hxxps://github[.]com/dersdick/DCRat

Resubmissions

26/07/2024, 16:25

240726-twxr9aygrp 5

26/07/2024, 16:20

240726-ts4rdsyfkq 6

Analysis

max time kernel
600s
max time network
593s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/dersdick/DCRat

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664867211929843"	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe
Token: SeShutdownPrivilege	1264	chrome.exe
Token: SeCreatePagefilePrivilege	1264	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe
1264	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 1104	1264	chrome.exe	85
PID 1264 wrote to memory of 1104	1264	chrome.exe	85
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 3268	1264	chrome.exe	86
PID 1264 wrote to memory of 728	1264	chrome.exe	87
PID 1264 wrote to memory of 728	1264	chrome.exe	87
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88
PID 1264 wrote to memory of 3556	1264	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/dersdick/DCRat
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdfe90cc40,0x7ffdfe90cc4c,0x7ffdfe90cc58
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,11771289991551477231,6071716019076845258,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,11771289991551477231,6071716019076845258,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,11771289991551477231,6071716019076845258,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,11771289991551477231,6071716019076845258,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,11771289991551477231,6071716019076845258,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,11771289991551477231,6071716019076845258,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5004,i,11771289991551477231,6071716019076845258,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2304

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e5de0b8cf2d2e38e72a43818cae57c71

SHA1
4af23ba616b6f6b0640f99d0a4734a29799b50bf

SHA256
e5288f5c9810557a42210e10ec65be6113cd10832422b1524d4aeee5dfb72099

SHA512
72055b9c72b3931c144e408abaa7e6e371c12a17cbbcfdc9df271a4bc3a31de7472726956f771afa5be71a516633aa1a1c9d39baf45ebd9c4dc2ef8ca1b35d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e57bc17187444cefe0a1488577dfc96e

SHA1
7479495cb629efbc8254d41ae70f14b29293c482

SHA256
f61d31a8dde5986af4e1d55babd43659268d3d83c64353e2447aaed3b4764c05

SHA512
ae21f3f011391ef5e38782a1554d24a49cf9b85aff2e52b010b74ef0efe8ce762f200141975dc75b915b868a21a70dfec959595e1227cd87ed0e67c9bc448e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6de64ce5f70b678c153c73d5fa114f25

SHA1
bb6032db473ed67707e1fbd8de87e34d946aaa6d

SHA256
9fe1f727b41716d4ff20e56a28c4d5b49a4177bc601a3d53a59b67cf045c7e91

SHA512
8d52254fdb647cb3101e63b1d681286692f956971b766990c9fda411fc6d9545083a869a95eb13be918fcc291a967d2e286d7a5c963c8340a817363af1d3c3c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
952d1d6469f89cb470daa78c03535055

SHA1
86eeee00b69724a30557c6fd919551587277671b

SHA256
e71374bad644e6c7400e2e19ef8c97216281a5682a60a68db9ebd86a3a28b6e4

SHA512
7eab1964a56d3d2d347e4dc3c80b291ab234adcf55b8ff545355997b8ee1a500df128263fbb1fc034a924fa350ca46415e96b0c928d0da7efcd6dd756df8aa03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
44cbe934d5250998804f270f1e108910

SHA1
e6a7579bea563cda557b4615f67b4ac942b7d46d

SHA256
39b6aacf0d82693ca5920bbc4a4eba7e3254c47511984fc4563b63c4b6ce0d7f

SHA512
ebddcbb5e7da2ec21d2fed559d7a96b4192728bdb7306a2fde9989a17b44977fa1d088ec8886c3246e032b7c739467d8bdc509015f752bbda9c958b6029f3a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f163e2729f7d2cd2f7c95878e2124bc8

SHA1
3bbbcb518cce78d28ade6c51953d2869d98d2b78

SHA256
3f9be661b2538e70f103aca42fdcf28c6f25eaf41c54099c3a647042f8263729

SHA512
88a3c94cd219a40c7e6d2d43996ddd63f144eb101c0196dbec0f957c2906b4282e220364dc845429b0bdbccc53ea935bcdaab9a0f66b98aa79159e1ecc7e5fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7fd999e9f934a39a468e0278f3ef8e4

SHA1
21bd1c2c8cc2b2fbe1dceee25ad67e58f70444a1

SHA256
721d51440cc92a5f536bdfdf0477753dea00ab05e7cd12b79ea72e4f40f24527

SHA512
29fc696d8677268078520fc1ceeb649d677c57541dacf4f541786c2b8029f86f0fb0bc9dc918dfca9a5eb6de39a2dc4b3f30990e7f2721b4791e505886d73d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d03b49b45ba959a6abb97e48772af466

SHA1
d93fe60636e1221951426690ecc156c281f9d3d0

SHA256
e3de2ae3f70452bd26692ebc0e37a6c36fba4799122c58ff800fa5baa9aa3d7a

SHA512
a76360d6b7f68eacb1593b7f811735fddb1e2bd88dd73b16eebc2f83b5aee951f661e753f35d207039a23f99ba888f3ab3483589a8e6bb3996f2b62532c820c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27bbf5f4ae90b72fc5127630c5bd6e75

SHA1
a5f9d3239dbbded9dd7f95d7e198accb067f4c0d

SHA256
0aed87d4441046ffc619c2034fd1613228a6221941fbfe619efe540ee55c2672

SHA512
4aa66f1357468b0e13a1b7373223d56ed6ff7b83e03f6853a8f44966683a545bc42f55b7a3b45b345c8deca967180948e8e5cc78cda1e32c4cf1f6fea84caf5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a90659ad3508cd797f413ba943c16dd

SHA1
fc99977090db63547318ae3725df65341337b2f7

SHA256
1b69463c00d5f90d2285d8b864020b68272e51a123666e369d76e921d20010e8

SHA512
08290df79c8e93ee83ff0fc0a8823a1c166a1ab8c2c6f164476e7dd381ee10c95f1f2e0c52dd9eb95cfcb36691611965bf4279818e74adf2ff7e9f01f0120d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fda55d60b2070c8a0d1ccb365ce28f9a

SHA1
85d9e830bc74697caa74371d915f02046e2daa3b

SHA256
04d695feffefcae34f8fde9315a27c79b668cd3b5266448529ef2fa06e1e0006

SHA512
5b7c58dba137a5f7d93d375e30b5be236a5c58a1b458c39ad4a8ba2c165bba5be668a08781896ef46b62d723cf65b3a7add509538fccc640edee2f44f39a8243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cdf9deff610b8057944c510009f180d9

SHA1
1301f0947218adc92c287310cb06b246c1b696d6

SHA256
d5ec8f267d7c6cd846de0827bed04a4b7085117ac3f776a87bc1edbdbf58eced

SHA512
a85f13b3cd8c7d6b5c43d4f7c86b139f6a57caf98759564fbc86d029b1d80a2b3f22ce706f8b8d357f100d700c6c80756f3e7dc7cda4821877dc546db9c95320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
763781b5f312e64b6afbaee83a11ed32

SHA1
fef27cf113a03e976cfe023c9cd6730c0c48bb20

SHA256
00eb03ff523058f82b69e02edffbad0706c67e8ebee2dff91b7cc517ae4d484c

SHA512
d589308b8d3c2d6df51967c626d303f9e773f3c5c95b39b18d34a84707e6b7ba8486eab4ff1fdafac2f34dd36af8730d8fbb108336034a7b2bbc842869a5aab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4cd3bd33dd2deb2d0becc0d320743617

SHA1
31084b59c3c15a2de64793e1c61266c3bcaf2f95

SHA256
3d4e9d72c6bcc1d09b66eecb4eb38d277f99e58e1c183843e5348264a73f4156

SHA512
7f94e38316a9786a9ba1ac2310850466f9eb51c61a4305ecb9da0b9260b8d2589655e1af94d2995109047922ecfe8909959ed2b11bc4962348da6a4b78d2b921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73f28e694b559702b1f5277da87213d6

SHA1
9517b85557105cdaacd162d3171c7281083aa1ae

SHA256
0234946559550b3b22bd2e5e51f633fee4fb6906cfd0edafc24ad3a3b70040fc

SHA512
016324c39a6e55a0cc84fbe91d412ee307be82a5bc0f3f4d7f16a0454de8cb69c2fe5c650812569e60aa7c6a01e7433b8a28b2dd921362cf5b764c72332a0979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82a21530cbaae9605b0b068aa135f75a

SHA1
d3e556f7a1887c2a9f9d252735d08ebe6963ae58

SHA256
4c2a0b0289c9c3fb0206856b28c1fb20f13bdb722572fe36540094aded3d43b9

SHA512
2372a03a2f9faee14bef486ec2863c6fce11c3e40ebab1725b7d048500d3ec8e42a8707c496c7e76ddd577dd3903025df1297847a7f837a914de0c0fcde20826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4b80108f62c8624b8f51ba87afe4a64

SHA1
74c331884b028a4e4e0e343375dd98beb70bb8b3

SHA256
e632148ec11c491a5e3f1ac748c2fe107c14dfb5efdea28d264369fac5e07d4c

SHA512
ca5ec28e34ee646ab2f95812edf4a1aee8bb84c4df8e712a0262c0f1059cd8801b6f5295ddbb0d4da10f261e34ce57e5f9bacdbb20e377d075009a57a89b947a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1dee46755ea7945f922dcb312f5c1556

SHA1
26e20ab3f033fbee406195c8379bccc9fd0effd2

SHA256
fc6820a67b214f2cda4b4f24bcf0556710b31c0caba8e3c045ecaa4f23187ba8

SHA512
960d54c13827879b72e1e0e4d97d02a423f85cb4bc5cec61f4a7c1ae4daab74caa803a9fcc86fdddb78a921ae44d38dab295754be69880c78b4866961d3a43eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a53bcbaf7628415eb47afb2f6276d8fa

SHA1
9b9116a104123cb6a2b6110159640c4b991cc6a2

SHA256
c288138e5b6ddaebbcf349fead712ef1485928d659c1025c60131f345e2868c8

SHA512
9f2e61e703f389f3910e21a1873ffbbb5f62ee5a36b36a4ade9d45bb3f071a35a35be16087c0620f401f3b8fd13437c0a0c1aa52e779ebc6c5302701f795e002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c62eb51af1c37e5523c585c51da9fe9

SHA1
cc015fd6c26917745d44b7c642b218fd02a8ba59

SHA256
d7c02408aef61fffd335d43093e73dc432ef8487277f5d51170cbabf2a72e600

SHA512
b7a065a725e888a6580685f615fa57573c1989a88edca83face0a7d75768ad049dcfc7fe23c3e3de56c8b7d6591aa3d7b9067f6bfe3d7701383ee1838c44a8b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f82c601e342dc3a22462881dc3668fd3

SHA1
4f8a08f71aa9cf5e060990bbc5d5d38a1e428713

SHA256
717405092370f38c1d577d766f84be3b8beac19b7210bf8d5537fab6b42d01ee

SHA512
0c1b54f337fe08ea3cf4b8433d2fac3cc8e75ad3dd1a8043731ebf8a16282c0ec1c663fc49f1ec678a45ffc2c23829ef8ad290ab7c34500b04e59889a2237378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08a7ebda2ed33ce5a06d9759c520e4ee

SHA1
68314dbdb15e665f056ba462aee805e471c97a0b

SHA256
dbf5b8d15fbd0056d332c9dd16163119c7dae0f7c87883827c4cda5d6741882c

SHA512
e2e08846dafd7b8e9e343f641c1be3b2e9a75fad0c05b2dcc4264c8c55a645b415b25e165769655ff0d45449dd5aaf7a0045bdb4dc9728052297a730893f680d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b221dcdf401dea00b3785d13658f6d1b

SHA1
d488908d4ac572087a49b5aaf35e0af0452a1632

SHA256
9d1cb5fb90fcc1fed4921086cc835ae68eb025d32bd43154b2f307c19f0a529c

SHA512
3a88fd2332bfadd2a71f4505bec856f847e49b80fac5bdf03b3a7b9576b5c689cb24898960d7d4487b11fc0627d9b6584e9990a654ad0743e75a32aeb9164c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6ab5f1d2a2c7b151bacb6ea3976f2da

SHA1
8da2fc9402eadcceb1d35e64908e1056ad3f3d03

SHA256
011b232d56769a52a1581f5f8abb4bb3ee73ec06a5e80b7185e4fab1ea77e724

SHA512
f580d22aaff7802e6d3221f065fdcfef717ad50f948ed95e352ac4c08d1a94d77aef8af98acf78ac37b9a24657b1fa64ee4037e6e0eba6ff9b96b58bcdd52ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6cac88fcd927615ddc9238372bb03af2

SHA1
6851118b5aa5fa019d54fe723cadbad9a2b85b8f

SHA256
63cba4e4dd0da34e8518122645f834ecee771143314089b0f75477e3c729906c

SHA512
746a2bdf0174affd532c622739e1d1b98870320db7a347fe5da18b7d1ad948785309d3fdf1b8800809b084ebdd583abebf94bc712db385fba1693dd74557382f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
1231a8a2207fa2b73cd3cc5bd150dd97

SHA1
0d290571399691fe518f1c023ec3a9ba80af64ce

SHA256
012ea1e8af298a2879ad7c42b016a482e0f2ecd9c1f99ecaadaa66696312af12

SHA512
add1f26e67cc1196968a4850e0582116983fc0266f8468a5298d14491bc3f973a0bb890eb0f76a68fd48813bf11b521ab8fa02228743b85f2ffc18b4497dcf60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
767669ecbeb125aef47695f64c223493

SHA1
5913527e2d5b8a233757a55450a915a6d09c7e2f

SHA256
6beaffe2007d1494b42924bf0ad3eadf214f934dec16280f4e4936d518098019

SHA512
c7bb5830731c5d3905d1c76016a4cbc4ff40d2c687bd7b6267b19c3ab1c35d437affabe742c41272a729447a49064bbb853ad5570f2eb70bb24fe7599fe3317e

Download Submit