hxxp://185[.]172[.]128[.]93/sh

Analysis

max time kernel
149s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://185.172.128.93/sh

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653994044233778"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1084	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2084	chrome.exe
2084	chrome.exe
4832	chrome.exe
4832	chrome.exe
4832	chrome.exe
4832	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2084	chrome.exe
2084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe
Token: SeShutdownPrivilege	2084	chrome.exe
Token: SeCreatePagefilePrivilege	2084	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe
2084	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1056	2084	chrome.exe	84
PID 2084 wrote to memory of 1056	2084	chrome.exe	84
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 4220	2084	chrome.exe	86
PID 2084 wrote to memory of 824	2084	chrome.exe	87
PID 2084 wrote to memory of 824	2084	chrome.exe	87
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88
PID 2084 wrote to memory of 3396	2084	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://185.172.128.93/sh
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe6ad7cc40,0x7ffe6ad7cc4c,0x7ffe6ad7cc58
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,14605880409471484973,17613159814652698703,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,14605880409471484973,17613159814652698703,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,14605880409471484973,17613159814652698703,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,14605880409471484973,17613159814652698703,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,14605880409471484973,17613159814652698703,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4636,i,14605880409471484973,17613159814652698703,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=964,i,14605880409471484973,17613159814652698703,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4832

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3252

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4456
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\sh.crdownload
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b7b49d9f9cf9728cd9c26f03454e823c

SHA1
094c540ebf94c65c49de15a5e47b7f70629545a0

SHA256
8267b7775cbd281a4d5b8f4513afde69233745485fd7e3d0a1ea9016fd6aec33

SHA512
1388e5684efa8dff85ebed614f6d80e16248ff773362495cffdf8e18ad1ac5eb2589874727a5875d5e315fc7a3c16d2c9fbae6489f47027e293d4ea61448e22f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a5157504aee32d073a86b3cf08de2222

SHA1
0fa4883ea949e9cb5aa681b1019a622550bc3490

SHA256
9ae1905c3c8b5ce5f9377649a9bba1476caea412a7f3916a338ea1f6dbbe1bec

SHA512
e369187d6fa30123d4a99b898b35284ae8df52e05d36e67e9469b250c94175b0c36ccd0630027314a88ee4e385d007f168b130755602c4205b2faf973feb4b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
af9accf0341c428ce95e9e150bdaf3f7

SHA1
662939f71d848e606c7d3ae15bcfd95f678464a3

SHA256
0b4e6f4f9ed14af6e72c43356a16d6893b3a398dd5bd3bb3aa7d4e09e5f06861

SHA512
486f5eec20a9ac3046d985f4e91054a6f78ba4853661efc160941c9416aac2fd8a6dd7b15725d6b76af1ec561ae3b7820b12e26f5f17b71621a667683ba937c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b26e4c8fface6b2af63436e882989fc6

SHA1
bb913aa8264d7771c4ad08095d133c59d3a49a29

SHA256
bdda325ea768ae1f46cd0c0443ed154feb2999ba232d882f33bc20c80ccd8ef4

SHA512
34e55c0f65210b0e87b64e033d2f779de19f92f72235100183fd6c169586045d8b69144256c9b39c4faf9c911a6b1ab33d2ee39ae27f0f034c5c0d6d3ef28a1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b9d9b9ae64e3a2b492a4aa42f75ca61a

SHA1
ee05f10caa889ec93b2e7c5dd27bdb82638c27a9

SHA256
a5f99cd868c37d8cfeac9b75c24b0488c0c944ec075f7fe42e835015588f823b

SHA512
f17ab019b096b0aab64186c344e49cb8e852c2fdfce59d6ede29b9111705deddba78b56561ce15f2d1b09c0208cca1a41cff416376e87710b027bc6b90561588

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
757e90de44faf98aa60fb5afcfde865b

SHA1
f82d64f8983a91adf7b29391f29439d449741e80

SHA256
d18b3bc483fe667b1d3945a1f967531ae64bd0e9e6a40d263d7e151e8787dc8c

SHA512
5e5407ae7cb42a9309b15b06a6c78c35d6811cb95dafa0af368b9ce10cb41b1eb82b644c296e0d00d040e2c15a8f3970a486e642acd66b5264fb33486392878d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cb49df7afcb030279f04175ff9b05a62

SHA1
ea863dab914824b706660a58c6079800c9f2e746

SHA256
27360759a617fb8c5e2ca9ef429d71658bdd644220a2735e3da562e3f89efd25

SHA512
50d9ba979d74f49796a8bf1208d1a4a23243ee83c546274cf084045bd57916671d9d2d4e9a093e0b6d8777da61ea0f59cf828f6c96620f44406a9d11f10fbc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
db648e38b7ed26140434bc467dde02db

SHA1
6ed9c1f09dca0bf75f0611a6189be78b4250e897

SHA256
28987b6cf3b1d6cf9093900aac371446f5858715e4103e624a5cad887f06c051

SHA512
dbca4ee73eb0a9b0455de9beec22a48848890c89ecd64ae5b9f3cae11b937a13d3dc3b441f9b5cf49511aff9cb8b29b555298db3525d6973283153639adeba6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
cac92df065fe6eb19c81f21840f4e35b

SHA1
1f6c88287a893508150fe604d87232bf1fa1cbb6

SHA256
57f8312f3af249d298d6c4778c40f79056396cb89946e02df3b21e0855ef6627

SHA512
7ddd9ee55c17b8008d3a3e848faef74ea700cf7e4b03a3a7d526ec9766918d9028e63e013b354e4ee34aa8d803782878b833f00d4193a67293c94dae5f220c86

Download Submit
C:\Users\Admin\Downloads\sh.crdownload

Filesize
1KB

MD5
14cbe9223703ba57008597eae54a649d

SHA1
a57bd2b822ee32717831adc69a88da9fc178a28a

SHA256
257e5beffe7cc422f2ec7b639bc73f2885f90f54511a371332a89fd10eca2738

SHA512
fb027ee0a927fd2522d1c442267aa0442255be1b3d5d085256e179c933ceb0c2681e73b2fb9eb263202c50b5ca21972b9cc3385f12b3fb6bd9ba58c9cb6fb88c

Download Submit