e44c6e4429d01ffdd9118c08d2485631d075b4297f429433528d444dbb9c5f20

Analysis

max time kernel
89s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

readme.bat
Size

202B
MD5

827004082546dd18587015cb28bf7643
SHA1

8b7e4fae5668d3392b34dce7e06243a111026b48
SHA256

e44c6e4429d01ffdd9118c08d2485631d075b4297f429433528d444dbb9c5f20
SHA512

36610fe78a7c0a7a2112839c61381ca24f0be5c945e6b8bf9e8e296db147b505dd33b4eeb920f59feec77802fadb70edf2e59547304c19f70a962b5e9311675d

Score

8^/10

discovery exploit

Malware Config

Signatures

Possible privilege escalation attempt 2 IoCs

exploit

pid	Process
2780	icacls.exe
1740	takeown.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1740	takeown.exe
2780	icacls.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1740	takeown.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1776	AcroRd32.exe
1776	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1740	1692	cmd.exe	31
PID 1692 wrote to memory of 1740	1692	cmd.exe	31
PID 1692 wrote to memory of 1740	1692	cmd.exe	31
PID 1692 wrote to memory of 2780	1692	cmd.exe	32
PID 1692 wrote to memory of 2780	1692	cmd.exe	32
PID 1692 wrote to memory of 2780	1692	cmd.exe	32
PID 2816 wrote to memory of 2912	2816	chrome.exe	35
PID 2816 wrote to memory of 2912	2816	chrome.exe	35
PID 2816 wrote to memory of 2912	2816	chrome.exe	35
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 1588	2816	chrome.exe	37
PID 2816 wrote to memory of 592	2816	chrome.exe	38
PID 2816 wrote to memory of 592	2816	chrome.exe	38
PID 2816 wrote to memory of 592	2816	chrome.exe	38
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39
PID 2816 wrote to memory of 1492	2816	chrome.exe	39

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\readme.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\system32\takeown.exe
  takeown /f C:\Windows\System32\SettingsEnvironment.Desktop.dll /a
  2⤵
  - Possible privilege escalation attempt
  - Modifies file permissions
  - Suspicious use of AdjustPrivilegeToken
  PID:1740
- C:\Windows\system32\icacls.exe
  icacls C:\Windows\System32\SettingsEnvironment.Desktop.dll /grant Administrators:F
  2⤵
  - Possible privilege escalation attempt
  - Modifies file permissions
  PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a19758,0x7fef6a19768,0x7fef6a19778
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1212 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:2
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:8
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:2
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2996 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3684 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3740 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1272,i,18345802465957217269,2507361663459891992,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2820
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fd87688,0x13fd87698,0x13fd876a8
    3⤵
    PID:2740

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1184

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
c644a84b556c51342b7defeb6e5ca848

SHA1
4514c52ddc3a74fbd63f700f287a53c311ce089a

SHA256
3adc4556bd1a9fc73402d37e5241c4f100a6bed6f3162bf69d5921c42fe18da4

SHA512
61275930bfc0b9c2c112df9da0bea7f49c3c1e40e7d8ed36400ef7456846019e0dd5792e773901284825b895afd4c34e8b68143eccf230f2f08d1748891ad591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
90779dc95393292596567a3dc282e0b4

SHA1
9dfddbe838a982e0ad92ccc5e9903d6bd6e2327c

SHA256
dd895631381b090852c9e70d5c23c0abc182413a82015ec3550d6c0b7f2b7f35

SHA512
b08e3e56e5e06ca577c9b0021467db82731945a0ea89375cf93bb7eb07b84dd63c228a4733d9f52439294e23ee0ed92fedcc8c2a9bc4ca003fa03405f1ce09a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8f6b41bde2d314881524b7ed9cb5a862

SHA1
7a29da52a976478963f477c8bceb7c4c14af51e0

SHA256
e89a97f0d93dd93f55453b1615feae153064cb8d2905a9a815637f31d881fe57

SHA512
b74b5672e77e217b01c5828120528ece80eabca681a193beeb0b557d3589030b7f6111851c5ec3a212e3bbc11792bfc2b1df0a0f8c7dc719a37e5352c3e87fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
357KB

MD5
95b870f1de2b5c2e14abe188795b387d

SHA1
6500b59b18d5c4268e3c47b8c407b6dfa7318a0e

SHA256
9074df1957824af11f7d887b802207580939a586cbda25310a3429f2dd4d149c

SHA512
dc8100492a28e3770ed48537dc124b49a4f1a3d1a74418fbf8d077d310099e034114c88f7317d7bc5d3a613bd5bdbbe6c3104519dda07417f975e9345e8038fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
ff170d4c4fb4d4f663be2ef28e3a433d

SHA1
d5f8b2673964aa13273a127dec8006fb8035f3e2

SHA256
b118cb3f607d2a9b01d12e4a86959cf4574b0f35e8d657f6e42e6d81b28ce70a

SHA512
79ef013ad4234aed4a23c5fc241eaaf536a931e41a22e4f578864d771487fa06dbd1a5f2d8d844445362ba1c42cfae599603021a638d11a807155204821c2aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e3cea3aa-2c5d-4aee-99df-c933336e36a5.tmp

Filesize
357KB

MD5
e76f4f3c1577e599b0347437cd5bb2b3

SHA1
e7be5ff3afb336a103a49b69c13c63b9a0860f3e

SHA256
43a9c8a07a676a3c65d6f658cc5a6add4c60d46b4098faa9bc3e3fd086ae97a3

SHA512
5657f28cd7f727b925ff4db369b36196c3d7a0c06e651394d78b41883a4b6cc280de82d0ae669c757bac886d97514a4d8b32683b6e69641ed165dd67d0622bc8

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
71d4c81c3f1c41e14b81220a9167236d

SHA1
3e6860cfff17c0d7f3d5b1ea9bfc34c31cbc4f89

SHA256
7a78f26c35bdf23432a7f40c7a49b3b48951a21c241d364c4740733925098873

SHA512
d188b828aa78be78afc152cf385affa3afe8254651bee9e1ddfa83b232d9dc609502a5a4f888731b2e0cff98e973b7ce0b0051277e84cc7c1f258da83624a4e9

Download Submit