Analysis Overview
Threat Level: Known bad
The file https://argunt.com/mklop was found to be: Known bad.
Malicious Activity Summary
Kutaki
Kutaki family
Drops startup file
Executes dropped EXE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of SendNotifyMessage
Modifies registry class
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 21:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 21:13
Reported
2024-11-17 21:15
Platform
win10v2004-20241007-en
Max time kernel
126s
Max time network
127s
Command Line
Signatures
Kutaki
Kutaki family
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_HDFC COPY.zip\HDFC COPY.bat | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_HDFC COPY.zip\HDFC COPY.bat | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_HDFC COPY.zip\HDFC COPY.bat | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_HDFC COPY.zip\HDFC COPY.bat | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_HDFC COPY.zip\HDFC COPY.bat | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_HDFC COPY.zip\HDFC COPY.bat | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763516234678141" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://argunt.com/mklop
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff5531cc40,0x7fff5531cc4c,0x7fff5531cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,8170634631257755029,6388841997595195307,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1876 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,8170634631257755029,6388841997595195307,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1968 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,8170634631257755029,6388841997595195307,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,8170634631257755029,6388841997595195307,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,8170634631257755029,6388841997595195307,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,8170634631257755029,6388841997595195307,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4908,i,8170634631257755029,6388841997595195307,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4920 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5096,i,8170634631257755029,6388841997595195307,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_HDFC COPY.zip\HDFC COPY.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_HDFC COPY.zip\HDFC COPY.bat"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_HDFC COPY.zip\HDFC COPY.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_HDFC COPY.zip\HDFC COPY.bat"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
C:\Windows\SysWOW64\taskkill.exe
taskkill /im vdjvnvfk.exe /f
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3204,i,8170634631257755029,6388841997595195307,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | argunt.com | udp |
| IN | 103.21.58.156:443 | argunt.com | tcp |
| IN | 103.21.58.156:443 | argunt.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 156.58.21.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uca1741a4e1eda05a07ac7345fe6.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | uca1741a4e1eda05a07ac7345fe6.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3540_CQMABPXHIBSNSIBW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\Downloads\HDFC COPY.zip.crdownload
| MD5 | 7dd63a854da9ced43deccb65de4e50a6 |
| SHA1 | c45c9a313ce2a9cdd5d03972eeca76b451af38ea |
| SHA256 | 2c1fec61c167224a3a992c4e6b7e3a6a64030de0bc9a65cc3394fba635ebe6ff |
| SHA512 | 045bcfade24c186f3b6e91a27d7d58a4e9a8c44430856208410463469d3de073a3a5510465ec9b062a24f07cf4fa8ba890ac5215e4265a6b32cf8c378efb2e86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 4345b905ecb5efcdfe45aa8a7bb81c85 |
| SHA1 | 0229d8ef0cad25411fc2cf2f67e4e65e37c1e85f |
| SHA256 | 53101f6c68fb6d37f010a46ea704c87f317d9421e823ee86cdd81aed42f3d7c3 |
| SHA512 | c897bc70e81b31ccbd4367aee8732b95b05ffbc00ab43274f08faa65a24c1f4c765b65a1c8c2c8e6d931507c42de4d30786339a32d0689551bcba0068bfe1f98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c60171ea048a713c12153f3582e77afc |
| SHA1 | 4dc1d4bffcb240b7d6171b35c4fa8fdc48d4f662 |
| SHA256 | 391230fe279f9e046f0f7e51e3112e1bb9e47880e508273a549c589e9dfca49b |
| SHA512 | 31909381d61805edad67c67275dd3d7fca309ef63a78dd4d00b31e9a389101bc63786eefe2d9c03548f9a4544e8b3766613a42c06e50660c7138eb42f6012c46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a499be31a518bbac913ec01d04cc704c |
| SHA1 | 83d778dba9a561ac34dec12433f2915f0de9e19a |
| SHA256 | fcc1492ed1758dec4e146fc62f418447cf4e813b50940805cf33a3952347b817 |
| SHA512 | c520813023201c7f64f36b58ce8e9f9303fb9363b719f78f13cf3b45701461b29705d7d0e4e7a04de1efb0fce5b7f9d86b1c06b2fc9049588501c63199ac2b43 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdjvnvfk.exe
| MD5 | 6b45ad47f69231232eb081f76f8b00c1 |
| SHA1 | dc4edbff846df1fa694fa9e0865932eb38b1f7e5 |
| SHA256 | 1b6146de1bab4e1e4d5bb63e0ca22eb7301104a1625bfcd9188efb87af1b4888 |
| SHA512 | daac888a08414ddb51b486d7e449aa4e74b1ed9d651db29d37037292d3c53e2b25f2dd4269bb668d4cd21542cb97d5f1b7141c4448427c90cde65d17df42e2a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 42962adfe7dd916dad67d560b1f44901 |
| SHA1 | f43545f267ed9d827bcbac3f95a926b86efd760e |
| SHA256 | 59e0ec19a27be60bcaf0f563ef67f58691cbc25c5f8eee295a23b7d2b38909ed |
| SHA512 | c5ded6bfd67915e5a0ffa952d96cef0c454b450f69c1a04c149dd475b01bfa4e57b0b600f8eab83d8b3aa851d413895b123eb1f2d541019c193bfec65ece2969 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 98161aa709dec568da7e3ce80a964038 |
| SHA1 | dd6dca2664b36205e00ce1922cf8f2da847df854 |
| SHA256 | e105010a32e60b80c3559d0e34a2d597c6013b7ebeb03fb21296588a199d3c99 |
| SHA512 | 28397b25a11cb556c2b84c6539e00f5ddf018e058bb74f81a88d735ff41ff9f527e5af39a50947843eb3c8cc3a80310393e9322e7573adc943d12693a2420a69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1e0361e847916c81c883b13c957f11c0 |
| SHA1 | e65a68896feb0ffdcf8dca153d927701fdb13278 |
| SHA256 | 54ce9ce7d36f33367a654bf1896633db59bd7e4e924733a86511a97b030a7666 |
| SHA512 | 4e90c8fe0416cf9386d7a09b97b00719444953f6c9a1d15e52f8f858179f79f30a56b9ab7b1e490026d3f5202f1ed2bf0183a47709281ee498b688e55613e012 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 07d024c3b3d86711e4dd46c757a2d767 |
| SHA1 | 2ea5b5669d4a32bea2459b86c2a1cacf79efb3d7 |
| SHA256 | c36556793c0a0558a9864bb11d1a09c0a7adbff1b77badcaf620c2bf4daa7e27 |
| SHA512 | 80f1a3d325f2896a991af4f136af80890d14bae596b9b9fa5674aa14eafe7cba19292275e3e12b6c9a2444353c62ed8c6d4ed01025725ea19e4a0caea3fd8f60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c090f2785d697efbafbf4d5d096b119a |
| SHA1 | dcaec8c8698e1d9dd24550afa0fd58cb6dec883d |
| SHA256 | f0d1a21b11aabe30bf58fa7141777c0a4c125856a5ca8549c4dc82456885f745 |
| SHA512 | bde830d2f0e4b05484ed4be824b13b05b47183d966ceceaacac8b47b5f865b3b2b04fa42e1a4bde5dc6d165505f6204fb63551c7e0120a5aeeab9602338e1735 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 946e31fa2701a982070c1b6db8cbee5b |
| SHA1 | 3fbbb5f1a78e23513b5c8c9db016f1035ea7be44 |
| SHA256 | 925ee88b28905cc9c8b229db326cd0fe639359fa066eafff3b17809fe9336578 |
| SHA512 | 0841505701c1a611dfa34e231ed8589335745e78eb18005ba2e109db473fd91c3587e046a6050ef28f6caf2514af9de4597c3c7ce43de20b8fca5127c28497d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 896f0062b8acbfd81407b5c4f9c6468c |
| SHA1 | 4a6f3b34be05ade1ba0578005b77aeb9ebbf9fb5 |
| SHA256 | 4b33cf98b65860a745494a70a3983a636f344d4ee0083713fee82cb7cadbad7a |
| SHA512 | 563c76ebca15b94ee8b490849539ba5689339c8db177e5ceded61c1650d1aca2cce9e65f831046c5c1e131b00b9d5f23e26f873f976c009fbc5cc2cc97990e99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | abc591a468c24eec27da432309b2ffd8 |
| SHA1 | 575fe17b5715b0bd92ca018ff9793125c1159d31 |
| SHA256 | 73f0c284c4a6f2b10ba0d0b34ffb2801ec5df6771e7f3a7f0068da67b868c6d1 |
| SHA512 | fcaecc77cb7275eb46af41001054323c4d061c47d1e8576364055932afff8d082a851381f3ab42271db6da852fbd086773153b4942db3866da7fbf07b03fb5f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 257b7cd111cb608526dc2d8eea1f689f |
| SHA1 | dc42bee3512cbc5e716c023e9d384ed0add8c8fc |
| SHA256 | 78c39860ed478385402d55865cd0d9fc9dc8133e866196434947be7784dffb29 |
| SHA512 | dde6e7e43ceb8bb48b7068704ef14e3ba02d88938cdf658ca7cce8dccc70a2db6b88c1c6d12a3e9a9cb03ee3d63be97dbce9d3d34cf5bc2768f6046475c7c252 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1166d809ed0d164839ceda6a6ff7156c |
| SHA1 | 2c6cc2402a6c14923388e4bf82649b71beaee01e |
| SHA256 | c7d7f4ef523b75f59fae4005905bda48bf8fdde40d74255fd22da8723b3ab9f6 |
| SHA512 | e03a7b4fd1cfbe3032544085e1db8cc0046231961f350341cc14f4e10ad186e66d37bfe3cc56c0f25981589f960a03952b0b5b2a86bd0d78c3f276b423c95ff9 |