1d49d456b2dad25cfd3a85943992bb0a20ed39ef9a4430a6de5a0fe094ca9a49

Analysis

max time kernel
124s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sildur's Vibrant Shaders v1.52 Lite.zip
Size

139KB
MD5

ceba4ca74a1e49636cfe96417cadf790
SHA1

826348183861fa0b1ec9476ce9f131bd2ffaacdb
SHA256

1d49d456b2dad25cfd3a85943992bb0a20ed39ef9a4430a6de5a0fe094ca9a49
SHA512

81c4c4adb7377a62bbc3d292a4c9b661efdfd019c3f82d13eae6e318352d481f8130b369b60afcc21bd851a842abb5d8586c4897a0fef0b215af2b5e867ea3ae
SSDEEP

3072:dX49um9zr8R21C2dtHiENQfNZQZ213RQw0TC91:dXA9l8IC2bilMWyw0u

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673177180327269"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
644	chrome.exe
644	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: 33	4700	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4700	AUDIODG.EXE
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 840	644	chrome.exe	94
PID 644 wrote to memory of 840	644	chrome.exe	94
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 808	644	chrome.exe	95
PID 644 wrote to memory of 1760	644	chrome.exe	96
PID 644 wrote to memory of 1760	644	chrome.exe	96
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97
PID 644 wrote to memory of 2968	644	chrome.exe	97

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Sildur's Vibrant Shaders v1.52 Lite.zip"
1⤵
PID:4088

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9bc84cc40,0x7ff9bc84cc4c,0x7ff9bc84cc58
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,15955508800524121144,12218174943173160793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2216,i,15955508800524121144,12218174943173160793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,15955508800524121144,12218174943173160793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,15955508800524121144,12218174943173160793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,15955508800524121144,12218174943173160793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3748,i,15955508800524121144,12218174943173160793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4596,i,15955508800524121144,12218174943173160793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,15955508800524121144,12218174943173160793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4760,i,15955508800524121144,12218174943173160793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3536,i,15955508800524121144,12218174943173160793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:8
  2⤵
  PID:3980

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:720

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b0 0x398
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
89f10307a4e87f78ad0b6081cd8e23f6

SHA1
a26e92f89231b60cbd742d0a259d63eebe2388d0

SHA256
dcf169dc4a6449c4cc490dbdb448505ec91dd219619f32496100649c259388b9

SHA512
5845e6b34d0effafa10ba9c5eded904c13af64128ce3a152a3c2cad9c6fa38b7358916a0948eb6288c9c9ead23bd5195e16c77c49971fb53d6ceabc1e276f0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
90fa42e4c09aebbfc97070ff176aaf50

SHA1
7f949387915cc8e273cad6c7f2bfb1a650b61c84

SHA256
d866d43320cd7a3b9327cf5509e5986abc7a865e9423e90c2d30d4113e19e8dd

SHA512
20eef02c4a5318d71dc31671fc7979ea4dd26fd3bc64487b9c39b72ac7bf266336d9fe8be8ed2393e0205c8835f20a1a5036dbae4cfe17d123f605c88814fb65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
23004e293c9ce5a572a5b0d902a0fc27

SHA1
8f2d1db6646320cdb080480d9673f90d988a5747

SHA256
8b17c0affe5469ad3d312e5ef1efde66b73247bf7df19d32b510bb2cb6152042

SHA512
03a4b4b5e3400202c948b51d81e9eebbdc888f16438b81c955c6ad11790dd54c75d0cd713aee41696d6d412f31a312e8b045706189ff3a96986cd46c07d46455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4f668d01b230fff157ab2663b09baebd

SHA1
2b9ecbf124c7cef1466a5c75c24097aa37478487

SHA256
816f74096871a7fe4b125cc7ee8603e33baa153ec7fb547d9248a69deaa02522

SHA512
5a66e0a1391aaf9783aad4d922da34537ea791946c36e69a4d443bfe11132e1e32a5df479e75cb7709ee1f2a9b6bbe5cdea74e18a9d7bdd21381d5b34a9823b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
43047830b0fd5c81b963741790535dec

