f5d21da868555867844fbe490b6b4d019483a441de0e5573e7c30e9e2c00ce9c

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VantaCrackedCheats.zip
Size

23.3MB
MD5

a74cde6ae0a3155a24530368ef9ee40a
SHA1

a5e07caef86a311c536e7bd0dc371c76e211e260
SHA256

f5d21da868555867844fbe490b6b4d019483a441de0e5573e7c30e9e2c00ce9c
SHA512

3519ea970ab1df5a5ba653fb13bdfa7e7c089ad14749aca5deb1c8d56f0645b4a3e595c928b5fa21e6b8cd2f377a23bf5c05d1ee061395a48bf50998b3f9a8cc
SSDEEP

393216:iqMXFeuBc9Q+FlFzoh08VdMWVe6W29rY9nU6Zhrzghj7njMqvNvKGJK4vm+cVo3q:7MXDBYQw30fcWVEYrYG6ZhAR7FbK4vfy

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133702879297448665"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 3220	2528	chrome.exe	100
PID 2528 wrote to memory of 3220	2528	chrome.exe	100
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 3612	2528	chrome.exe	101
PID 2528 wrote to memory of 1792	2528	chrome.exe	102
PID 2528 wrote to memory of 1792	2528	chrome.exe	102
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103
PID 2528 wrote to memory of 4204	2528	chrome.exe	103

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\VantaCrackedCheats.zip
1⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbc5c1cc40,0x7ffbc5c1cc4c,0x7ffbc5c1cc58
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,12084128463390922978,15301355128656009766,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,12084128463390922978,15301355128656009766,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1408,i,12084128463390922978,15301355128656009766,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2340 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,12084128463390922978,15301355128656009766,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,12084128463390922978,15301355128656009766,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4068,i,12084128463390922978,15301355128656009766,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,12084128463390922978,15301355128656009766,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,12084128463390922978,15301355128656009766,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5116,i,12084128463390922978,15301355128656009766,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3352,i,12084128463390922978,15301355128656009766,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1712

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3fd217eb7e7540a5115f8bf7e5864008

SHA1
176668419a97376b4d6a9ee2405dde4100b83a28

SHA256
f0d2cfde7a4116e18c8eca12d6f930ed1bfd9664b7bae319bdeec78dd1032e31

SHA512
ae933aa30474d5cc62f70983d8f8fc5076031ee41372492d7315e20d236aa1bf3b8aee43e8685bc96b8d5f526f8e3aabcff7e10a768b722475c7e924d646f3b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
016b519a512e865318d3868f54c5fbc8

SHA1
b542cac432be9f54a2984987470bb799fde549c1

SHA256
0bf718c4334a0d0a23d3ce735da69965aaac490be2c8d09b8adfc7ce038125b2

SHA512
fe3c8f89099d824a5128fe1c224f65183b875eeee771385e53ff0480d9049caace8e7e22d002134e8d9583c21bdd88b518d2a88ae0286e0bd3ff243f530f47b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f9a3347fb38e5cfcdca4217b957c99e6

SHA1
96dd3619247978e6210024d8d95d8715c7643318

SHA256
ffabe8a4ca49d3a1f2d2f09ab0dd4b2fecf81acc50ca614f8c9bda3023e251fd

SHA512
373ccb1f053a1d0b4ad5b985fcce648aefa9120284cfbf63034dd7d3110bf234ce1d11a263dd7bcaa255aae83b469202520407c3adac8fcbd8fbea44e8a9c6c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
3abd4dfc93c4b4cc066743b3a975ef67

SHA1
5e5a3eb7f80d9cb37517bc26db4b9e0faf220aeb

SHA256
a189284f370eeabb3dea923e8de6842c089a30c47c205acc45b2f411810a8cbe

SHA512
dfdb00bc2cfd6c5b57223cb4bdbeac68c0ddc706a5ca5021d313f3a4990d4d3ccea02a8651ab154ee0011d29831966faffd918f8f7bd779627ca1d993c270334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1019B

MD5
3ed8ab582c53843d1015f3430e8ff438

SHA1
c58e4af50db5ed90e108997ac11abd0ca5eb5087

SHA256
0248a0d7948fe4c2641b2eae3e7837231e32bf46744c5b629e76e5e9e38e51da

SHA512
403b13b9299341f0999011d7def5bcae73d9bf91ef4deb0d0dd2abde654ae358bbf2a4ff2be45e56965a9b9f292c428c65407641b9c905e1f790fb88b13de8d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1021B

MD5
22d3c3432e37ab2460191e8235962d9b

SHA1
9804b4245d84f7cbce44f15e949ece41d26edd89

SHA256
265a8a3bdb2eae20bc10d782776eb8e5aebab76a4f840d08dee97f10e6d49dc9

SHA512
8a3e3ae32513f5e02cf1374f1793c6ca932af8233adcda58104f2d14a81e89b0725413e30f97adb4de7731178ad29e377adea6c2a675edb01bd027384c7a6ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a4c32259ae3a41ea0ce7689bf058f72

SHA1
8940ce28bd36b090df25daf8268b1fa122ebb50b

SHA256
01c02944270e8d81483b74bf960a7975dff48fa9996f9a0cb3441f2d531323d3

SHA512
044f6586db6574ae1454956d3bdc61450591c53bb692c28d318083f81b8b703184afacd55a54b9c070b2b9f9a4bc052f9c2563be7b18e8af96cc28ac9d9675f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d35fe810fca0b9fa6e1d1c5f87163e04

SHA1
76023d4ee8983b5f363fdb8ae824964d869aa048

SHA256
1309d6eb251786a41e1b1fc708f5a2623101c6b1c0dc9578c56d7e29b7a6b0f1

SHA512
67183737f3c8d4656aecfdb83292bff9027215b1eef1694d75b20a9cdd38633f2a43a61bc9acadef54b4b9271744b7c95e39e47165aa75d12340a728d775801b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cfcd7291bd8e095fc5a8bb36f2242c31

SHA1
072bd33de8fea1c27e28374d3715c211de9ae832

SHA256
1bad2cb3000a5e4703da5e63ea670a572cea3f23c3191826270cb876e671ad29

SHA512
d56fd9255a6af4147dd06d5e03b8bcac6dc5ca9e08d7ba66ff913ced7a44c5f37566c806ed0febfed80d3dba9e4f9d7299e570f16e7d4c18a5f69ef145986933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b6e4cb187a59567dd4a6472f96b07e6

SHA1
cf18e92e39d4cd2ccd2dafbf87b395e5869f9069

SHA256
02fbddf00974266a2415b96ca5be0a07e48c19a2c8b466bbb751b43d37ace74b

SHA512
dc1b5a300bd81cecc1b2acfc4a233993d50504dd542aad916ecbbae091d1fddb417e08365ee96d21c085cdb58c1e52aba6d5111c6e65f98dabaa7e932822bd35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34e39679a37cd722b5d88b1c8dd282cf

SHA1
14627eac471d78a0a7671a123dffd8a0dfbd5dd6

SHA256
43bf621eb8400b27b339ce7723d55b3d460cd304838c3b37ae65e2f4f69845aa

SHA512
ec1fbcb71a0bd33d60c5aeb8ef5c6fcc8991292b99046f70f9019c52875848a14159e8a4ba4694cbc8e8d35158c9e08555ab9b9fc1a06204100fb2d1f62f8c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef6164d28d88db82f0ae0f02b9bfa1b7

SHA1
0efe758393e6b26c5ddb9989dafff74ffcd3c057

SHA256
a5e686e96b957275a58c76126909e1c74ac7bd07696a66dc5163644c98b57ed1

SHA512
ab1290308e8f0dc1c2bbe0e5afb1f7206814bcd788979bf2433495f06ff2365d309df6b3b6c082b7ac2f63e6c11f3194cc2dc472f255fd15f39f5a5a44cfce57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ed9a1ec1c3f0df3d1464bc72c61bf6b

SHA1
07b69a536760502b4a2b9a6d5b41a704b10e4dac

SHA256
9b0b55aec0b7a47af2d746ee4b9a7f76603bdbf26531c8e4b95ec2c7b3ee4c85

SHA512
1bcc690419ac02fd66dab32498642906a451408528dec408a2d962e1c47d1f6639ee9c2279f26995f0503db338e2c58aa9b58245419cf9f4bced8872300f0871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e344af29f261d77b173c5e43ec791a82

SHA1
0235d614f782de5bef86a6b871e360062f971bc3

SHA256
c517e8a69cf8e7681b44e763c689a2274f657e2916ab92422dbacf3d1214b25f

SHA512
0ec478e04f98b87f3e06394ec47c200e4cd911840b43211ec15941a3029471634815c87283eeb6f9d3467a70084edab8ecb94e1f8a02e8640c1485e1d7ef3b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f58a1c8e1c7f294e955b16c41a45017f

SHA1
9380e6175e11cb2bcf82116138ac6e0085931c7f

SHA256
7b63aacd15bec99faf18e3c296ba12264be17b4221c76071ce69b42b146099d7

SHA512
c9466a82d174a5b43cf918d2f2cb2c6a98b42f198dd5719d67a3cbc374271f167b5a4bfd1f94da40431a4cf20a4ca7eb7a4b188aa8886f2624c87cb2dc47fe5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
3ac1441ecf19640d624e04f9425629c6

SHA1
53871dfd461215abe7d9d5e8aaeb8382d1753fc2

SHA256
baf8cd66a5c3352ec6c61b11dbfb73152053d8f0b4b4a3fca706fe6b839ca2ea

SHA512
5bed80db09cc5ff80d33b81f4597af7de42ed38222d331786a06e2ce122066df131c92a2e1acc9a3b4976596e9d89acfe3ccfc706c96f0a939e565d36ca43953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b12fc663-294a-4c8e-829c-0ac98c8b1537.tmp

Filesize
205KB

MD5
17c70e352871ee0144fc6cddf1b77028

SHA1
451942d27f1670dbaad41c6eaddc60f50daa11fb

SHA256
64b2073219b87280b12063320fee2a3b73d6409e3908e2bbdb2a2ca1da31c366

SHA512
a720d154b04a647d148ed3bef08a79ecd0308b94f6a6f7d8762d061270e9f218015ad34afd7853fba81e2e9dbdba42d49a1c671c7a1d04d4c452ed49eecd870d

Download Submit