ea57693b77ba0d034c0b9e8a874f3251440ba793251081899ca11fb98fc86574

Resubmissions

06-07-2024 02:51

240706-dclb4swenb 3

06-07-2024 02:45

240706-c8rnbswdmf 3

Analysis

max time kernel
9s
max time network
70s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
06-07-2024 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xvirus.py
Size

8KB
MD5

7b1a408c4fa7f99027bb497151875caa
SHA1

75fa713f0d8edc39e74bcbdf113ea8dc3fedfa97
SHA256

ea57693b77ba0d034c0b9e8a874f3251440ba793251081899ca11fb98fc86574
SHA512

75e55264f46d925e458ecdb2362d05cdf6477b18d3f659f01d2c33f528a5cb4ac4fa03a1508eaccddab8df8595193a59cdc8e1e564ca0244f31ddc19132e4f3f
SSDEEP

192:OxGWZRZd7vnTNxTM/DTdkBf9XxrcNqTf2BXsYEJv:z0zlvnTNxTF9XxrcNqTA7Ex

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2133704870-72480668-1360283475-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2133704870-72480668-1360283475-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
336	chrome.exe
336	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
336	chrome.exe
336	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2276	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 336 wrote to memory of 4068	336	chrome.exe	85
PID 336 wrote to memory of 4068	336	chrome.exe	85
PID 1432 wrote to memory of 4128	1432	chrome.exe	87
PID 1432 wrote to memory of 4128	1432	chrome.exe	87
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 972	336	chrome.exe	88
PID 336 wrote to memory of 1664	336	chrome.exe	89
PID 336 wrote to memory of 1664	336	chrome.exe	89
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90
PID 336 wrote to memory of 1636	336	chrome.exe	90

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Xvirus.py
1⤵
- Modifies registry class
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffadc2cab58,0x7ffadc2cab68,0x7ffadc2cab78
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:2
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4184 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4452 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4732 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5428 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1820,i,3302757603393439741,5601820478984724422,131072 /prefetch:8
  2⤵
  PID:2920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0x98,0x110,0x7ffadc2cab58,0x7ffadc2cab68,0x7ffadc2cab78
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1852,i,8318287485050117091,1830889255073974721,131072 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1852,i,8318287485050117091,1830889255073974721,131072 /prefetch:8
  2⤵
  PID:856

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c981f5f4c6eebb517d17602788cd4227

SHA1
26894743835dfed4347a27ff939117fae75341a2

SHA256
d5edd54976e7fe539327dca7937579288025e76dee027c6375902388abe4244e

SHA512
72e04a289d11204688554d16a5a261c6704eb57054ced9b1b4fc162fe881fb786233949feff8b40289f2c758de4d9aca7862f1adabd8c7ff6c4f6614bea7b2ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
219540caa42bbcba07fd1ff8ae0311c2

SHA1
18ee826cb77abeba11fdd7e174abd547885bb8d8

SHA256
ba2274af58c74099093c37b144660ba66fe93eb3c11f266077d9298daa45e288

SHA512
2f25909dc7c42c4e88e4c21d85f80c1f64fe698d363d29c6cf206a2d78c235227961dfc0e2245410ec173239ad67b8d9d8f92ee4cf3fb69e76ff93c1f8a4a9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2f621af47886956416e74ba048a0bbfd

SHA1
2979ea4bb6bc2373dd61d4554033b4c0854880b7

SHA256
ab208ab005ea6589f0e950bfbb4a9080653cc6441ed9a39cb0630a49171133a3

SHA512
515de97afff6668b670da250ac4e3a4b7b6ee3e06f0f63e387df6d1a9cd96ec8655ee2dd9d8b4521611db7becb1b10a36c1ec5de6a90614193a2e601f8d7b928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b61d2c6a64c0f09a39540e24bcc6ccd2

SHA1
e4937314771f6a06ef51fdd496c5f445d6afd0b6

SHA256
314fd698889fe59de4251f19a8529b63b5729a1eb88d49d140517a2bda754ddf

SHA512
e16cbefd11d8bda39292b42f44552102634dcee26a19de7f7e99bc65b27a6efb49ae82f7a1a2c8d54bf1a4489729655d647f45de5c115d69670d68e1c221cc2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
729041b01821d39c3e9b1c4f53abf79e

SHA1
4669dfec9d6949c6925164b1e3e4816e722cf1b7

SHA256
d7bf993ec2efe05ed18a71adb41b803cd3967ac1dadf22b0ea7ba6faa6949598

SHA512
f7ff8d28576c5eec8a81b7947c30c5c98303e00d7815ebc930f35541a612be5540970c9a7f2223d073bc084b041775130d7b7d36715c6371e531fdf6d60beb92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
966b429e639908ed6638e0af51dae3d6

SHA1
3cb61345a6ea3c90871bf65622321d3f63c1a7af

SHA256
4cee54979ed8aef2cd3d9f3bdca35db10c78f6ea7768cc8d798eaaf6102609bb

SHA512
862f73af24f33ad8bb1285b935828b9b9d52113522cad5167caa580a19029fdd2504b637148910c8f0920a719e1a6cd82ed993737ffe82d8ae7c3ed98c3f6339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
38ec07f875518b86dfbf7cb432184e7c

SHA1
d788786a9763b9f19e747f20ff1aa0e35d7b426f

SHA256
693e3c0df4ac9aaef35996596e75302e151821d3a692d609f41a03e84d46b1af

SHA512
1b8606a6e4e1006e751a0b3b7053aa19dbc9d2fdd430715fadfe4e958a61aae922cb7c2d15b649e6bc2128d4624c042e6bdbbeb3f540160200b01fb871089f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
10324656d99d9b9bac7775dd0c7d6418

SHA1
faf383ba2d15cc6d25658ed80d7a7f12d429dc91

SHA256
1d1999be9db9982ab36698d019cb15e26a6fca06b415e38f5f70cf5577d7560d

SHA512
4bda4f3d194f8df294beba9f5507b64b687559ba5e93273cef65944edd91fc54f964d4294714d06f3ba92d627376f24018ffcd1666146524e49af85680da1e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
369ae1a7e9d875cb42fb2e5998733a89

SHA1
3464348753388de405f7912449d30be8bd2e1ea5

SHA256
a044f74fd32eb1716a6f511b64da3ff8eb73022e168bb475e527a8e2aec72107

SHA512
f577118fd599e97a0f374cce8801343c9c13ffb11134ff528133d0b4a092defe713614cff8c3b5151dc6b302f461a9b1a6b25b93f5b027e1d18a5e6660d118b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
d794dcae18af31b5e0868b57ca6b73e6

SHA1
dee02451f1ba8bd342918e025c739f666b0d9065

SHA256
d2af226a3b6b419cea1cd4e76f6e55dce344886e59e0099a8694c66fa34d2576

SHA512
ea8eaf06126a7083086027820917e4ac36ef44bf7a259d43e60a75996295a7b9a2423e5d48535ce0bb409bda2d7c7b36c4f41b985d8a0cde8e65c7ab90510396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
295b1c4a0abedeade27f35bb13145e66

SHA1
ce2cc33aca714d9f7b482a3b5fc5a6eeedd3d2f2

SHA256
8bb786212aea260c2c3e96d7e4d506e260ece0ecbdc94a9ae50b0b441c99d9a3

SHA512
ce4bdab3195a9d737290c2fc62735c39f3674ec6e7bd2885512eff70463c462a757d533b8a4aaaac7b888b63c24672ce86830ae1e0435db28d1b775dec6d5af7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
d12bbb15f127eb71da1a4d530570494c

SHA1
e4aca671d98c1f4509450c1ed849c48ce17a09b7

SHA256
955ed11a63efe33474c640d7e6741dfd6e6bb12b31d51e1047ef729b2a6c9c01

SHA512
42ebc325e018b067b4064382d8707b63f966c7ed33dc4923f7f5b996a803ff391ce0f90ec78fc970f05593ce149f22ee9d5072ba79c8fd22cea187c8b2fc719a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
13fc9dad93ce5c37536c00281b9bc1da

SHA1
e217492728480a585251214196ee2d0f9561e4da

SHA256
5c707087226a67d8251dcded93492fda6b730073bcf533816bad5c8dd84da976

SHA512
dda75b5ff09f3ada559e7384b3104e7e630013551cd299e9575df2192c61299aba29a36dad5836567df5dd2b3770cf3306c0356e89edfb0b9cab68ef38439ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
b3830d1e576117bca75f5e14a56324c9

SHA1
8cbd6ef0814149cfa2a1b15ffd3e3cb9e31e3e63

SHA256
fad57f6cb04295ecfc74db5789365f2455190bf5a7d71487f4c1d112c4ee89c0

SHA512
1dfa0380dec91b342247edb4a98b0709de91b1374cf4e3c237d97fecaeb5ecac059f9260e0ce0888bd8d4dc26260fc7b9c41a4f42bdfcd86a41fa4183bb00706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
7f9817f131ef8aa8c20385b5c74a333c

SHA1
c6bfe0457b39edca636208165bfcea6f6b3a6cfd

SHA256
4548602ecaba33f993aa035f9435230b4cc8386f3f0a013e25550f22cb5cdedd

SHA512
daa765d1b8bed07890c389471df16c559d1f22fa593ac7bfc53e46187766a93fcfac2d3714e77faa8c69b843d211f3c1f9ddd3a8559ef24c92d47221b9390fcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a1a15fdcfb4e8bd716161ab30561904b

SHA1
9f047538fb1c4761b20c1e1d4f8ca3beab8c01e0

SHA256
c8355a68d5709564b56066201e748d7d93a3d94d32a5810aa9cabace3c6ce95c

SHA512
c9c4b72ffcce7030f8eca9295a267f9e53cfc7f051874981a6fdf6a4cb8b733ef98e1cdd136dae13dd711bc46bb73e028d1d63abd74ea19f980c9a49971be304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit