56f4cb592f497bf2e259e31eba53719910bea7f34e49df9939a4ab474fd0d2e9

Resubmissions

17/08/2024, 20:57

240817-zrtspayhql 7

Analysis

max time kernel
39s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 20:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

vax/scammer.exe
Size

11.0MB
MD5

d395aef1389ea5a0b621a159803b43a7
SHA1

8564f7619a2101949aad90f368df2f0ef14c16e2
SHA256

2546d9f28d9c1d28056dd8f99a953e7e6e2aa016007d00dc59c3d3f9f31ca695
SHA512

effa11e8cf10379c24295f0fd38486851f7e3cf5dc3b9b357c0811abf3259e0c968351a3270ae1df5562d8a73c1cddd6f61f4c9e7aa90bbe7fad7f2164136208
SSDEEP

196608:2vdhw2Q3zNTjVD7b4TyVTjQve/Q2AivMqne2COhve3R2NMDaugcmsFHSQ5d:2yzNTV7bpTjQvWQ2AivMqe2COg2ODsNi

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684019103004253"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 808	3580	chrome.exe	95
PID 3580 wrote to memory of 808	3580	chrome.exe	95
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 952	3580	chrome.exe	96
PID 3580 wrote to memory of 1316	3580	chrome.exe	97
PID 3580 wrote to memory of 1316	3580	chrome.exe	97
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98
PID 3580 wrote to memory of 4748	3580	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\vax\scammer.exe
"C:\Users\Admin\AppData\Local\Temp\vax\scammer.exe"
1⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff94735cc40,0x7ff94735cc4c,0x7ff94735cc58
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,5660922509928288819,5400055076577319787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2216,i,5660922509928288819,5400055076577319787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2324,i,5660922509928288819,5400055076577319787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,5660922509928288819,5400055076577319787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3344,i,5660922509928288819,5400055076577319787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4604,i,5660922509928288819,5400055076577319787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4404,i,5660922509928288819,5400055076577319787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4964,i,5660922509928288819,5400055076577319787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4892,i,5660922509928288819,5400055076577319787,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:5840

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5320

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa396c055 /state1:0x41c64e6d
1⤵
PID:728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2abd7d4711798975edf6305f8fe4e190

SHA1
8668fb09dc1f963b54f8af616fe40692369db032

SHA256
e9339451a19c51ead4c3d2a94d3eef04c76ee1bc928f2a82d9623a73a5f0b892

SHA512
9f8beb7e8de9c4e37249af74ba6d972261b259498aab1b4a4bab6cc17580bff4e4e32f5c32621b86462e7b53e3e1e578d387edbc61571825f2eb9d4bf246191a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a53b64b32c8bde77346f857739d88efe

SHA1
0cc0791297b33d2b5241b675e7c1b5464e3cb06a

SHA256
5ed1eae01d5ae5bc98673383452fa0952929323972dffde408333036355af20b

SHA512
0e1ef565f42aec2589d5be68f193a501e42fee9c53e35a1be0edd7ea9b5e2cf806fbfced9ff71b0b719edbbef6e0cc75f30e1ee88ed0515f395bf8cbec3ab841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
758d4aa75a487c1f9080adf867efab4b

SHA1
6a3d7ba59ed6b4d2fdd9a05f89abc3902ccf86ea

SHA256
21a23c1ea1a9ee2e6e3ba7e4a373e94a47ecd8008ca2defd258979cf0ac2451c

SHA512
1631c6bc78111e2d5337dc4a229a2bbc8d98ed0cecf712e92fedf3bf8a9ac1e170787224800b4f3f5c6bdfccdc939ace05b1488aff3db12cf72a076dcb116e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ccded9d1f68c59333835d3736b369525

SHA1
006410cabb936f1ae816cbe3dab31069dd68022b

SHA256
b63c9f6755cdac018826af78132f5023de542935b59546c6efeeeda6505d32e9

SHA512
5a47307bb5fbe6bac3b4e8634248f197631518bf26edc798237782c2ace420b4e1222e30b8bcc45aea41d509b87d5202df2a6f3bd7e750d50a0477b38a60b389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
b344af64622e59a717cc7c8b7d590ca0

SHA1
288b55e772fb17ec383627bfb77a325a98655acf

SHA256
3ba313ebabc59760a6e633257705af7ac0ef10374620c57c8db4be77de26b1a4

SHA512
0ad410f65a625abe19bd6a33134242026ad8058f09ebbb73f31ebf845c64fa6d79f8d76396c5838a6dd35172068ddc85d94938507c829c45287811365b87b113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3be3c11ff2309b9a847fd68e3a24b0e7

SHA1
1f8ce480c2d5c09c41d0b4ce9bdde70eefb41234

SHA256
47f32bc3707f1e44f25aa23e30299c1536eb9569253ef04454b3df5d9780f2a6

SHA512
090d8ed5974ff0b69ad813bb99216e1dc04bf030b08f80b9946b46e4f27ce5f40c6ae453e969299e7672e33cb66163e92f7c793b1d6d399d42de65f449fca8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c2ae738c6a518751a0fcedec454c37ea

SHA1
59be70d30101135ae056b1d62b0fa33208081aef

SHA256
cbfd82a5a42adba4f25aa44546125011edf09424b31833a89e62446c6d3884d4

SHA512
3d91584037bf87471eedf9e61bd921ca9d1f7945878e15f85640393aa5752ba7b5a40de7d4d0fd94a59126a074362cacc99fbbde2218598008063676f9cbdbfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
86546947e67ca6ff7f466c177d3ba3c5

SHA1
96dde926cb2505e18f678c069f391cffea223995

SHA256
1ecea020f397a2085882263c5f62583ffd0a70640179c0d6d3b45cd0bd5e0d2a

SHA512
995bba208d7e72cee8937798e99868b92300df021193d5db2b4b85bde7ce62b1f407e281f03007451690f81fb04fea5d05998fa55626bfb0f4169c0fad03d093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
7eb7ad417471e8e323decc25641cb92a

SHA1
cf265d30dd046ed5dd3ea696821213b1187cbcd7

SHA256
c2ad56e773fe6f80ab4da5e8290b90f2ed3583ed6badfc5b2d31b4b198e14198

SHA512
ee9468534e678d2433ced3da01fc4fa28e7c60f6b4a65d230bb34985c6283342aac8a1162410ab904e6ff088bdec3b8d2e234b2a7adad1e36b1793a5db69450e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
500b23a96de80d1ce4e55c9b249e25ae

SHA1
68c638976a0de0a0fab267e7733a0897ac4f20d9

SHA256
963d25f7f8caca13050d178aa83cb3a3fd73669e95d4a95a508db5ce1c713339

SHA512
75209057989419d7de0183fe49fc281377541422c671e527a88ff51478fe33f236be7f9db2f25c5d1e5d3dd213e43995736d6a222165ec3ee95cc3c578572cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit