Analysis Overview
SHA256
31b233d5cdd809be59e838bb2c27c29d8a914daa08a2490e03b5e5f8ed35e312
Threat Level: Known bad
The file cabbage_decrypted.exe was found to be: Known bad.
Malicious Activity Summary
Atlantida stealer
Atlantida family
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
System Location Discovery: System Language Discovery
Browser Information Discovery
Unsigned PE
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 09:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 09:34
Reported
2024-10-29 09:39
Platform
win10v2004-20241007-en
Max time kernel
299s
Max time network
304s
Command Line
Signatures
Atlantida family
Atlantida stealer
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133746681556897007" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cabbage_decrypted.exe
"C:\Users\Admin\AppData\Local\Temp\cabbage_decrypted.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcb4c4cc40,0x7ffcb4c4cc4c,0x7ffcb4c4cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1952 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2064 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2340,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1844 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4676 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4692,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3320,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3708 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3332,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5672,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5688 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5836,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4040 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5320,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5160,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5368,i,2251989079108900060,2371175357064998538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | picsum.photos | udp |
| US | 172.67.74.163:443 | picsum.photos | tcp |
| US | 8.8.8.8:53 | fastly.picsum.photos | udp |
| US | 151.101.129.91:443 | fastly.picsum.photos | tcp |
| US | 8.8.8.8:53 | 163.74.67.172.in-addr.arpa | udp |
| RU | 185.234.216.181:6666 | tcp | |
| US | 8.8.8.8:53 | 91.129.101.151.in-addr.arpa | udp |
| RU | 185.234.216.181:6655 | tcp | |
| US | 8.8.8.8:53 | 181.216.234.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| GB | 216.58.212.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | chatgpt.com | udp |
| US | 172.64.155.209:443 | chatgpt.com | tcp |
| US | 172.64.155.209:443 | chatgpt.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.oaistatic.com | udp |
| US | 104.18.41.158:443 | cdn.oaistatic.com | tcp |
| US | 104.18.41.158:443 | cdn.oaistatic.com | tcp |
| US | 104.18.41.158:443 | cdn.oaistatic.com | tcp |
| US | 104.18.41.158:443 | cdn.oaistatic.com | tcp |
| US | 104.18.41.158:443 | cdn.oaistatic.com | tcp |
| US | 104.18.41.158:443 | cdn.oaistatic.com | tcp |
| US | 104.18.41.158:443 | cdn.oaistatic.com | tcp |
| US | 104.18.41.158:443 | cdn.oaistatic.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 209.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 104.18.41.158:443 | cdn.oaistatic.com | udp |
| US | 104.18.41.158:443 | cdn.oaistatic.com | udp |
| US | 8.8.8.8:53 | ab.chatgpt.com | udp |
| US | 172.64.155.209:443 | ab.chatgpt.com | tcp |
| US | 172.64.155.209:443 | ab.chatgpt.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | ip138.com | udp |
| GB | 174.35.118.63:443 | ip138.com | tcp |
| GB | 174.35.118.63:443 | ip138.com | tcp |
| US | 8.8.8.8:53 | cache.ip138.com | udp |
| US | 8.8.8.8:53 | 2024.ip138.com | udp |
| GB | 174.35.118.62:443 | 2024.ip138.com | tcp |
| GB | 174.35.118.62:443 | 2024.ip138.com | tcp |
| GB | 174.35.118.62:443 | 2024.ip138.com | tcp |
| GB | 174.35.118.62:443 | 2024.ip138.com | tcp |
| GB | 174.35.118.62:443 | 2024.ip138.com | tcp |
| GB | 174.35.118.62:443 | 2024.ip138.com | tcp |
| GB | 174.35.118.62:443 | 2024.ip138.com | tcp |
| US | 8.8.8.8:53 | www.ip138.com | udp |
| GB | 174.35.118.62:443 | www.ip138.com | tcp |
| US | 8.8.8.8:53 | zz.bdstatic.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 6.ipchaxun.net | udp |
| CN | 58.254.150.48:443 | zz.bdstatic.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 63.118.35.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.118.35.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| CN | 58.254.150.48:443 | zz.bdstatic.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| US | 172.67.74.163:443 | picsum.photos | tcp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 172.67.74.163:443 | picsum.photos | tcp |
Files
memory/3336-0-0x00007FFCBBE73000-0x00007FFCBBE75000-memory.dmp
memory/3336-1-0x0000019EEE8B0000-0x0000019EEF748000-memory.dmp
memory/3336-2-0x00007FFCBBE70000-0x00007FFCBC931000-memory.dmp
memory/3336-3-0x0000019EF12A0000-0x0000019EF12A1000-memory.dmp
memory/2024-4-0x0000000000700000-0x0000000000DCD000-memory.dmp
memory/2024-6-0x0000000003330000-0x00000000039FA000-memory.dmp
memory/2024-8-0x0000000003330000-0x00000000039FA000-memory.dmp
memory/3336-12-0x00007FFCBBE73000-0x00007FFCBBE75000-memory.dmp
memory/3336-13-0x00007FFCBBE70000-0x00007FFCBC931000-memory.dmp
memory/2024-14-0x0000000003330000-0x00000000039FA000-memory.dmp
\??\pipe\crashpad_4540_QQCULOBLXQCCGMVI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 00e790002d186faddf6b210715c2ff8c |
| SHA1 | e7798c51d33f8852879ac459411039ef021997a7 |
| SHA256 | fde2587f2da82560d4625405e3174c46ff85ab9e51e82daa9959511aa2829b84 |
| SHA512 | 04f7de31748f26e49c1b5316928f28251fd58a62c7ec08906e6c70eeb1e54508beadaa7e1d6a830932343b8b309694566607fe9988d152c0724a59074b42926b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 08fc5a8f4edeb100a1ce0512386229c8 |
| SHA1 | 5e95f242792ed300fe4d926a512950c64dc16e8b |
| SHA256 | 4668444e819f7b064d09b8c696478089ec1f9cb4679a27509f7f2ffbca3373a5 |
| SHA512 | 1bf7195519f7b7417490bd5dfe132cee77da19844307b4efaa2305d753bdb805b522c53a3f6046d11bae49a3c085d4e3413e707f3cda8a38a103772c3289b246 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 726160afe92bd3c3496d8ec00f85f261 |
| SHA1 | 18a12fe10b4c6f382983fa9ff54f7f1b8ba60861 |
| SHA256 | 93dbedb10b8500017f17ea5f807b248ea66c24677b9246b7804be8f73ae3d3fb |
| SHA512 | 24c0be4ff8cb01be729ee79a22e450d94fff48c1e2a2769cad92b75446558959dc043bc0ad6d15df0099bdaba8b3e8a6f36da11c374b42c758bc0b154f21d44d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ab58963a81bb7d8235f7f6b7c0ebdec4 |
| SHA1 | 26d69de01be1588993b538b453c68cac37fa110b |
| SHA256 | a947e009557774ecbf92c085a0d30d5dcaf76224d112ee6722233fb9ab468991 |
| SHA512 | 1c406b3ce155c3339bfa19b2db41910047d46baf2734912e5860cbb12d75f7211d4c740e89393d7250cd705cf1eeb09d90d867a3f32716b9f31e3ac4f1bb6d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | bf656aad6348a6b6feca36ccdc16aa3a |
| SHA1 | 5065235ce9ce44e71ac6512891a25bdbde8837b7 |
| SHA256 | 65c4b7b644a7dcb12e881e5c44a9387542fa8361e93a17c51d4a2cf75de02952 |
| SHA512 | 61afcb95cf0e20466ad56d0a905c70b592de9d58fb5907d51abe2a9fbd1cf3b5d76cb1b4b7ac9455ddb09c2b5713c817bc78bf83c8c4f053f24986db3fe9d10b |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 73388b359b6f133590508f330a65d9a5 |
| SHA1 | 89681865523cb200f04090e6e8905a657ef9cafd |
| SHA256 | b485080e634f133f6c811e06fe2d76a12c1d46db10ba9000f018053c9a10ddd3 |
| SHA512 | a4f84e291b60cc0dd56faa065f46f925787379a8f8adf07b5a8c31d0dd0ff13203efce552a58de8c769c8e6232e0571e61c2f574fddd46170b9732e2da74c95c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5b0f170faf135ea64eb5b532b89fad9e |
| SHA1 | 93981e81a4f9f5f8371e3ebc0bc9b6b31f99e8e2 |
| SHA256 | 902a86352ae1c83639c5e6ee028ae961b3769e0db4784572134ebba2baab3b24 |
| SHA512 | 06c8375a4bacce9a7a1251aaa72206e92a7a167ca9679712bfe38548a12fb1adbf2b952fca1c6f0b442b7c89f90b279d7fccaf61e0d6c99ed3cbe411de72e78e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d6e6d0ecd2078fead9d37947ab6c5c51 |
| SHA1 | 5482c720b656d9e721bab0ee83fc64b52c23d18f |
| SHA256 | 7ca34699bf682a57d4e57a1425474b781b227266ef368558430d300381273028 |
| SHA512 | fa440db0e7cd283245fb15606efb60bb9053d05677c905c464edda118e0056bfff81e2d4a711edafe8cb225fe93b91a1ae0eeb8009264e03127fdd7cabd2bf7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 755f02c1790aaa26f16e9b945545c5fe |
| SHA1 | a261c42da782f9506126ede6259ebfd5ce2d4f30 |
| SHA256 | 24a656c23899c7e8c2c6ae7b3824267107531f2041de724527a4687e16552ebe |
| SHA512 | 5f0717bb48e3933ccba47de9d4680664e0e66d3aeccdc4dd9b9b3805730ea0c026e19a14c29eb72f963d639c79388f1c6c6f1664bdfe878c89f1313af34a033e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4386c83f76e00e621ffe9c49f224e819 |
| SHA1 | f1ca731cfad5fd6b327048d241859dd13be9dac8 |
| SHA256 | fa122779b8d322239f85e88a655baf47788003b15657aaaca6b4935159db4f49 |
| SHA512 | 7406e9185e4e42fb79d9fb997a477a2248997c9216fe5a2d83b15eefd077ddac74c6dd1a3896d331242e33af29da6c73b991dd3c1d4f9c1e6a6ea60833348f1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 81da891216aaf49a400ebb45feea2441 |
| SHA1 | 59c19d20f891fc70aa4375f29da0bda5ea5c48bc |
| SHA256 | e860f6245dd0f626f30ce69145e13932606c44b48bd8a7c5615d72ebe639ea74 |
| SHA512 | a1c1308abdb48e9b0c41672a854c8f8f8ff75d2d8a08ace06b1b1ee8b50e9c19273e358fd1f880bf1236ff7e3094c0e6b68ce8419ed34f659a43965ef1f3c661 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4dda3495cd08373b58981c8a3ec372e0 |
| SHA1 | 0e987bd847c1fe6faa776af6c58e1bb6bfe31326 |
| SHA256 | 6c71a1c221c557f85e0634d77ba894df6be137cfa5aa5b9191bd494a4e2fb464 |
| SHA512 | 1bca101a0da9a47edabef39a40e10746eb21a23bb4c2bb1b22c9cf68517197f2f4402d6b68371171f5c76813526eacbec4cb736e657ff86da27811cb6fd990e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9f35e93d3e57bb472653d72d507d6ed1 |
| SHA1 | d24f6827fcd229bfd640d9d68f0eab45a8c12506 |
| SHA256 | 9ccaa7d28f2c04580941beeaa77b4a649fd9d6fa61e1994d4197c99cdb70abf1 |
| SHA512 | 64de1935fd98f21b0262c61315c4f474de0277d2a1fe102a5140a722a2630fb38c4a9441e0dd24c21d78e789e395c30713c37eeefbe24a6e58cb05019eb18825 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 425be92efa62a8cbeeefe6d7224a9d84 |
| SHA1 | 58266b90229c05c6db23f12889bb1e1b7baa82a2 |
| SHA256 | a70956f57deb41d95b6e215b970b40e09a2e803818712dd945230f6e3caee2be |
| SHA512 | 2a99060a03e7990e419ce3b0358573e3307b6c8c47c8f73f5cdaa491ead0383f65e1a9a45d92f446b9c3685bd4c070908336a4d0d6638013d2d438a14dd71f22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 831f700d735477e924c02631cc95d66e |
| SHA1 | 9e45f42451fc341c3e7cd2eba2e7f6a85c7acb2f |
| SHA256 | 0328606ca92c8a8f140a7f4906f316c957aa342250a1eabbcda969328220173e |
| SHA512 | 8eb9cde0114eb3e80092a886a89a888841fb9dce8acbc35bde80738ac0d162b6b5728c4ef4c3e85342dd6f1cd1642809cce739976502b01d482b020729e2e511 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 6ba6cc987f9abd98ca5a24842625b46d |
| SHA1 | 063028bc18006b44f5b5d87fef4de2d427c2d2e0 |
| SHA256 | 9e6981c4253cca92b735c98393c65ba6dbcca800380699d12531cfde5e4e7859 |
| SHA512 | 1ed49c710a424aa07a44565d9553a1238edfe615b9893e29e96f9006bb47973d9b2c34af38966a373721415dc93e8932f4d832c3200336e8cd37f04cfc2592ac |