hxxps://experts-datastamp[.]co

Analysis

max time kernel
86s
max time network
87s
platform
windows10-1703_x64
resource
win10-20240404-it
resource tags

arch:x64arch:x86image:win10-20240404-itlocale:it-itos:windows10-1703-x64systemwindows
submitted
08/07/2024, 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://experts-datastamp.co

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649020900428195"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 3644	4648	chrome.exe	73
PID 4648 wrote to memory of 3644	4648	chrome.exe	73
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2204	4648	chrome.exe	75
PID 4648 wrote to memory of 2628	4648	chrome.exe	76
PID 4648 wrote to memory of 2628	4648	chrome.exe	76
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77
PID 4648 wrote to memory of 4444	4648	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://experts-datastamp.co
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdb9ac9758,0x7ffdb9ac9768,0x7ffdb9ac9778
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3856 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3252 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:8
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3876 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3628 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4680 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4416 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4528 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3984 --field-trial-handle=1716,i,10319458000750997751,3080840847076199158,131072 /prefetch:1
  2⤵
  PID:4864

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\28f3e9ec-26b5-4a52-9271-8ea610c50f95.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c501b93b420e350bb9f469b018467835

SHA1
8bbb4c7c9f0a87db4d62c918992b618523cd4e39

SHA256
9276fa5be60d01190dd37e311362b87ed5a4551486a2bc08224d45627b725598

SHA512
889880f84510a522a0a656d0d37ba5e97b3703ee62869b22855e73c21001af478feea51ad5ed73cdfbbd701f1faa05261fe0a5b6af5a39aecb12ca582edb1945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5a2d49864b577e91b25144429305ed5d

SHA1
8591c27de19dc31b1f0aefbd4e74bd6424c5a62f

SHA256
5cdf1a775608d0e9c78c854df2944e6e2cb54e53b203b07355987f4a1ccd0368

SHA512
ff13b85401737f49f11a328f052ca35e65d94cac1a15021425dbc73f71b08ff3d9e4a0996570a6e87ed2338b6409d9e09fc2bacba78d1815e075df88d5989e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
afef76985ecda57836176996e619a4f4

SHA1
b690f27f66fbaa4293da7947dca803f2c590f0dc

SHA256
8d40b51a968bfdc7afcf6061e78492d5dfdcdbf64ee0464043ef98ecb863f69b

SHA512
75c17570a2e24e04cd605d072a3d37f4a8c436d8a738fece69a413bb02eb2ad0e2676da5d668af14ab566a01343db60d5b1aac7c70e31b1e6ff24d140130c7c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ad44f99872a11cd8ca73c62a99903d25

SHA1
10abbba1d7a31e25accfeb7caceae7bd12b35838

SHA256
f46b2f1de4dc83a5e3750630c61e4fe54b5a58e436abfa249e63464519debe3a

SHA512
d951d6b121eb918c9be16c54fab2e6e1ebab1bfbe836530d7af953d4d935b549cfd70fdd55850f52a6abd257d12fc37d270cd2a6f6e3efb871d9e99178f1a233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
259342e7d58a9c9edff94bdc01aeaf26

SHA1
0abe0f22d03814794a0afe4a0890c0d8832458b9

SHA256
4acf69a2e010764cc615b095700bc20b0295692172b67667cc6832c1f0b98449

SHA512
14839e455fd8409bd20bb4663db7c10b324e43a34242a67bd6a288637f1b44640a7473c82b39a2d46c8b3fb109359b30339726cff06cf84e1ed1aee13445ff77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ada52e569f16c953580fa60f79415732

SHA1
1efc2b514c77415aff7391f0d16b002d296ef40d

SHA256
d6f261bb2479b8ce4a292a34339ef540369693b43d2d48768d4199d34148edd2

SHA512
559853904c4afbf4f7dfdbd2ba483136b790a3f521cfa6c716bbe20546dcbaac3fd39233695e79df50a9ad4641fbaeb10791b5485a1471a73e112778b83bf9cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a73ecddb9d6d482c90139ea90622700

SHA1
a238b8edb8dfbbb6a5cdb5e61dd9960a2720c7f9

SHA256
20a542bc240127805298660381a1f097709e37bbc3461600540a7a85720bb58f

SHA512
f32b47ed461a0f8a4e7fc1d290d2126e8386633f4f03549213fe92323a2607fc7848f6f7d7ad72c2ad6ad19afde8e44f6969f5ff09f7e95a9160ecc66cdb2bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
083ad9ff7b9f3efe2c271a3e1a654b91

SHA1
b7191b474109c765ac054faf0bca4199aafd9d7d

SHA256
470c598371a60e54dd0ff50fbff14e53154bd2d352334815f9db20c648131d87

SHA512
1cba6b6ee53ffe1d0f464ac50e40bc609e4fbbf9d7a3f16270044db82425178be3a840948f8ca9144835074eb98bd44d1d6abfb23974c5a9dd4256c367fc299c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
f3decfd75a55943f578e8e1e3ed641b3

SHA1
ea2e3ecbd76b7d25bb34d1b2da968457be214248

SHA256
73b08be3073e8d003944f31ada0156238016c23f55bcdb97d7fd11fa99a2d3df

SHA512
80b4c6e14cd7c197177b601373255cd4c2b5c1d1d136d3c00d06b48af403d89d935e26360c2a19f66cf3a425fd79752e226726c36b080ec986ab426e620ff804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580376.TMP

Filesize
92KB

MD5
04cd50e1508c6741f0fef77090cff8bf

SHA1
ef7e8a0efdc9071141f80b69d7e82a946546d293

SHA256
7ade8a181cc11561aa39570ad7578c5b6ce87205fd7429e38248a58af5c50f28

SHA512
5682c77ba2ab8ebf397efea95b3e0414115e0b0fb87c4fea590f34207f7f0c5a20b6a893b337d01b72eaa163a44237524ced102a3144c0a0180cdfb75595cafc

Download Submit