560b03c4ba18e5a443f74a69727db0eabac6f455bb836757d620cc51615a92ea

Analysis

max time kernel
1561s
max time network
1573s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/WinShell.dll
Size

3KB
MD5

1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1

0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256

9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512

7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2908 2224 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2908	2224	WerFault.exe	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2628 chrome.exe
2628 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	process
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

rundll32.exerundll32.exechrome.exe

description	pid	process	target process
PID 2784 wrote to memory of 2224	2784	rundll32.exe	rundll32.exe
PID 2784 wrote to memory of 2224	2784	rundll32.exe	rundll32.exe
PID 2784 wrote to memory of 2224	2784	rundll32.exe	rundll32.exe
PID 2784 wrote to memory of 2224	2784	rundll32.exe	rundll32.exe
PID 2784 wrote to memory of 2224	2784	rundll32.exe	rundll32.exe
PID 2784 wrote to memory of 2224	2784	rundll32.exe	rundll32.exe
PID 2784 wrote to memory of 2224	2784	rundll32.exe	rundll32.exe
PID 2224 wrote to memory of 2908	2224	rundll32.exe	WerFault.exe
PID 2224 wrote to memory of 2908	2224	rundll32.exe	WerFault.exe
PID 2224 wrote to memory of 2908	2224	rundll32.exe	WerFault.exe
PID 2224 wrote to memory of 2908	2224	rundll32.exe	WerFault.exe
PID 2628 wrote to memory of 2668	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2668	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2668	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2888	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3060	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3060	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3060	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1660	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1660	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1660	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1660	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1660	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1660	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1660	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1660	2628	chrome.exe	chrome.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2784

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 224
3⤵
- Program crash
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6599758,0x7fef6599768,0x7fef6599778
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:2
2⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:8
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:8
2⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2184 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:1
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:1
2⤵
PID:1204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1572 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:2
2⤵
PID:268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2856 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:1
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:8
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3732 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:8
2⤵
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3752 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:8
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3684 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:1
2⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1992 --field-trial-handle=1372,i,5737701168209726785,16299513144500831641,131072 /prefetch:1
2⤵
PID:2728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77c005.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
16a9f7743f5dff7c193085d40ced9bf3

SHA1
f22ff0130838a4e9a9095e7758a2f9d5433f2299

SHA256
416d22f1d474daff6f5b52cf5d7662122826c490deff7e044c3bb7a292033b6b

SHA512
c3fb781a25fe5b4f6e21eafc5074d6c42d416295627a82198f44735e9de0fa25fcba3f0e4a3b26617df7f1faa097663b9b0d2862053f12ffc9fdffd734db443e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
313dd24be128e16f2bfb48d25448ded1

SHA1
5d5d7945062b84d98a6fbf5ff233daf3627ee217

SHA256
14d8a2346d36dae3f6b8a21db1808f242995f4fe09a3dbc166509f36839d8885

SHA512
0e7bd70a79c37d9d36edd429c2888b5cdce11b853b093c7513acc645b452712772065492eb260938be06499526e755bfaebaa8790b5b55324a21f5c618a92c70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
395d57d152f6f42b4d4b49735ed9a1c9

SHA1
46e8cec23ca080caf2c208bd53a9b8ba7a04fe07

SHA256
99df1adff7120d40f047013071c2bf320d0b6184f625258b2628397d64a01aef

SHA512
52eeea48c8a61836e83a5686d5455047edbaec3331ee0b69ee362cff3801e5e2be532ab771750280d974051a9e29fad9e449cecff576b53a6a3d19632b6ff29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
71a148a33db4f2584e357d3849fd4b6f

SHA1
177f7de81055b1cfc7d32fad38689c444baa329d

SHA256
92b084e86cd75cec51165d2aa97a12252d7534411b089394ead5d5a9d72b5077

SHA512
75488b4fea72e242c926431daf2499e4b1982da2177c569fc7ecce7d1f841e56112a8e8a8e43e284bab14fffed0311fa4a38dc2dd3f4a823c33a3800a3b53a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
230ce6cde3616bee0ecb375c1c689e83

SHA1
f02c86396a93303328876cdfa9db8c1abbce8ab7

SHA256
c6d5ee941e29f105f05f9b2eaedccb8830cae5e22cc8aa2252b8ddd6f9490599

SHA512
15530120d9348179ef2cd7b535fbf639baf6e03293332322d38063f0b499814708a8a080d43fae1df77b371cab756c355282f30101091bb3513210d57121a162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8a6d94a629729f4cbf216cc36411bb21

SHA1
12848e3eabe8fe212f2049a7215e8d91f1ea222b

SHA256
8682b68d9e221ed139a9e72d4618dff241d612abb82f0df5933aa92f18e15b61

SHA512
fe3645e8a10743754c350c81c674bdd0670e817edeec0a80c60e6d9e66c1cbfd6e3b15a8854856438347f551d677c7fb933c5eb704e60b0510695d898db31327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e88fb8a9718c35f41b85b31448bf84f9

SHA1
d520a2a5ae726ec0c86e14b23e5b4eb3d33f10c6

SHA256
1b23a5ce66f95fbb4d4e7daee3797ef255620439f6ac2b211b7d5324092ec4f5

SHA512
b463d500065cc1c6e86ff4a9dd15ffb48dfd54ad38519bd9f4f4d724afa65595ad60e0c72c6f61de6663145d1a8f15baac256c9092eaaa8fa622eac92b25304d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
265KB

MD5
5fa1630617967f8dea30f1a170e7c2c1

SHA1
d59d76bdd7978a097024313f6985123571bc04e8

SHA256
f2ec6ba0d30e0d6b4f28f741508f8fdc6adb2d607f4520567df3021eb8a12969

SHA512
59b0ede8475ba54cfb94dc285e55eb7c783141dd3eb76f1ec9507ce90a812ccc8dd191c5fa259ab8efff52d3c3164c728dbca1ba743b86b54ea768aef9fe495b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d67f7115-ac4e-4404-87a0-0899009b22f5.tmp

Filesize
265KB

MD5
8151c05dfc89948856d37a81cb4d7d5e

SHA1
36b5d9d800cf19417017b283fb393b9d1db35888

SHA256
393539c56f1281e4f418ad0f82f7ebc2b07c3f83e6530f9a0c0ddef7653de7a1

SHA512
de96d1b3eff174f5f70ba87cea592819d27bbcc46e49dcc181d9842343b35453484ec8f487350682697792af3bc6770c4563d00dd2ce9720535be097873c6479

Download Submit
\??\pipe\crashpad_2628_WPQKTITTEQKBGRWB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit