c19764b8c868443d3ab3c6dfd0643ebf46514a1eb4b2fd634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d75248ae86e242d823c461311cfdc9a6

SHA1
951e1433e63d4970fca411f29c08ffd447c58d72

SHA256
a4e7a089c90634e3b3f7b691dbfdb6e32d4939327bd5c24097789ee6ef25e291

SHA512
a218f2b88c3cbebf7a935a5b6b3c07b2ba7c91734d8ea1665f538e18524a51d0f4621059369fd7c507073a2a8ea556d46d3a02ac7433599e369401da011c35c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6d45054d0ac63e8474f34c5f009a5d14

SHA1
b795fcedce9d4ca35917709726645a61961abf15

SHA256
9e027e93956866abce49d10604a7cc3dc2bb2ffdf8c61af0bd780e4441668b4c

SHA512
e8f1857dda70b30790b04af30b0ab3d149d690bba48cea227e0bee0da2f3690845077798c552e5e60a285659e8b7ae00ec5678be083eb3f68ce950737a001c96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
db756c392c8ffb3533a99cfd9538eb65

SHA1
47c3c2e7dac631bb94bcabc323da9977b34d872b

SHA256
1003e1de5da67c01b8b23f042b11669b4f0e1c129a80b71fc8f9eb0f32890b7e

SHA512
a0ed591aaed12cef2d881a8af02f4af1cb503d60e97b3153453c261174e6688b5fa3b3b9a2881751b0ac87e894a932d1694553fcf153fe65911f12eb3b8ed773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d6f7eb6f6b235a705fe5898471268bd

SHA1
8ae30bb5e7107d8af4cfec40ea193e6cfaa7ca89

SHA256
2ff3ca215f974b3c99cbe8d1c683efd01fcd61b9d3efdad51dd29fa13d0cee76

SHA512
379f678859e4c109dec354a5db16296fa2ab9471c0b2e606f2a4399bc530b041403e826db89c98dd17b99f6970795ef8ea742a8f28a4c2802f9d24bb8a1425d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
a9c0e79ecc23668861d2b100954df44f

SHA1
e8f17e00eba5796d78031eb5c212bea543b5e1fb

SHA256
95f0d653950765e56733733894d4546f4df8d3e549c83156e776f120b25a7cee

SHA512
7e90e7fa5bad0380b5f512ee00a3d64236deb4ecd356046ee1e09c86a6a4ecd7b9c8ce3f886601b9629e68f135575547f138e6be01dd712e740dc85a3d4e2c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
4a201bca837d3631f2c9e3c6cc470707

SHA1
e1e1d1378d4729ccfbc6f09e82be17852bb08a50

SHA256
64144fa99bd742eb47c8180164b21cd6986dfaceb137e5f0fc42b6a1f3e241f9

SHA512
cd41fe931ce77bdbd50f3233b594c4e278a558c67b04a8cd6377891f0f41fddcfd505e31cf9513846b6a79d162e8fdb91d422f7695ed2a32c1a99ea305744923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59a7a0.TMP

Filesize
88KB

MD5
80cfbf3e23c584230f64ac816486ca99

SHA1
62503bef5c427024ffca8da07cf10b5d49301b09

SHA256
043c2d411f7031e4fa3ef514872f351beeeba7f9758b3757a38673929d27fa8c

SHA512
9867f03a795ef3ef0f881231db4fcb2537a547921ae171d245a310134b0ac29d8cdabad557922d5e1b2ef1d371728173fd6695258e8eab0f476980bf1abd0e5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit