hxxps://guiding-cheetah-vast[.]ngrok-free[.]app

Analysis

max time kernel
111s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://guiding-cheetah-vast.ngrok-free.app

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
50	discord.com
49	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
39	api.ipify.org
41	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676113582342189"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{06A9CFF2-B03D-4768-B7BD-2EB2FB52E4EF}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1028	chrome.exe
1028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe
Token: SeShutdownPrivilege	1028	chrome.exe
Token: SeCreatePagefilePrivilege	1028	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe
1028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 904	1028	chrome.exe	83
PID 1028 wrote to memory of 904	1028	chrome.exe	83
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 3968	1028	chrome.exe	84
PID 1028 wrote to memory of 2724	1028	chrome.exe	85
PID 1028 wrote to memory of 2724	1028	chrome.exe	85
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86
PID 1028 wrote to memory of 4668	1028	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://guiding-cheetah-vast.ngrok-free.app
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff87df5cc40,0x7ff87df5cc4c,0x7ff87df5cc58
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,17636622034158449344,2375300485722633925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,17636622034158449344,2375300485722633925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,17636622034158449344,2375300485722633925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,17636622034158449344,2375300485722633925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,17636622034158449344,2375300485722633925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4512,i,17636622034158449344,2375300485722633925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4656,i,17636622034158449344,2375300485722633925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,17636622034158449344,2375300485722633925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4972,i,17636622034158449344,2375300485722633925,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:3932

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
3f428f3a3d32a42a799e41bdeb5a7be9

SHA1
d9301ca2b30f345c6e3951d5c6fd20373e17ebd2

SHA256
7961ed0c10fe68cb58873bd2456b593c6f28aac8222b72830a4681fb34ba21c8

SHA512
ffdd3c7d883a217836ebb67ecfcb3ada8a935d78750700de47f4ef46e3b2372e2d1fbe481350fe635fab44de52cfcba1855b203a1f27dde4e0a782f6759bfa5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
be48f281e1a1d9925a059b8c1b181cdd

SHA1
1777e543967bf72a2b3dfa443ce01c2989b574f0

SHA256
ec0401216cdd24756bf21eeeb061c0c6bfb1f526cfc30bb220ac482b2dd69056

SHA512
d9107d0f263d7b31549ad093ed81b25eea1cf6f150755653847282dbb899442b4fc6ab25c7b8632cdf0335be5cd2799538b1d8118a4a9a3d92eed1987d9137e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
21448c77a3f686537dc2af133e9ab459

SHA1
d93dfaac745e8b7871249a3802ea094d7582973e

SHA256
d50a150a43b2ae10c9e3ff4103eb415a5cf2ff605e2091a50ada109d0fea6cd4

SHA512
41275f0293dd874f7a8e63a43059a9ecc8be1402bf8542455b9e3a0038599f4b697ef5f42dc0aba67f881742d965db97bbc38191626c5ee69e46baf705a5f015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
c3b4c66a78fb64a8c83c00ad519dc7eb

SHA1
9e1a36e6d5633bad2a010d4c67c15e83b6d9a18f

SHA256
55a2fd67d19572ae63460ad09363a1dafe2ecad1c5404e31482922c3034c4268

SHA512
0b27ad7f6e53eef9dd492d8e901026d1f1bce5d87f63c62233a874013a5fd8f1323d1142b1b5c6a8b97112311232b06ad1c705cef8d4bbfaf66b691eb66b6034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2b1ed6c46f5c107f01a9dae602d18949

SHA1
675c116f2fd9daca5056ed7b399818029b9d6393

SHA256
1c4fbd239060a41908e84058efcac0d9840ada2c0895ad9a4e9a6de6378a0127

SHA512
dcb6059945daff62bd7b0379f9f9bcb8d72762c3fee126d79a603076235779aec137af5cd2d50e2050531b5692158f351108ebf7be473c24cff6b5b4d837a4b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c9cf316a3b7b37915aa7ce69faa3db67

SHA1
2f50bdb4639b5600a4d53f04ca4a842f96287f3d

SHA256
2510610eaedd4a0e057455a5316174ff937c4a7fdf69070465c9f5b6b84f312a

SHA512
bf7d05dada74c9060b5cedc2600741c56b89082306e177f227d49bf948a142eee8f0d4c62200fd821de8f8312864abc9727e7d0530214cc4f580ac9b8e0711c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ee393754945b175fca1f542ba88cdfa6

SHA1
b5ab5e189b40b8789d518022585635d59eb98506

SHA256
ededa271231305fe39ca4c9edbb8e1846c454cf968180eccb1194aaf4d228036

SHA512
d61f1a1c8ce5f0d3b428da99de413d1447ccca82d5dcbd87ac74e5037e646b1fea7c8e4dffae8877f1d4c50b616555e43e599409a44f55421388b809dd62e4f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0da9b6f934802922d4ba25788b824994

SHA1
96fe5f70ab324883b62a220c4ed23e2970b2998a

SHA256
1438a538adc5184011eceede0fa22e1ea132a725aa15e0147bee21aaaa234491

SHA512
051d56e007709d8c520c13c4fcd618441f65c39b3fa11d79c5d7ac42a1a971c0a886a8569852ddfb4e0acde8ba1dd2f4ab1cb2e5d8ae83447cab27228ef12ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
18d09b915e65834cee12507898d7f05e

SHA1
7a0347689b1d1d55b5a103a645f938977c95aab6

SHA256
f0f9837975d3718f94d2fcadc14a4d0e7f7e6abc1d11f550714ab345d2b8e6bc

SHA512
b181d3eb4edcc0c0ff04a02c59eef5c4627b52d4389c7b519aff2d1c441159b56e66c2f74ecbf57439571d028d78134c0af27b4346653d9a49391b3a405c912d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a64a5b67338147a0c88848e4febb3e1f

SHA1
d867ada42a1c6bca6eafbe227f8e78cd915eee69

SHA256
a411f5c1e3a3e367e5297236f5ea03cae2e058ea207b7853c481e1c38e41ac8a

SHA512
a4ec3f6efabcee806b927d4a14ea354e4af3ac09d81e0b3d47b059dbed9a3f53071d7e86fe361065dd5a7d07b25aeb7f3d0f2fe54cb53f1085ef2d98e56074f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit