Analysis Overview
SHA256
8b29c9349e7a814e30cce1cfb788f5a21740c798268b0a45ab805195faad9105
Threat Level: Shows suspicious behavior
The file Optimizer-16.6.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Browser Information Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-06 10:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-06 10:07
Reported
2024-08-06 10:10
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
146s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674125250732171" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Optimizer-16.6.exe
"C:\Users\Admin\AppData\Local\Temp\Optimizer-16.6.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0x11c,0x120,0xf4,0x124,0x7ffd9c25cc40,0x7ffd9c25cc4c,0x7ffd9c25cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,14396388564353092006,2846504382585404801,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2204,i,14396388564353092006,2846504382585404801,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2404 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,14396388564353092006,2846504382585404801,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2520 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,14396388564353092006,2846504382585404801,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,14396388564353092006,2846504382585404801,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,14396388564353092006,2846504382585404801,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3832 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4404,i,14396388564353092006,2846504382585404801,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4060,i,14396388564353092006,2846504382585404801,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,14396388564353092006,2846504382585404801,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4940 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.23.206:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 172.217.23.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 209.85.201.94:443 | beacons2.gvt2.com | tcp |
| US | 209.85.201.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.201.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
Files
memory/4080-1-0x00000286A96C0000-0x00000286A993A000-memory.dmp
memory/4080-0-0x00007FFDA21B3000-0x00007FFDA21B5000-memory.dmp
memory/4080-2-0x00000286A9D20000-0x00000286A9DD2000-memory.dmp
memory/4080-23-0x00000286C3FB0000-0x00000286C4026000-memory.dmp
memory/4080-24-0x00000286AB670000-0x00000286AB692000-memory.dmp
memory/4080-25-0x00007FFDA21B0000-0x00007FFDA2C71000-memory.dmp
memory/4080-27-0x00000286AB6A0000-0x00000286AB6BE000-memory.dmp
memory/4080-28-0x00007FFDA21B0000-0x00007FFDA2C71000-memory.dmp
memory/4080-29-0x00007FFDA21B0000-0x00007FFDA2C71000-memory.dmp
memory/4080-30-0x00007FFDA21B0000-0x00007FFDA2C71000-memory.dmp
memory/4080-31-0x00007FFDA21B3000-0x00007FFDA21B5000-memory.dmp
memory/4080-32-0x00007FFDA21B0000-0x00007FFDA2C71000-memory.dmp
memory/4080-33-0x00007FFDA21B0000-0x00007FFDA2C71000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ibyb4tns.nlf.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4080-45-0x00000286C7E80000-0x00000286C7E96000-memory.dmp
memory/4080-46-0x00000286C7EA0000-0x00000286C7EAA000-memory.dmp
memory/4080-47-0x00000286C7F10000-0x00000286C7F36000-memory.dmp
C:\ProgramData\Optimizer\Optimizer.log
| MD5 | 8538d086bb188029c1701affebc344c4 |
| SHA1 | b7c77b5b556f3904d7833a4f73d903364ec7ceeb |
| SHA256 | 77a85ad3f359a8ed4c2febfad7b1e7e343bc0d88b946b42d4809bd83d9f42385 |
| SHA512 | b7d3e8c50d7b3e91342f188bbfc3596d05e1b075dff6b50d79d8f81f4669ba6125c109d481010728afc4a4e7c65309e37b4d95f23b631dd3315fdd0aab043295 |
memory/4080-63-0x00000286C5700000-0x00000286C5712000-memory.dmp
memory/4080-64-0x00007FFDA21B0000-0x00007FFDA2C71000-memory.dmp
memory/4080-66-0x00007FFDA21B0000-0x00007FFDA2C71000-memory.dmp
memory/4080-67-0x00007FFDA21B0000-0x00007FFDA2C71000-memory.dmp
memory/4756-68-0x000001F8A02D0000-0x000001F8A02D1000-memory.dmp
memory/4756-70-0x000001F8A02D0000-0x000001F8A02D1000-memory.dmp
memory/4756-69-0x000001F8A02D0000-0x000001F8A02D1000-memory.dmp
memory/4756-80-0x000001F8A02D0000-0x000001F8A02D1000-memory.dmp
memory/4756-79-0x000001F8A02D0000-0x000001F8A02D1000-memory.dmp
memory/4756-78-0x000001F8A02D0000-0x000001F8A02D1000-memory.dmp
memory/4756-77-0x000001F8A02D0000-0x000001F8A02D1000-memory.dmp
memory/4756-76-0x000001F8A02D0000-0x000001F8A02D1000-memory.dmp
memory/4756-75-0x000001F8A02D0000-0x000001F8A02D1000-memory.dmp
memory/4756-74-0x000001F8A02D0000-0x000001F8A02D1000-memory.dmp
\??\pipe\crashpad_1112_XPGOMYTMUSMVECNB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0ce27ff5b34fe2b73875b1c58073e70c |
| SHA1 | 751ef15cc80a4f48bee97fa5b073e9c330e48bc3 |
| SHA256 | 19b56c265d607039ef5fd72a8c70291223a12600b8f9e4663b6d05533cf6237e |
| SHA512 | 10027998d28707c65d9fa14e21464dcf45c738e8af67f58b70d2d33cc889d822d6f00cc54206f016b9bbcd025e207396bd6b8848919509c2fc90a707bc72214a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a75cff11cd92831e2755967f6997720c |
| SHA1 | 682c783c59e0a84fe6b3c1cb11c0da1f9438d6f5 |
| SHA256 | 1290efdf59c5a7cff474649bd87a1ebdb07b35feb60f8a58a1a3efb02bc20810 |
| SHA512 | 0e8908e28bb91e75fa7c790d0f138594d3ac50cd6e9592ed7a59b1f2e32bcb1a9db3881ac9fbdf61d9d3e9773eeed5c9d35730617861378b6c9ecbd510cf4f61 |
memory/4080-147-0x00007FFDA21B0000-0x00007FFDA2C71000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ebb5cef1b9f8ed4ee52691f37aec0def |
| SHA1 | a335ae4a8b0ebf2ad7c14a92722a9a06641cbf73 |
| SHA256 | 197a31c3940af509de0bd486e19318f8051c207a5df38f412d2af23b03259d5e |
| SHA512 | 0e1e67141025157ce14c451353dd8f45ad31721b531516a926d5405def30ed0abc047b006b9b25e065b6996aff35186d9d0eb8d733e89debf68dc1a1cd894c7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4b2ff41e-e6f4-41be-b5d5-ce2f099928e5.tmp
| MD5 | 2f57490f5e1e7c478ad775e2b4cb92bb |
| SHA1 | cd4e90c4b4f3612fa177be41d179d9428008bbca |
| SHA256 | 19135760fd2f489ee9b53735a87adf2e2fdfffff81db03870998fb18c9bda28c |
| SHA512 | a4894dbb926b2156cd0ec1c335b3033d11e46eb53c8cf7597696c06dd024ea513164d21bb938e2c7ee0ea2c5ab1f8162e26735a26baa2b3325832d24ead3c905 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd22ee914ab06a4133210770322130b4 |
