876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40

Resubmissions

19/02/2025, 17:13

250219-vrf5davnbt 10

19/02/2025, 17:09

250219-vplbbavpgq 10

29/12/2024, 13:01

241229-p9cxsaskb1 10

Analysis

max time kernel
65s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2025, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
Size

4.6MB
MD5

08023fb8556bafb68c70e097d05056f5
SHA1

1283282e6f90cadc4960b745f95a28ab8367ab15
SHA256

876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
SHA512

6878d8860d2de29c8d18f1e9a1fde2b5829c6d091da99f902295560586f0a96cbcd60c6762de60d60a68eef502f34303240916afb631757e48f4a8b5f83b5a1b
SSDEEP

49152:B/7FssO0KaUVzp+Z9vAaE5FKY/t764UzLUA/AOiyjrbsnnzvSn9rsPN/+9XjN5nI:x5s3tV+Zp4UzJ/TknzZWXXOY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133844586343591697"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 3528	3968	chrome.exe	94
PID 3968 wrote to memory of 3528	3968	chrome.exe	94
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 2692	3968	chrome.exe	95
PID 3968 wrote to memory of 4076	3968	chrome.exe	96
PID 3968 wrote to memory of 4076	3968	chrome.exe	96
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97
PID 3968 wrote to memory of 3440	3968	chrome.exe	97

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
1⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff30e0cc40,0x7fff30e0cc4c,0x7fff30e0cc58
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2200,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3768,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4968,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5192,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4912,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3216,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4076,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,16384382190550614959,9240799898798698443,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:2684

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
84791e310acc019bf4d43e3d801f5f00

SHA1
1ab54ba347d9d750c246cb6c5403842ecff53248

SHA256
ead9c44e9645266652a3454224b90f9febd259348da96ddc3371d0c3f73451dd

SHA512
327166c9b272bff6f67351a55b0a5b151864d35637591f14f9117c2a9adfdeef6d8759b1cd158314e25547294d6d6db49aae726c5d8dd37b6ecf3983d8d74488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fc66d69d8f6e47c44f86d2f87a83bb35

SHA1
caf87c8f206c4a93fbeb6c611f16dd01b6019d15

SHA256
4bd7b05a852477af854a28e6992622c354dd5701b6bf9c3bc86831876263b1db

SHA512
649649312af808d4f33ad804ced6e87ef5c73ab222a036a2caf87db2f925ca5485c0eb961cf297f0b3a946e95be6e0069daf62bd9e0adcb8d248db3761aa6b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8ff6d086ec31bacb483f907e9c222a44

SHA1
bdbeb4a931189cd15a3244686c75b9407a055446

SHA256
2dd431107d427fb7849c666fe03891dca78ec6c1d6dbf3790b131bde2bccf8e7

SHA512
bdfd9a53b10972985ab538614046d475d39329954a5d77d655e4d4851a1c5ff5fad9c9ea50f43089349965f066bdf974dbafe06dcaf460408185d50d8c76ad6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e481bcf2007929b0f61dd281a2905b0

SHA1
f89608d6d1838d7154b5a696345ee81d218eceb5

SHA256
6eb694e2234173ee3328fca9721d3849de7a9a57f708f31eb9aaed5b3e594522

SHA512
67b46ccd0e7374b68717d93ed8f5654480e69b2e45e37d2d4626bfd686bbd5021e178def82b34bf1801a44a951dc03425d8a1662d5bc8baa39f99d7859e4f156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
31365a0c1d9e90a25e1b90d1fcbe4ccd

SHA1
35d6249e375c8a6f9495452a32897037632a53ef

SHA256
bc59cfa154374f5926a96feb5e464e284a361281250098172063af1e9eef3fb3

SHA512
24e6cfb6f63da1cf4f93f283b0a429f1b67999c2b04e5d680c206253ba280e3e534537cf58f7a0526b1d7a27601f11eab3b78b885153e245397c89a393e5ac40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
d6f4cafa1e0471c37c4528a6f1291d05

SHA1
d6efb8e98d0a225b443dac58f0bc207bf3aafe92

SHA256
59948989bf09b521d99824f502fc527c5d01e5b99a0bcdaeb09b528391e1668b

SHA512
ecda915651ae8b0f31eaefe773c8256e571d0f138057c3a5e7132ac12e0d45f283fff54f8b59dac0873c95d52bc1d7f860dd7fa50cc666e40e17364a67f9f954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
a015f786b7a6d49c7f27482d9a2d7f5f

SHA1
ad7fcd6e338d34ac3abc430c4d898bb1cc285d66

SHA256
b3aa801e6307c059b9f7937d71e34e58516e1cdb6b7ce95ecf19be97cc25a1eb

SHA512
f6c868d6866bea2de8b73cec28033648a2ec823be6d4a5425b7cc3a744d4b5cc9d12d996ba5e8e2f76d5d6a2fe171b8e7e1866122427b1cdb6909f9333a10a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
4e1f552b4e38df0231ca3da8b98adce4

SHA1
de391304a6369a90d8c78981aeced9d55399747d

SHA256
35701e1b478797a9747592fe3037e65b65e2e07d73781a0cce76212172fc24b8

SHA512
0668269086c45f6d7b7fab0b852be67778ef6425332bb1a6f849ba259711ffe82234b3bd05f707ab72ac21a4fce6f6d9445dc2366cf2bf1ce09f173159b6c215

Download Submit