85356291703997b96f2fec21a86d86b6518fedabe97d0dccc3244fa2bf9577f8

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240419-fr
resource tags

arch:x64arch:x86image:win10v2004-20240419-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
27-04-2024 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HELLCARD_v1.0.240417.html
Size

903KB
MD5

931b5bb975a3ce02ea4671ac5038a973
SHA1

83688cb71df588f6d5134b59701c933a3f10f95f
SHA256

85356291703997b96f2fec21a86d86b6518fedabe97d0dccc3244fa2bf9577f8
SHA512

e957ef82e63a6b13d74a6628177ebd8c8b4c8ea82a317448476f1e02de6ac7dd27bf57e0436ae36d1e6825b368c10639312004e8bf641ef3d760da4c13bd23cf
SSDEEP

24576:sBpm+cbo2wBQ+tqSxV8ThyFIpW0Rm+cbvc:K2wBDtqSxV8ThyFWW0wc

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\INF\display.PNF chrome.exe

description	ioc	process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587308530998993"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4380 chrome.exe
4380 chrome.exe
3952 chrome.exe
3952 chrome.exe
3952 chrome.exe
3952 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4380 chrome.exe
4380 chrome.exe
4380 chrome.exe
4380 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4380 wrote to memory of 1212	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 1212	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 2040	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 1360	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 1360	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe
PID 4380 wrote to memory of 4836	4380	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\HELLCARD_v1.0.240417.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc4767cc40,0x7ffc4767cc4c,0x7ffc4767cc58
2⤵
PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,8265427963903113829,7110633054720140105,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1900 /prefetch:2
2⤵
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,8265427963903113829,7110633054720140105,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2160 /prefetch:3
2⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,8265427963903113829,7110633054720140105,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2432 /prefetch:8
2⤵
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,8265427963903113829,7110633054720140105,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3132 /prefetch:1
2⤵
PID:780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,8265427963903113829,7110633054720140105,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4792,i,8265427963903113829,7110633054720140105,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4480 /prefetch:1
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5024,i,8265427963903113829,7110633054720140105,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5036 /prefetch:8
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4664,i,8265427963903113829,7110633054720140105,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5056 /prefetch:1
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3836,i,8265427963903113829,7110633054720140105,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4516 /prefetch:8
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:3952

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2244

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
80a444da78ce691aa367379fa252c7c0

SHA1
e717b23009978a9ce06dc27e4376276562c4e57d

SHA256
80f47c5c05eddd4390d9463b65f5371a340fef4b812ebca01abefab10bf3bdd4

SHA512
457b54576e00357f0e3d94ee936f57b1c01d1d5eb0d0285f991c2c98f36d18a58603b2f80202303eab4afdf54d210bbb3d653f262e3c25296687e6b6c0e47074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
b042c8ad85d1b8e98a483870997f9a6f

SHA1
987253cfe15689917d1ddbc5cfbc68c8ea9c9966

SHA256
b1aa256643b21bec96554feb13be81af47bba79292194b183a7770056640d65e

SHA512
80525b1467d6c30a822998c86f6452c08331636f7b97af7eb32e784d85f6967983c7fb68e8445cb194b42be0cdad8a2a3d83b64a599a1c94930f947a6ac59589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
7fd1fd327e06677596ff64cf577d17ae

SHA1
ef7d7506c88f049f3002eee852517e2c5254fbb4

SHA256
e96b8fd88dc914bfbc8738da5c9b48a19287a9a4b71db23292f85eb58b2fdbee

SHA512
18b16c015a3bd13aaff5961ac195fd2d3eeaa1a282c9aaa0f5299ebf8e990dccdf07454c166f46b8f0b8c7e461cd3c146ec1da38f453b35c5860f91744950933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f150c6cad9fc73f3305a9dc05213afd9

SHA1
cf3748e2b2b5357c5854846e2df86d3d8b40d0ae

SHA256
b279f7dd631afa4489939df2932fae671a8a3e0a3642f8ef0022e5c815bdd4b2

SHA512
e2ba51a594c21c1e8910ef50345d3d8aa9e4a5f8c2aaa82c5ca2ab2bc2582c577a8fe13c8cbe400722ff0cbe91f48ad1ae9c281ba0da8822c1e42b6eb92d94fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f454a90499778588e963ecb1356e4520

SHA1
f947e0bcd61b07d928fc333e57f208800e9c2a2e

SHA256
a7223ca53576c12f853a1ae9d52374ed87dbc67101c3215f7b12973d217e39e8

SHA512
895b4102f9e1530195adc8ea203325eaaeeccb0c9fbfa78eb3fde27a09a50c116fb7c9d3c98c5edcbfde74d3ea212c90d96ca097415a088481d19bbe11f3c85e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
b9942e754349060d22a4eb4fa83a35e3

SHA1
cea798689fe659dcb644120e137bb8b13ed3b2aa

SHA256
d0bfe3aecfb153b01cc9400418f6d34ddf838c5cc91612fa97500432a2b54727

SHA512
da546210e6f9201b4595dc8dc674d6cf8d8f578b2889de5fb01f04edf4fe5e07b12ecdd7c1ede7323d8d730d62455a83e3f2bc4f65f49e936bafb55e6c2d8c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f862802328baadc86269ef6872d9d413

SHA1
3374f25599c7846248ba6d3e441abe03f364b838

SHA256
785af8590e73f96b259951365b9008be654f7f44c009b74c0d91a9ebcbc5d188

SHA512
8ec36cce5302a9aa6b7f8093c7303d1e57685dfe014fd790ce94216891255bf18448a39be13e4f7ab13091da4f2a4303f2eb4b5cbe040bb421c442add757f203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
51a434a1ce799f0fa8d244a8bff4d14c

SHA1
4df7da7ed7a1e48019835e686155b04c5c3dd3c6

SHA256
a4bb3bd64041f5493f7458e3583018d626d22d9dce148e585cfd6b7dca5b97b7

SHA512
17b0a37ff4f2d29652d0e223f00fc8b3e178f198fb724ae58e96b3fbf901bdf96aff2479fe68c137d9aef15a32d80f8a1e12fc8e2cea13be85db52eb8c7970a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
4baceb81ffec55c788fbad720e46dd47

SHA1
a1ffc968a9adfbcd0e3881a3df5665cc92c6e9c2

SHA256
74a045c73673874a871eb998440f7ee6b2c0ed4ae17246320a2d78a94094a27f

SHA512
7eff987c298c4750e5b72bb01ebcbbb75b5a0ef84584c94e8455f69183ec5f719ea25db55b15a7893e626a268e2e44d691fec7927a15437edb4b05f5259dc380

Download Submit
\??\pipe\crashpad_4380_ZZKLGHRKEAVKJSRC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit