Analysis Overview
SHA256
900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf
Threat Level: Known bad
The file Venom.exe was found to be: Known bad.
Malicious Activity Summary
Quasar RAT
Quasar payload
Quasar family
Executes dropped EXE
Enumerates physical storage devices
Browser Information Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Scheduled Task/Job: Scheduled Task
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-03 04:55
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-03 04:55
Reported
2024-08-03 04:58
Platform
win7-20240704-en
Max time kernel
132s
Max time network
146s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Venom.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Venom.exe
"C:\Users\Admin\AppData\Local\Temp\Venom.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp |
Files
memory/2612-0-0x000007FEF5663000-0x000007FEF5664000-memory.dmp
memory/2612-1-0x0000000000AE0000-0x0000000000E04000-memory.dmp
memory/2612-2-0x000007FEF5660000-0x000007FEF604C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
| MD5 | 1348632fc2ede08cab5db1cb174ff0d3 |
| SHA1 | 2a1966291aa0e7aee1b039a1a75fa4879489a2be |
| SHA256 | 900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf |
| SHA512 | 52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb |
memory/2612-8-0x000007FEF5660000-0x000007FEF604C000-memory.dmp
memory/2892-9-0x000007FEF5660000-0x000007FEF604C000-memory.dmp
memory/2892-10-0x00000000010D0000-0x00000000013F4000-memory.dmp
memory/2892-11-0x000007FEF5660000-0x000007FEF604C000-memory.dmp
memory/2892-12-0x000007FEF5660000-0x000007FEF604C000-memory.dmp
memory/2892-13-0x000007FEF5660000-0x000007FEF604C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-03 04:55
Reported
2024-08-03 04:58
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Venom.exe
"C:\Users\Admin\AppData\Local\Temp\Venom.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "venom" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffba107cc40,0x7ffba107cc4c,0x7ffba107cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,4994021697980558851,15064107561627459596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1800 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,4994021697980558851,15064107561627459596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,4994021697980558851,15064107561627459596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2292 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,4994021697980558851,15064107561627459596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,4994021697980558851,15064107561627459596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,4994021697980558851,15064107561627459596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3720 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,4994021697980558851,15064107561627459596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,4994021697980558851,15064107561627459596,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 192.168.0.246:4782 | tcp | |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 192.168.0.246:4782 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.27.105:443 | www.google.com | tcp |
| NL | 142.250.27.105:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 94.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.250.102.100:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.102.100:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 100.102.250.142.in-addr.arpa | udp |
| N/A | 192.168.0.246:4782 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 192.168.0.246:4782 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| N/A | 192.168.0.246:4782 | tcp | |
| N/A | 192.168.0.246:4782 | tcp | |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
Files
memory/3748-0-0x00007FFBA6903000-0x00007FFBA6905000-memory.dmp
memory/3748-1-0x00000000008E0000-0x0000000000C04000-memory.dmp
memory/3748-2-0x00007FFBA6900000-0x00007FFBA73C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
| MD5 | 1348632fc2ede08cab5db1cb174ff0d3 |
| SHA1 | 2a1966291aa0e7aee1b039a1a75fa4879489a2be |
| SHA256 | 900cb76890979aa50347b7b929ef1babd7c677966f642aa4d74cf973136a48bf |
| SHA512 | 52f68303d71f1293b02784539ef3250a95cf9ef4cb868e26e381a86667ab4f5cfc5a36d462ff746dc021bc0420cf8f0b31b050ec4142fb1be4b8f626fae39edb |
memory/3748-9-0x00007FFBA6900000-0x00007FFBA73C1000-memory.dmp
memory/3048-10-0x00007FFBA6900000-0x00007FFBA73C1000-memory.dmp
memory/3048-11-0x00007FFBA6900000-0x00007FFBA73C1000-memory.dmp
memory/3048-12-0x000000001C8F0000-0x000000001C940000-memory.dmp
memory/3048-13-0x000000001CA00000-0x000000001CAB2000-memory.dmp
memory/3048-14-0x00007FFBA6900000-0x00007FFBA73C1000-memory.dmp
\??\pipe\crashpad_5080_RQZYLEKVIRZYCTER
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aca981c8c96c91108748e3be6572bc2e |
| SHA1 | bf4655c4d280a8737257a329458781ed5dc19f80 |
| SHA256 | 42a52848eeaa8564665993aeeedb3b7f7b2138e26a66e8c1bda37e93cde796b6 |
| SHA512 | 29d54089556786885acbd8df56c4f0d48b901b3e45f235821f4c7ed7b1cf09fe28c90bed64a2d5d7cbf0c9c6d51ff9c5abf3360c55402203ffae760c33d79784 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bf505bfd-d264-4e17-a4e4-64e918c554d2.tmp
| MD5 | bdc4110bd0ff516287a22bd3d743fdc8 |
| SHA1 | 0cc7ac1fbc5413a85b13308c5526c628599c1002 |
| SHA256 | 658773582bd561094eba2e82d7bcdf60b028203111acaa1e721760c8755abea1 |
| SHA512 | 0d221efc25752d8b6cc4d5e5566dfac782e2371d615dce05bfbd571d6e16e981bd4aaed5785f429ac52c50fd110fc249c83f1311de73602a7ba3490e69f7e5d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b6ef3e7d7c7d16d4db7bc18cc927354a |
| SHA1 | fc96237ad9aa9bcb583a8537aabc30b7594999b3 |
| SHA256 | 35fd729dc8ad3ffc2b5f045a20cdf7deb7120d6faca0ad0b384d7fa08c4ef9f8 |
| SHA512 | 8efe6e5d6cf5653838f13b5d4684521eec236d9e1f58437f3ba52d321309bddab1e0d1361757367c001b68686a8e715bc5155d018e148a5141cf654440ba8834 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | df7896ec17bd995b4c34e950a20d78a0 |
| SHA1 | 1deee02f7328a67287848a2c548e2c19f7eb50c9 |
| SHA256 | 67ad93d8a5c50dcbe32baceb245b0815499a59f9b27104fc90aa721ce748bc4c |
| SHA512 | 3b384964695d007d420637bde3fd82daac4b885d3cfd71f800c23847114a54563b089e6c7cc5bfff4edf5a7feefae56fe2d6d9d2b3a591ea370ac7e8a8335757 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b28b69782c5d10b45b63781d94664615 |
| SHA1 | b6b2cd8198b92712016b7832192cd190f3d7990a |
| SHA256 | 1672bc0c7c9485db9f697f27ce086a6b3ca46712a6df2f7af4df9110f4dc9371 |
| SHA512 | 120f566c3a7f55df896536f464e673a8fa27189dc1ee017cbb0e079dc0bd80243458d84b2b718a7a7d6916d38da2b51b6a1662c90b502888fc434cca6eca375e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d4060913d14b177ea3db447bdfcfbdd4 |
| SHA1 | c13a56e97b9858b3616a96dd20b3f22050e4f3b8 |
| SHA256 | 4bc0cf59815462b3d124b694c4ca507a57b4a32f27903c47cbddf367920703c4 |
| SHA512 | d6a438feb77daa14ba14841f5bfe909062651f270188aeac8cb4f2e2b03b87f288a7726a3a73480d909329fde72e446222467f0628452042959f4cb91404c34d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8c045799dbf00ec06f7641ffdf18751e |
| SHA1 | e16c71960edb268047fe68644c4dd5c6cae383df |
| SHA256 | 6a37f2fd39c56ab7fbccf09393e56334e2b7cdd9918469575114c533d0dc1aff |
| SHA512 | d97cd4fbb18e0113661f9d1fbca11fa1a08511102caa958ab0bc055a780966c8ab37197eb046bdd33fe52af3e184fc105f2a83cf4b3695e3529bca9e5e717642 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 84961fd03f20e49521ecd74b9ba0445a |
| SHA1 | e95458f94f7e1a9d5e354f8095c184f9a8b69d8a |
| SHA256 | bf2a22cb9ac570057205187d9d02735335f3a721857a1835288eee3dd3f8531f |
| SHA512 | 5178e5332f287da1c01400383afef0b23363c4c8213e3ffde2ca3b43a80b278d455885a353ae9d789aadfcc6283e30d39274011b82b397d9a6830749e95dfee2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 00a2950f0bb1c86b6eea354426175b95 |
| SHA1 | e75316d5afe036f339a82d8e235b31cffd3c85f7 |
| SHA256 | 22261728ad0c492160414142e3d93640aac0b4b88bd0aadd06cee7859ae63394 |
| SHA512 | 06528a6782d639a633c946ebd67774f7f765fb0c70f0bce11adfdd5fb59c4df9c08cffa60e8e59cc085f4145f69ba7c15acdb78ddb6e9ca29e3189adc2fdffab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 103e1db461c7cb045fbbfa1aaf67fde7 |
| SHA1 | 2d30625190326b5316c1f93d6934e0d922d731d0 |
| SHA256 | 49a15f05921f162334682e95b2ff83f2b2b837ca1917414316ec87d68c3c608b |
| SHA512 | 34b3a86fc5718b7a2d9bcccaa2420a5a117554a35ce9e6766913b2145e642c5181b2443bd01df872a84d7ab28ac356622c649ca59cc777bfe49bcde153aa83de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f1bd9d30a7895decdd186af9de1cf774 |
| SHA1 | 4c4117974aac527fbea555d1e175591127a87406 |
| SHA256 | 2d7a3050688f0fb427a00d5c12d16dfcf1cdc22c400c67785887fdb9ab1fbaf5 |
| SHA512 | 9d71194a46fc60e5e43b860774c04f7f22f396e8dd224e2c32f0886f96b6676753e16359bbea6acaec44c32d77914ff27204086ffb31e336ee3dc3ddc033455c |