SHA1
4418933f6feb1843ebee9042127ff84d79925899

SHA256
a03044922d330e0612199c66e322323b0cae4d4f0e79ea70d8e35565e211ad5a

SHA512
34341bbf1f8a68f52d3c756df90bc4628ca6dd2ceec301ce91a0ef20d54b34e90401bffcb89550b80abefc6b0c03604348dc75e1284212f3c5486eb20e706bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1b415b5633c9a3a11fda80f205f01e4

SHA1
a8d8f5ea39c11c0807a35902870ee3b64ea96938

SHA256
32dbc8cd6cfadbfc8b3369c9bb6577c2afbaff99fe8a90280956a414e1c83579

SHA512
07262740733b87d0d19725ea60c5da528330cf7f2f901410c61264d6488b4916fda7b467b2dce876fadd6f7b782f80de9b80902ecfb39548a4e808dd5afe03a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
57979a372b5f6a8c7cee3d675e8f62e5

SHA1
c5ed6231a92babdac57d876b92c0f221a96dad73

SHA256
f64376d761f1a625f8788375b656d6787c67ca3cd4fdedf3168c27c4f12a2f1f

SHA512
e0ed2e43119f83694641a9d8fb0f46479a283ed81325057ecb8dd64117432df69d9268fa75fed10ab7a5b389b2bfb989e8e182f0e6e38e7d9f139a5d4a196960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ebc6e09614253f091d61e36509064aa

SHA1
48d0129cdc08ee9c23c75f3c255ece9f9b37dcc2

SHA256
8100d7c7f57218696547019031e24f3ee20aff08e7dd6822d234c5d2f924f7ec

SHA512
87d23b1874ffc1ccf44d34b6f8163583d74204ad7e02a0121b3eb49eb12767e1579e6ce63750c096aa1c7ef139ab0d64b299cd245a29de9929345b9eb47d8268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
7e50bf61ca94d28c75d14879d3aebca6

SHA1
886ff0dd3351b1d8f50694c3c8e5fe46ad673968

SHA256
ae37a0ffe5d9e89ffce2d066a9c706b20f4b982a642e82eb140dd4bfa83b7e3e

SHA512
546efd75121c43e626c00426d5afdf3a13a379e05796e4d576afcbcc8b862daf9ff92679b3e942a1d723a1bcef4557f4719a7642b78897eea8ce18d55d716e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
f1a3ec1ccc0f44271c3d67860cd95c77

SHA1
fb7edc69daa95eb2fbfa045521a01342f3df3cdf

SHA256
9a16bcd022543bb3bc15968dcbd8a32213ae0eb7bd703369ef838b5062d841e6

SHA512
fd623b4cb27c1adb74895984d6dfa8716116b3e00ee9c329759ae5dd829e3b760fc704294a6737381b41c89873a30e45fff683e2b38ef019b62c93ab8a181a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
c650526151b6b15b396bd22f21648bcd

SHA1
5c9d74fc1bc42b6389a4d0345e13c54882394395

SHA256
75cf8f2bbd37ff2e7d69945c816d54e33ce3d57893ec0bfba8677a90f2281a73

SHA512
60e82c220d2feff7411216b6ef411eaf2569fa4cbf35ac5240b1c461c3a34121c4ed7e337f78b71d653a4a8fd84b640caf972f57f68ebd69d0eccce870b68737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
07ed7b37ed71c116bcf914399e6f9c12

SHA1
e06c7473574edf5b3f5d306123809e07d8b80133

SHA256
d5c9eceeeea7b6358ca4314e54ea21ac3bac9bb7f1c00ece824d1b3a7143cdef

SHA512
a69855043c3f0f5288185b8cd86a7abfcd4874ee9478822cdd7e001a0a47c8a6a48f5bfbac00a2e8171d3cbb722f44c45332fd452c81d65e9e61fe070a767fb6

Download Submit