72e4c85353d7e86ead026be15d0e07c0747be22aeffb7ce87677991b81752fb4

Analysis

max time kernel
150s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DuckwareV13_prod.dll
Size

11.7MB
MD5

fa21040a53451ceb7cb2e2b661a85444
SHA1

68feea38f164f996a234214aa3fdb13bfd6730e3
SHA256

72e4c85353d7e86ead026be15d0e07c0747be22aeffb7ce87677991b81752fb4
SHA512

992d96bcf5ab1553feff12ea233b9383f50703ff7d24b0ddb212696fb6ec1c0607d6a78feb103bacdee467c4dfc75bab75c616e052d3866522e28b579a5c839a
SSDEEP

49152:vw9RVLHT8+0124ugtrAQku+rheDUXu64lfEcYBCRPrtt/PJBbjbv4rfX0TXSgol1:vKeT2cEjFj

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2376	2340	rundll32.exe	30
PID 2340 wrote to memory of 2376	2340	rundll32.exe	30
PID 2340 wrote to memory of 2376	2340	rundll32.exe	30
PID 2340 wrote to memory of 2376	2340	rundll32.exe	30
PID 2340 wrote to memory of 2376	2340	rundll32.exe	30
PID 2340 wrote to memory of 2376	2340	rundll32.exe	30
PID 2340 wrote to memory of 2376	2340	rundll32.exe	30
PID 2336 wrote to memory of 2080	2336	chrome.exe	32
PID 2336 wrote to memory of 2080	2336	chrome.exe	32
PID 2336 wrote to memory of 2080	2336	chrome.exe	32
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2928	2336	chrome.exe	34
PID 2336 wrote to memory of 2872	2336	chrome.exe	35
PID 2336 wrote to memory of 2872	2336	chrome.exe	35
PID 2336 wrote to memory of 2872	2336	chrome.exe	35
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36
PID 2336 wrote to memory of 2796	2336	chrome.exe	36

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DuckwareV13_prod.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\DuckwareV13_prod.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6549758,0x7fef6549768,0x7fef6549778
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1220 --field-trial-handle=1416,i,17722121343247895844,8640884020157960917,131072 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1416,i,17722121343247895844,8640884020157960917,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1416,i,17722121343247895844,8640884020157960917,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1416,i,17722121343247895844,8640884020157960917,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1416,i,17722121343247895844,8640884020157960917,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1436 --field-trial-handle=1416,i,17722121343247895844,8640884020157960917,131072 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3200 --field-trial-handle=1416,i,17722121343247895844,8640884020157960917,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1416,i,17722121343247895844,8640884020157960917,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3696 --field-trial-handle=1416,i,17722121343247895844,8640884020157960917,131072 /prefetch:1
  2⤵
  PID:776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6d990b15d9055edca5716c940a3040ae

SHA1
b3347285396c2a48adaf684154979ced07cbff03

SHA256
d700a2df7d9993d2aba9642282ccc5cb7f6a8d2766f721dc9b3625252a1b4626

SHA512
bb802ac837a9838ec602250198a3698de3b454b4b001cf63d8462cc90f56fc20621af4936044bd2f5c9a8b7d6995b6632a461b50053f40494b6cc5019f4b9168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFf77906d.TMP

Filesize
168B

MD5
99ff914e08fca1d07d98599b48feaa02

SHA1
12311589e2051235953e766532c20beb52b6a7ea

SHA256
73528d1f2b02bd39caea530d60b5a5e2461ba175dde8ab100bcab07b96e866c5

SHA512
ad03a9e4f1bcb517f1c4cd301f8190f9de9e5eaabeaf0a7746dae5fb61cae0f9c2f596af4b53fe9c8f1a104c96d0947a54b01631ca4bd608cdbaa7650c202bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8d97cecb1182f4830df379c32564af9a

SHA1
ac0d9fa2e6d744e58e6bf20958b3997163022d6e

SHA256
b8339f287f1065bc44d7cdae130965435bd0607ceb7ceb36319544857dadae1e

SHA512
fbd2394f0444a5e61389fe7034d97a256d2029a068456d089c2d09ff45aa97852448b7eb2614ca9a19cd5aed2ef76fa3c9d935ec179dbe627ff1408c607ebb18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
d2094fb3a412f84ff7928f84c10fbc7b

SHA1
3081d80a5fb33aa0896eb63f081ce52d32e163ad

SHA256
761bbe4d7bb27f9882cb55ae984fbda6bbf83cf64ddf1668bedab5653c877bc0

SHA512
71b5c535b37f8467cdd9e51ab27a2362acd62e3871453b49e49833eaf473fba92e617d68427c3697ad82b6daccc0b38852b9c244964aafafaf577d1e7df65be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a162c94e1a9fe3eddf9684ec8f59f739

SHA1
d62308d04efb64a1c6a1ff5a700ed1e51cca4920

SHA256
4ca077f14c332e74cfab02ead11444c5d22a631ee2d738b06d3d6e901a3ea1aa

SHA512
333ba389b1ffdf9ea48fb314766db6cab0e2ab7ffa96abd10e42ff42c46def656b3ac31f731cb848613a85c916772426aedbcfe1b50f10c9a7c7ef0216334544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7411b4b22be23ce0872af3ddc8aacb15

SHA1
cbea77ef8d25d8bd618ff641dda0dff49615755a

SHA256
f4ab921ecea95d2a04c7010aed9f4f1c3a8d11b4065c1a6881d912059e42852e

SHA512
60cc24f567eedd11f5a5b35b38a221fa23ed0bace342dffa70bbf924a7b0119b13326b80894865a90dbcf09da240e18449b7262ecf7f1b74d1a63d8bc5c894ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4151d99ea5986b2246d18af06d8b0c6f

SHA1
21eb94d63d597db11fda10e084224d3bec81030e

SHA256
4b4cb5c8d138a1d701ea2e5342cdf36b58bd49c9fe2cdfb0c97f88a427b99e9e

SHA512
a3bfc0f2b6294130001e01c9d2d3dd69c92968b4f1dd5b0f9413fd18c7582f908f62c740d96caa34eb43a6e88579a3abade1f760424a0fc45ab74889cf422374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit