876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40

Resubmissions

19-02-2025 17:13

250219-vrf5davnbt 10

19-02-2025 17:09

250219-vplbbavpgq 10

29-12-2024 13:01

241229-p9cxsaskb1 10

Analysis

max time kernel
18s
max time network
69s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-02-2025 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
Size

4.6MB
MD5

08023fb8556bafb68c70e097d05056f5
SHA1

1283282e6f90cadc4960b745f95a28ab8367ab15
SHA256

876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
SHA512

6878d8860d2de29c8d18f1e9a1fde2b5829c6d091da99f902295560586f0a96cbcd60c6762de60d60a68eef502f34303240916afb631757e48f4a8b5f83b5a1b
SSDEEP

49152:B/7FssO0KaUVzp+Z9vAaE5FKY/t764UzLUA/AOiyjrbsnnzvSn9rsPN/+9XjN5nI:x5s3tV+Zp4UzJ/TknzZWXXOY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of AdjustPrivilegeToken 21 IoCs

description	pid	Process
Token: SeDebugPrivilege	2460	taskmgr.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2724	2844	chrome.exe	32
PID 2844 wrote to memory of 2724	2844	chrome.exe	32
PID 2844 wrote to memory of 2724	2844	chrome.exe	32
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2576	2844	chrome.exe	35
PID 2844 wrote to memory of 2576	2844	chrome.exe	35
PID 2844 wrote to memory of 2576	2844	chrome.exe	35
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
1⤵
PID:2172

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb0b9758,0x7fefb0b9768,0x7fefb0b9778
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:2
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1560 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3952 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2320 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2736 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3864 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2768 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:2140

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
91e5ac2f91e43f7c98b5370812bfd78e

SHA1
bdcb33d3dafff89d6548902d2ae61010b634633b

SHA256
1c9834e1880c032c63c58d26ae5b5bf5d7b870ca2fe7662171b810af8e062a96

SHA512
4ca9f935fc6efc96cff4fafad2bf1de80bf5caf2a9decd710b49bfd567c7f646a7efb7444e052b75f38b6f7d90d1da73ed16195c312fe376d1ee7fd47d3ed8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
793f7a0cf16b8d9036f24a2ffc48d446

SHA1
290dbc704acebd932a27a0794f3b2a03d872b50c

SHA256
c0becfad7364e6b29e98e057531c00276a4eb9341d197bbb76c3fdcea2b4450f

SHA512
8f0800ac2bf9732775bf87c02044fcbe0c9d3205b1ebf08e988e39c06f1da6d76c5b1e59500d111eb4a54c5741f2b711e478e9eb12682827354f89cd024db806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
eae08b0a2a954b6c10f3f1c3f4861022

SHA1
6786363d3c436a7d12ad4f4040e6e46158ee76fc

SHA256
1f8d7713c7baec0297908b992b3ac0c7591b16013733480f788fb8b810c53efe

SHA512
058d0da91f4ec19266338463ec81c965d7e787a837f686c3a7937a28ab43b3f828d7dd93af5f13a2eec0ce74c949e8757754a644eef80667b9076b2385561a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4a4a122bb47d901598168aa15701b7c8

SHA1
d00f9644785609c5a1ed6bf517b39683c80daba5

SHA256
11566752989ffd20ae6e51a421b086d23f206a17afea9f4753a2aa0f590db87a

SHA512
82c417b39926e0723c234ce74d0a8f5735bfabbcb206602ed3c2e5ec53016866a7fb8d55ab43a544e741281bec9fc3d709a91cfd2331b8bd15686d4d5f31ee70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
355KB

MD5
d7a20a0e6020153bf1b44ac40def7bfe

SHA1
3b0c85fe2335ee520baa8cbc8646ba66f2b75370

SHA256
7633eebf1065c3f4e637129d39235d3ac06479a71454cf25d0f3c7dca4addb4d

SHA512
7cc2023f1d1be4c36db184eb4757f605f40082fb3b4ab502e282782857719489bfc8db719cf1b50677cee46eef1306b18de8979eebdf11bd6d6342dcbf40a0c3

Download Submit
memory/2460-0-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2460-1-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download