| SHA1 | 8cd1600394a41abd867d52b2575a37d8e98b1c44 |
| SHA256 | 5b99234bb656deacb748f210b713e10686bfb227319b191c3a0f56a012a59106 |
| SHA512 | 2f8b05f2bc227eb8ce161a40e460358c8ae0dd7ee5d834132debba2ca9566638cd84e843b251a17281449a9b484a5f135621f7358cfa911ca317f12ce985da5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 248e381b54dbe524c28e72b6a6ea0a91 |
| SHA1 | 6b3de1dd4201adc69a327716eee8f855c1bf8a16 |
| SHA256 | d6d0c147b56ad181b3b30c88db56e34433b1ee14334335ad9ca0413fc02a5052 |
| SHA512 | 24f65d016663b2a14d8a57430ad7b85800964ea259e36acf145977a6d0b239091a74fdf2faa490f8a4bfe24f98e9db18bb5e9fe8cee50ebc8be1f3338d86b79a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 112675b4f598c3211bb15a0251ab6844 |
| SHA1 | e627c7b802fe2793e3a6781919faa1e555a86b1d |
| SHA256 | 09b90ce1d3787e974b18bb16ce7ef3515e1c1011e16aeebacd144c6bde6546d8 |
| SHA512 | 971b647264fc2a13972a5d3c02ee2474f1c3a78a7eee110b7c2b4ed39dbb9c57b8b9eecdd65a80a87681507930b48674bbfe92b93e00595428e0d0f770672b93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 72cb246455d7192ff57f92c3f0546ed9 |
| SHA1 | 3266e6275628c22bd72250d0de7160baab4007ed |
| SHA256 | a3edbd7ab317eb040e17528c41b1af78d381d021eea60dd720589284d8b14323 |
| SHA512 | 5b2a805e3be4e0b715092147718650ab111ce75d46772d2339e5467604c2319469b951b899d0ad0387e51bdba06bf62112b351124b9915951b8567466e2f9e58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 11fa50313dc0ac750059dfea4ffe06d3 |
| SHA1 | 04ffb70b977fd32449db527e9b8b9e20c9667167 |
| SHA256 | a2deb0b7212261a2301d2925982c911989e0fb2a25fc5de0880306f18fa0ac1f |
| SHA512 | b21816bf31ba58974e176a2eaef5cc0a1991670977d71dbaaab63012e3e40e8a69fcc794d27c7a957df69163432757626bc6436aa71243f4348b15aa6df9c9df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fb8b168ae4e5729c233d12fe13c53e5a |
| SHA1 | fe2f520e50baa0808e7b87aa78b110c714acb6c3 |
| SHA256 | 24ba30539659d3c2584a206d427ce51b96ba8e0de512a36e6efc159ffd729885 |
| SHA512 | c5c5a15e638b0a31fc6f1989a5e264135cc0b471e78689e5f3793ae446e870a5a9c9a9551dec1ddb6b89bd2287ade8ccaa3ac367bbc584e453f90bfb61eb1d27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c1984eef86e6547aeb4c59657d182543 |
| SHA1 | 2025ada5a78eb2fb4779459c8c3cb12693641a4a |
| SHA256 | 95c300dbf1c404241bc2abd6328488dc7d4e994d5c54d9eac72ee1e8aeeedbc1 |
| SHA512 | 10451b1679a435f0acc73f9aaca471a8385ad56887ba73c19580e8044807bc3c0e2d8a61e84377568b1d38c5d6fdd8c4e428a24655a798b10d9bb66c69e8cd19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 29937780a8e89839e9e714cbb3a76299 |
| SHA1 | a1271351534e77134a8689a92a02761a5b1b0c90 |
| SHA256 | fae9697f5d2f3e1fbfd48b280614cca1e0dd46eda632e0a916990c762fcf2707 |
| SHA512 | a3939a4ee273759b79c46a2d49333b9790a435954b4b5f25e2cd6dc756b3bd0fb6c70a6d58a36913aa9d9c3e678bf52d7663c9820e4f5707c666195d449af224 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c1b751f5f19c2045b6194831ce19a31 |
| SHA1 | 27b965bbc4070c86a69060c9454d68cf5993827b |
| SHA256 | 27ce6a35e324e6b8a748e179699cb694b1e518d70eb6f02242d60a2a0b43b41a |
| SHA512 | a4f6a26b419b4cde9b8215efc0bedf71073ad5ec6321f8c5e7fcb57837152cf04afffaf3acd747589af9f4fd1e25cc7d403ff53a41778e447b75b2c86f20e10c |