hxxps://csgo-dallas[.]com/discord/freenltro

Analysis

max time kernel
600s
max time network
588s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://csgo-dallas.com/discord/freenltro

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585069739311962"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1152 chrome.exe
1152 chrome.exe
3776 chrome.exe
3776 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1152 chrome.exe
1152 chrome.exe
1152 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1152 wrote to memory of 2432	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 2432	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4832	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3020	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3020	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 3128	1152	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://csgo-dallas.com/discord/freenltro
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5a9eab58,0x7ffb5a9eab68,0x7ffb5a9eab78
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1896,i,1651866207558720087,9533118148297750369,131072 /prefetch:2
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1896,i,1651866207558720087,9533118148297750369,131072 /prefetch:8
2⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1896,i,1651866207558720087,9533118148297750369,131072 /prefetch:8
2⤵
PID:3128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1896,i,1651866207558720087,9533118148297750369,131072 /prefetch:1
2⤵
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1896,i,1651866207558720087,9533118148297750369,131072 /prefetch:1
2⤵
PID:3788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1896,i,1651866207558720087,9533118148297750369,131072 /prefetch:8
2⤵
PID:3792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1896,i,1651866207558720087,9533118148297750369,131072 /prefetch:8
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1896,i,1651866207558720087,9533118148297750369,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4672 --field-trial-handle=1896,i,1651866207558720087,9533118148297750369,131072 /prefetch:1
2⤵
PID:3836

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2212

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
74e3630fe84b86fe8637207119583bff

SHA1
f94b1b5fe6053efb7745a5ff974f99a3892b605b

SHA256
52ad55ee58fdfb12b14693ed76d6487043a9411bf02d7617f827bd5e0b65891b

SHA512
cc17a94bf00cc8cfb3a35e171ac4038261f190db658ec4143d2f5011030208ae56789dc89bc1843f158cbbd69d51e567f68660532daaa443b569ca62661ffee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
1c0c0907122b488b17cc7935a41c80e0

SHA1
4e592607562c934df05983fd95e31d423cb5718c

SHA256
9923c283d43992a162a0fcb54eb46bd44bd4bb9be9a11870e9f92b6d6d5579f9

SHA512
3592ddf72e34e8ce27cb5f7c8fb1e558d9a00f04beeb8e41a183d5019977dcebb609d55c6377b5a110feea2e9ac56661a287e3b9ef6636e3af8b5e43b6816c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
0e801b31a431a0846e45f796c904ea02

SHA1
43d2290b5c3e9882fa2f9c5d3d449cd4da23d74e

SHA256
51a6de133536fa41076ba5672ad5c8b13df079a036d9445b3c58e7ddeec998ee

SHA512
01a63a7bd291da92c882d00e847deed151dbbe581134d4850ef5dc79c585527b61e87975387d749da2dfcb406243618ccca4a25a37198a551aa1b503acafe0f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
6637240127cdf362363ead7538992784

SHA1
fdc0e622d5274540ee7684293a99de627eca4473

SHA256
f4464c7f1e88377867228d19354ffcfd22712726fadf13bdd01e7f57ab5ba8c8

SHA512
cce6bd46a34d84a476a0a59faa9d1960766b5ce007ba6a30f0c3afe1e1b15e7da61377069e958fe18f8b53ce370d84c095428f22c954037c8a740a333c797d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
e164ddf4b4fec9059ecbfafe468eb786

SHA1
c982b84296e8d08b5bd0e64e46442f4ea200307b

SHA256
4a4392a53d827359c3bdd1616c7ebc1cb05cc3018f30b619b263d718b0c5eab1

SHA512
19f265413cb51c9bc353d79d6a752c17528625d3cbc6258f4fe5f196056eb2d0508a906d1481188a8669b15ebdfd5b7f589dd73b580083b7754ff930cc7ecd3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
5a7923969a51d4604c76ae8eadcbb81b

SHA1
40f396d4139076f8272a5b65de08a8d61f5df68a

SHA256
8d8c56a888be55b4205c9d47d7bb219282047eb2bc64dbf5c6e3da726556fca0

SHA512
60aa8ea904e52f035075e610434961e5d752c3c57d6a815ca919750ccb6fbb5c6f93af31f10289e6838d0cf72d0736a61a3cf4cf92ab1883aa510e07fdca767a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
86a6f20e13d83b13f2c28c5f1398bb25

SHA1
84ff71ff61bd5241c9c6ede6ef2a6107ef8618b3

SHA256
7c0bfe7dda497dd14e829c52921fbe1a76af5f8ec948cc5a07fac7fa87728799

SHA512
b696e670c8622bec949809c8c6715f9448b8871307d67739e67fe867c9054c5ff021fd3d424863de93375138328cafdcc8dcc9061b4841bf7ced6a2c74a3fa78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5bac32bfde2f297d8bc4e69498a67184

SHA1
544421a04826c605a8b50243f34eeb7cd32f539c

SHA256
76effec34d05ceb4d01656966bc12235cb6bb4f4ed37508062287b76f579ddcf

SHA512
77b02adc897c45818dee6c6dba17a01d30f424f51e870a8f346e4628e416425a0eb0fbda26d08a90d0fccd913e4a3b9ab6fae5f7b27ab4e31dcd40a45c91d934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d4ab47b2a9b979f737ee5369cb2f4296

SHA1
89735b8d134fa6061d6f2f147b6525619015cb0c

SHA256
6e795557113aa2587aa13ed693ca96ab35cfbb64d709539cf76c14a63b5d4aa6

SHA512
d362c0815e5c5f38e8d5b171b663e105c20580ffa2a9a00c6f4635d88cd3eb852a79fa3f545878e934de40b3db281d0e16e4092f560fa52c823b0adcab01c8ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
30db13a90fe9d41c9f5bae8ae69c23a7

SHA1
ef3b84acb0d812269971e55a193aa0d925e29897

SHA256
9b27d2ec17c181e1fe6f38eeb36da0b6d47928cfb17652520c5f680fb1df64b7

SHA512
b9b87383d348c2d55c3179da3c8c63baa77391a5dda547facf55187e1fa6f5633eedaf58d8049f08fb56556b364c3ec3045e35271f21940f9068e53c8fef9e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
dedbf4c696380d2f61d9a38d1270abcb

SHA1
4bead56ce7428318310cba6bafa0c16466a05787

SHA256
ca7396b35e9fda96771e6b8fc331ca8fdf5221de3378857c389e2803d8a560c4

SHA512
2dc468454e89b6619be207db581c2ec1130221ff040cb965562ddcb945a1b9e65e77d531726464cf12c684726e18ed58f65cd380253897d538aa692ca064d2bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
1be450652ea59a8948861b8631dfdb61

SHA1
cbaada6fa7c0bc0d931730a752e151333c0be05f

SHA256
a71f4e7ffb61c0535ec3b1cf17a17ddd90536ef2aced0c5091125515e7cbdb99

SHA512
3e6730c8ed5eba9ded7bd61ab3a5c9005d14f5803f3cdf75c5c0b9f1188b6f2482fd23dd80f4591882a254c81ca0e17e203cf4d0986fefb5a6f49d54d11f59ee

Download Submit
\??\pipe\crashpad_1152_HOTHMXLJVFYOKFET
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit