bf6155050aee616b3dde64bbc42a3a0422be94e035945799ae20b0c0e35f963e

Analysis

max time kernel
50s
max time network
144s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ExeFile (99).exe
Size

990KB
MD5

4afc09642e78a70722fd3ab5ed29d27d
SHA1

9772ecbcfd5cda231c0124ac7f72d089369fb176
SHA256

bf6155050aee616b3dde64bbc42a3a0422be94e035945799ae20b0c0e35f963e
SHA512

9cbeddf750f114174e1908995626b5333faf2c1cb4f9e89e59e5f597d6b18950dad4c3f31b7a81ca1d335854a608d149abc7fb6ab7c5c3edf9f1c36dccdb9620
SSDEEP

24576:Y2G/nvxW3WsTQRzqlqaHb/YF6AXyUo5uoDF6mXy+o5+xfRq:YbA3DQRzI/TYwIUHwAU+rq

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2596	main.exe

Loads dropped DLL 2 IoCs

pid	Process
2740	ExeFile (99).exe
2596	main.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ExeFile (99).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2668	TASKKILL.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Runs .reg file with regedit 2 IoCs

pid	Process
3000	regedit.exe
2268	regedit.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2212	chrome.exe
2212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2668	TASKKILL.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe
Token: SeShutdownPrivilege	2212	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2596	2740	ExeFile (99).exe	31
PID 2740 wrote to memory of 2596	2740	ExeFile (99).exe	31
PID 2740 wrote to memory of 2596	2740	ExeFile (99).exe	31
PID 2740 wrote to memory of 2596	2740	ExeFile (99).exe	31
PID 2596 wrote to memory of 2668	2596	main.exe	32
PID 2596 wrote to memory of 2668	2596	main.exe	32
PID 2596 wrote to memory of 2668	2596	main.exe	32
PID 2596 wrote to memory of 3000	2596	main.exe	33
PID 2596 wrote to memory of 3000	2596	main.exe	33
PID 2596 wrote to memory of 3000	2596	main.exe	33
PID 2596 wrote to memory of 1488	2596	main.exe	36
PID 2596 wrote to memory of 1488	2596	main.exe	36
PID 2596 wrote to memory of 1488	2596	main.exe	36
PID 1488 wrote to memory of 2840	1488	cmd.exe	38
PID 1488 wrote to memory of 2840	1488	cmd.exe	38
PID 1488 wrote to memory of 2840	1488	cmd.exe	38
PID 2840 wrote to memory of 2588	2840	mshta.exe	39
PID 2840 wrote to memory of 2588	2840	mshta.exe	39
PID 2840 wrote to memory of 2588	2840	mshta.exe	39
PID 2588 wrote to memory of 2212	2588	cmd.exe	41
PID 2588 wrote to memory of 2212	2588	cmd.exe	41
PID 2588 wrote to memory of 2212	2588	cmd.exe	41
PID 2212 wrote to memory of 1780	2212	chrome.exe	42
PID 2212 wrote to memory of 1780	2212	chrome.exe	42
PID 2212 wrote to memory of 1780	2212	chrome.exe	42
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43
PID 2212 wrote to memory of 1380	2212	chrome.exe	43

C:\Users\Admin\AppData\Local\Temp\ExeFile (99).exe
"C:\Users\Admin\AppData\Local\Temp\ExeFile (99).exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\main.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Windows\system32\TASKKILL.exe
    TASKKILL /F /IM chrome.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2668
- - C:\Windows\regedit.exe
    regedit /s chrome.reg
    3⤵
    - Runs .reg file with regedit
    PID:3000
- - C:\Windows\system32\cmd.exe
    cmd /c chrome64.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1488
  - - C:\Windows\system32\mshta.exe
      mshta vbscript:createobject("wscript.shell").run("chrome64.bat h",0)(window.close)
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of WriteProcessMemory
      PID:2840
    - - C:\Windows\system32\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\chrome64.bat" h"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2588
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:/Program Files/Google/Chrome/Application/chrome.exe"
        6⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2212
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4ba9758,0x7fef4ba9768,0x7fef4ba9778
        7⤵
        
        PID:1780
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:2
        7⤵
        
        PID:1380
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:8
        7⤵
        
        PID:580
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:8
        7⤵
        
        PID:1088
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2332 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:1
        7⤵
        
        PID:2144
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2364 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:1
        7⤵
        
        PID:908
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:8
        7⤵
        
        PID:840
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2644 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:8
        7⤵
        
        PID:2184
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:8
        7⤵
        
        PID:3060
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2784 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:8
        7⤵
        
        PID:2292
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:2
        7⤵
        
        PID:2660
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1332 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:1
        7⤵
        
        PID:2668
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1284,i,8995399210262212146,12562248294031399710,131072 /prefetch:8
        7⤵
        
        PID:1252
- - C:\Windows\regedit.exe
    regedit /s chrome-set.reg
    3⤵
    - Runs .reg file with regedit
    PID:2268

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
633B

MD5
2c844dee651e35b0081f62de052f732b

SHA1
c9df9dca314cc124b868540add6867fa67ddc1c6

SHA256
ff659dc2d1a41aeb1acaced90f9df351904b63b950c45352248715c0394621e7

SHA512
1bd62bb08bfb65ed3185414b8eb92b7170982dce09d930b0b54af23d4c694975b10d2ce99d7239b8e3988fee2efe0e062aa6b3f64f016f0a54cf007cab4cf77f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c98cb80bebc0f6c89a4c2c5fe3e3652a

SHA1
04112069a2bba4f65ec36f618b5c17c46d88c30b

SHA256
6b3e36512263ce926e19b7a94887e89c4e2a349f15f70ed43f62407c63311054

SHA512
860964dce76ae11e034b703b5ac54d4d5f882c5700babc11226567379885de4534d45a55b2b2644c6941e124dc438f46f3210f1ab34234eca401e83fe2dcc66e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cd9c10c7a2d8fd382f0fa0f378387ae9

SHA1
d3765f21536dd539ffbc1c427fdf85baf11081f1

SHA256
5c0aa853df84dc098d36e4892486c2f8cd6dfb2bda555be3b0e3f372469a8623

SHA512
efb789f8cbf9b3bbbdbb30050d5ecbf5f6f463426e3232a3fcdd50db5586b429b2612ae7fa478b62329d07a6ee186088f37ac4f4eacebaf3e678b8d640002e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\chrome-set.reg

Filesize
913B

MD5
3e340776563dabf93d6facd415dc014c

SHA1
99c220b33423ce5307405a23507f4d4023b256f0

SHA256
9d82451d22500c2723d18e096971989902ddef5cbf6bc2215f26e9f95e8f5390

SHA512
bf044227a608c95279a87e3f6f998377baa1b1d1a214721f129fb5127eab4c51ec2fa5fd759ae00ee2eea94c95a303788ed0c420eb40fb0319cda6ca41a1360d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\chrome.reg

Filesize
412B

MD5
53924b9a3cee1936dca042f83a8c77d5

SHA1
5b162956b38483c5b5bf93221d71ccf931c69823

SHA256
e5d981cc07403a2207efd14f376f78540d83ba99c09063a1d0205247a753ce9f

SHA512
b075c865d2edcad060035b7b35f9211715118925acbd17dcd6880773a3f6f5e541361f5db35a1df7145d342ba926c92c59bb5ddc8263e0977af6e26b5a48c145

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\chrome64.bat

Filesize
197B

MD5
431927c4715b4e73c9b68ff675515391

SHA1
17bd1a044f85f1776fe932c01b8e707110d44f9c

SHA256
b142632ccb968e4d404827499ea7895f578e809ce9778ff263ae1d68f8234861

SHA512
f4d499b8eae75fb11cbe7017b1561325b0183ff1460210d04d40d3aa2c0b282c0d34675e3d714ddccc158da2b6e6ce677441d420f5466fde0b8a5dcf39074a29

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\id-chrome.txt

Filesize
32B

MD5
0167419b601a93258aeb85fc6e775893

SHA1
0a144617b0dd5c5cd4aee3afa8e950f19fda15e8

SHA256
6b01add656de1f80a188fb7407856c06b54c39946642a949c2eba2ee5801ca07

SHA512
76e24f6e46944f2063a0e0696048d9a665f13345b91090210965f0d017c396a8b302beba4f44678e98593d8701e2b23927ea29bd3ddacb942d651a4b6c472b29

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\id-edge.txt

Filesize
32B

MD5
61a1097d8931a08711609a2547c94272

SHA1
58b8b23b7ba2b9c194bdd7297beee92c2f0ed4c3

SHA256
a5d1355faa6ccdcc223fc792efbb0f02abbd7c2455abb43150af455737ade895

SHA512
2b90ad86e5fd4e888633d4ef744d7a155536f4c7eff96b474fcd7a47880f085e01c628001c33ccc43c23e156bf17217b7c32aa386188d95955f4ba261efe8c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\id.txt

Filesize
9B

MD5
9e8486cdd435beda9a60806dd334d964

SHA1
bf3dab9d79bb0451c24b615d245ac0295407b023

SHA256
4a3f26e5142fdceee09b1324103d62b210e78c2b23710f50f708b8eddafa9e81

SHA512
de1f63b91cbe9fee9342a300d39c841fffe95e31427a7862879fb11afdd888c9cff1f22d5f0269ed5610e0710d4a55e1f40705da5e1898adacb26c28c19a7a24

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\plugins-chrome.crx

Filesize
216KB

MD5
b76a448d15029df55127cdf2ae9e350d

SHA1
8f7cd0366ca1592b254dab83bd5ebbe58f0455de

SHA256
4b60226dce9dac7c5e8791903c1f93a08e4a45448f925c683be7bf740a64abe2

SHA512
59f8ee696644b6fdc55b57928a58bc7dd50ba538cc09a4f1799a685f013e9100783012fdb2b08e7335ce15542f5c91d062259d85d00ca831bab0bde92b8d6f72

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2212_176472934\CRX_INSTALL\_locales\zh_CN\messages.json

Filesize
47B

MD5
15270ddb6df7cbdfb45d6e4ab0b8b33e

SHA1
5a8bf5be51f244d126ffb9080bc345dae5d7aa70

SHA256
709692b4f8b46ee5a6f50567e327005393c23ee003909f1563c4b7aae31251d4

SHA512
64fd9ecca6eca2fcff243b1abac62ac590eba1d52e56bcedb16c2048083da8671018f26ad136d4ac85504648770410062b71319ee4d9bd1561dc9a75063e0fa4

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\main.exe

Filesize
555KB

MD5
c402a583d308d4d150d8a069a1ec76da

SHA1
d84858daf821778ac57801cd0822e9299f32f688

SHA256
8b9ce02e21440d3a6ef06a50da8bd69893da60fe3d5c55f80739e4bef55d4611

SHA512
89d2b8ad3c09687da5c4afdcee0bc4d7cd1e20c51f21e10a1736da3bd7f2b48a03fc7db374eaa58e3827e36e9235b68d5507dc41c52462a1b7904c0ee078cfe7

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit