cc5cdee465521f923013901ef925190dfd166d1494bdc85c95e763c7f3603f57

Analysis

max time kernel
47s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
04-12-2024 03:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dControl/Defender_Settings.vbs
Size

313B
MD5

b0bf0a477bcca312021177572311e666
SHA1

ea77332d7779938ae8e92ad35d6dea4f4be37a92
SHA256

af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9
SHA512

09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
768	chrome.exe
768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 576 wrote to memory of 2544	576	WScript.exe	31
PID 576 wrote to memory of 2544	576	WScript.exe	31
PID 576 wrote to memory of 2544	576	WScript.exe	31
PID 768 wrote to memory of 2588	768	chrome.exe	33
PID 768 wrote to memory of 2588	768	chrome.exe	33
PID 768 wrote to memory of 2588	768	chrome.exe	33
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2664	768	chrome.exe	35
PID 768 wrote to memory of 2684	768	chrome.exe	36
PID 768 wrote to memory of 2684	768	chrome.exe	36
PID 768 wrote to memory of 2684	768	chrome.exe	36
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37
PID 768 wrote to memory of 2816	768	chrome.exe	37

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\dControl\Defender_Settings.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:576
- C:\Program Files\Windows Defender\MSASCui.exe
  "C:\Program Files\Windows Defender\MSASCui.exe"
  2⤵
  PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7019758,0x7fef7019768,0x7fef7019778
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:2
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2152 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=984 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2612 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:872
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fcb7688,0x13fcb7698,0x13fcb76a8
    3⤵
    PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3744 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=1332,i,2879610016660464066,7344873775360175138,131072 /prefetch:8
  2⤵
  PID:3036

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20241204031013.pma

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\60f1f9d0-a21e-4270-99dc-8baf44b459bd.tmp

Filesize
358KB

MD5
43f1c43290b5515e6b5d2b2832c8b17f

SHA1
1748f2a68e863fa339afadefb343c9f8448a4c53

SHA256
569949a8c334b828331b65a5cd982f4fb487433283e86bd50fd2c66ae0080009

SHA512
7c898382fcbe2c3752f5f1f7bb3f8e29b36efad0f13161a07c109a01a9dfa5cb448e4785b63c4c67c62f973cf0bb51a35e1cfe62d0f5373b4f620cf9703aa2a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\72e58c48-fc2f-4b8b-9b7c-c0dd08ffad1f.tmp

Filesize
421KB

MD5
832cdbee7d837d91a88a052c5e7a6a81

SHA1
672707765cc794d8db7dba718a0a76901ceffe35

SHA256
b3c7928816017af0dc54c9b9eb2e96439adb1857462385a0b1e5002c338875b9

SHA512
fea7ad51377b34e3e73fbe94aa77474718cc1e8e486acba95cd4691ea8371026160a0884cccb41db16e80890470f258753f079be81b25b9b2e2862f523b42505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9c85278e8dff9fe7f422cebdd916f7e0

SHA1
99dbba70920c7a2c5d19769c6f9e891bc4f2428d

SHA256
2921887710c8dfee5c889d2fda6232b321fb2d29d9c97d9526a1c6e4a96b65f1

SHA512
c74ac4a531d7d7ca75ebe73870a70306027606d789f25f08112333500f79afbb81256be2029fd85dbfbdaad492968892ca4268929bb41819a6ad82fee86c2a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
adf4d3b67931c15afc114dae20a528ba

SHA1
b785f6f3a2ec15ad9ea3f103cbb46f7d37f2acf7

SHA256
96ccac2c0cf9d4ce621074aba592e8443f8e20ef254c17ca00aa47389646a23e

SHA512
a509c8a29a870668bf0d23bd692657b524fe50542e354e8d773921699e80cbd3ec84ac76bc3c43858f43c3b698508f2629b143661502381f77388769d4abf23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8ba58fb6943131b659fd9f5956fd0217

SHA1
d91339e0b049cdd9dd0906f07cb48430d76d456c

SHA256
2ed92528db8ef53a566da85c142299d88dc0ab3eaff7106c52d4a99ed5321ab0

SHA512
93f54d307bb6d76965f56fc161eb344e7b04b920264d7ab76497176879aab8c2c7890290b3f5a5827020aee1e376b33f304af7e7a58b7adbf40788e3ab6f4db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
1d7e1611babb4206575dea6a94d3fc60

SHA1
b5daba0d77a78790fea7bcd6fdcf401f7f5a82d6

SHA256
18534739a6f4b687496334e21613eea4f3d92fd3ca7da90df3b8810b775aa243

SHA512
ccfd7d55fd2e9cc680f0c0983a8bd17fbfceae99ee564c6d9a37e9ffecb7e0b4ea3339d607096f4704ca260e82bedad13893e931079bd07bbccead666d70c903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
413KB

MD5
9a7c51f06e6aa07428c6a6edb240ec6d

SHA1
00ccbb534a5996eb74acda7c2623dd6e374be246

SHA256
d841ecc5a4362cbc89467d36f5659e82dc088c9eacfe8a54076a671546b91378

SHA512
465f3d5f408b55a10775a5941d3a27801880cba98cc061c0a1dcf4280c7e8448677e5199e89c45100c4c00b8d1c1228496d6fe8ce1011793b330c6ad517609ce

Download Submit
memory/2544-0-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download