metasploit | 7a3ae259515d538a318c0a474ed43fa5b4c8fba8364a3f3411f3e474c4d58206

Analysis

max time kernel
104s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2024 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yo.exe
Size

72KB
MD5

c004f55c954e3b995788d1d3abe815ab
SHA1

4691674c4844caba90a6f0ae998588f6c7cfaf2c
SHA256

7a3ae259515d538a318c0a474ed43fa5b4c8fba8364a3f3411f3e474c4d58206
SHA512

394ada2157fa49cbe29b01db11257e05e16d4005b1cc0f646dcfa28015d3ee6ff23c259d8fdd199d141736f9b22cbf673465ff3f62b826c0c4add42dd1e813cd
SSDEEP

1536:IDaNA5bkrHwBboikAuM/Fg6XMb+KR0Nc8QsJq39:4+A5bS6botM/Fve0Nc8QsC9

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	yo.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133716589817029430"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 2456	4836	chrome.exe	85
PID 4836 wrote to memory of 2456	4836	chrome.exe	85
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 3408	4836	chrome.exe	86
PID 4836 wrote to memory of 1740	4836	chrome.exe	87
PID 4836 wrote to memory of 1740	4836	chrome.exe	87
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88
PID 4836 wrote to memory of 876	4836	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\yo.exe
"C:\Users\Admin\AppData\Local\Temp\yo.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaa105cc40,0x7ffaa105cc4c,0x7ffaa105cc58
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2000,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2300 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3736,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4084,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4688,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3440,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5104,i,59244542724072514,16323199612302144457,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:888

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
803f76ec1de4e2340f724cce445ad008

SHA1
363a22ff02bed3727ad471a036ae213a050913e2

SHA256
67630e9e5665e8d132d1b2624b172fb78027d21b753b73a309904c34c4eb66e8

SHA512
3e3c1e7d57e376ba3c2ccf430d829b70df282b498604bcc13f8e301f073375f079aad492a503a16cfcd7ea4fe973496ae55b6b3a27eca9a2b04159b1b75b2e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
844B

MD5
e3e79b0199f26c8ba2cd8d6011d99a7e

SHA1
98c72229c466f49e5a298d4db9a7484c47ef512d

SHA256
fc3b3618cc9d92eea74d8c4a1f3d02932a50b015d55373ff4960457d22abc10f

SHA512
6408b55382cef0019af23587488f664ad14e16ab2a4d14ede96dd929855f4b035483978bfdb4d932619fa90d01773a36829840cd47b1cb299014ea5074514a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f6171b98dd27f12bbfe4aeca1748f407

SHA1
31e52ca8fdb62eed429ed172f8ba07b57df7ce0a

SHA256
fc374c26b69595bf22b3b02215de03694c2c297c6e18a4d7a33a2fd7833597b6

SHA512
7f8f4b6b05cf4bf96249fb46c43f001106ad8e6868718e8ded4497213bfe2d12935edfb737edace26c0de5c246f8548d902f6259d89e7850d647c995e58adcf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
680d87fb62b135707e934e12070df75d

SHA1
1a5ff6dd336ce2c713284f837e4733715a76601e

SHA256
72c2452a23331579979473dcfd6a866e8fb1d9a3869b94f7fd19f8bbd119065c

SHA512
90d9050f83474f7eb9e28683310fe2460981235a7ae4f98133c8da85c089700d69d941db43e1037b89a1a0e5489201631b74cdd13feb5145c3ce1d5da7f177c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
595adaa65183de84843bf8524c099f22

SHA1
ed3f8cba3f4fd43f52e84d1d6de682a8a1fcadc8

SHA256
4ec02d866e0961bdaa2aae5e112d4d239f5e2d5902c468ef1742cbe1f64aaa31

SHA512
8aa73ba57c0d43cc68a408d540bd221181bcaa5aa74239a19f43afef282d47a0e351eaaccf04f35c6336595959ac92bd31ee5a6db5ec278fe9fa6e4ab3299212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d640fc99f6aebec074e96aaf99d7c46

SHA1
64dad3201f4bd2eb457ca38ab68047120a8eac88

SHA256
0cb777a2213c3b5435d42c500f920a4bd4c3c8c2e4b3868d38a4fcede8a4eb46

SHA512
337a8ed9ca892a80012df11e07b05c650f7e310e8dad5975a1c785f50e1b086b5dbc0ff97a4ff4e26dc95bb6755514570010ff4403571e4eeb693fc03ee63fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7f27130eefc7d0ad4a14ed81b4c5018

SHA1
9d35a0feb8c6ed99af36b5a3208991c26c95db4d

SHA256
e33746413d1ce8e60b6d21560affe10accf7bd35d29c537f8676c9cc2d6db10a

SHA512
ca60175e214ceaf417c00069d1302b230872b2ff211c667c45063be6cc596e89bbd6dba1bc4971c23ed72121a33bba2e42954ef041daca572b0de9d869e36cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
548eec7df4be69548bae9d6cd8675dff

SHA1
afab6c4d9c8d81b8cf154c11093451495986b489

SHA256
92ec89c0ddf38663dcf7afdc6d80768d0ae127a5644348b10f0d1af82f367660

SHA512
3250e39f3860b79dd74f25f8a9fcac67c51cc72bf593005be69ac72bd03e93dbc9f3b63d9adb22911015c4ffab34bde87e8a13dbae3442a4a4684800f14f0fcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0126e49bff92d1963f88ef061665e88b

SHA1
27b1d4d801cec8078b11a7d3c9f03dafa927068e

SHA256
ec4d877e35948e224c3be1a03ef07069c8c16a429a34340ea467b6e857c293e3

SHA512
e097cad8d66c1a0c7a954f3e84cc6fa7b72461d833fdeaf9c55534188864f4686a3825ac569322428f3dfa72a0d8c5f6720df09e177d7d7c176d533a2fda5e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
955f5b3edb527bcbeae43aee6bc43704

SHA1
ef0632d5de1eb7daa5812dc937923a175e8f9a5e

SHA256
2505b9c5394dd1bbe2d5fb84b2b937e28762b7b1e7097cea5b48613035c714aa

SHA512
2dc34f62808b508cacabc0a5ea2c993250259709cfa6095bb3c97b7bd83ae35083cfe9961001f26a37568a4243216ff0d3d999a1469db88cefa71e87523fcbcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d42fc445705f13855f4e6f6d956d182c

SHA1
01451f3352327802999b89b99a3a89d27052ea1d

SHA256
e11d613549268a5f5d3c9f17bad831666ec57c1dc97435670c4f92d73d5a6106

SHA512
54e5501c94e7a3790ed79cc2a2b33720ea18a9078ddcbd54cde14488000487b6c75dfb67aeb9583dfe43ee957dbd03377637266d9b798f904cb3ae9e23e0dcdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b120fdd912bf696d97eaa3f2c1a6811c

SHA1
19aabce74786afa26a1c3bdc411c80eec159e737

SHA256
082b99bafe0ea79023b7710f1db388c4786996a53c1e4cc04632c864aab27c64

SHA512
3acf540971b8f356676404ee2590879b09d0f23fdc271a18c3215371c5a5c8d88aeb9c8d1109c0a7ccfc1531e620b0cedbeb9d41d18852b636720ec2278a186a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7fe038e87205a76acd7fccf49e6f2579

SHA1
3c3f2f2d7ac01771d5a48f1c124ace91d68fe1a1

SHA256
109cde687e5a20fdf20ad823ad21c68525236acc0cbad3a189758227d6a0a4de

SHA512
bc0f33becb7410103e3c86891987236ed3b3deb30ae84aa1192885d7d35931c5640e19a1e73f7e35673e250ef4e0d6e94c9a7cc5f778d901ea0be1febe651116

Download Submit
memory/3172-0-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download