hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware

Resubmissions

09-05-2024 20:23

240509-y58y4afh39 1

03-05-2024 11:30

240503-nl9feafd78 10

03-05-2024 11:28

240503-nlhbxsfd55 4

03-05-2024 11:25

240503-nh81gadc71 10

Analysis

max time kernel
1860s
max time network
1806s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597598283014566"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1292 chrome.exe
1292 chrome.exe
1292 chrome.exe
1292 chrome.exe
3228 chrome.exe
3228 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1292 chrome.exe
1292 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1292 wrote to memory of 1404	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 1404	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 432	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4496	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4496	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe
PID 1292 wrote to memory of 4316	1292	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff8ace8ab58,0x7ff8ace8ab68,0x7ff8ace8ab78
2⤵
PID:1404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:2
2⤵
PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:8
2⤵
PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2076 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:8
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:1
2⤵
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:1
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:8
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:8
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:8
2⤵
PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:8
2⤵
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:8
2⤵
PID:568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1916,i,8274792109594013387,528419104649555102,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3228

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
1a692365954975a46cddb7f2eb8216bf

SHA1
7f203182796f92f5c2b35b6a0ed179aba2cc9027

SHA256
cab9334459cb8a083b83374c6b15fc8ab0321f6e52d8072a452caa7fb2f0aa94

SHA512
a8fae406538ab0fae65001316c6fc1ebc243ed22b5df7314ce752a02e89bab9c1c215b6e3fbc684948e3717d744fd1ee27631ec659cdf79d518d7eb1a5b2f2f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
8c41c0fd4dbafebcc852f12c2153013a

SHA1
dd0bc3dfefe8b1ab9142cf6e2dc7f316c0c9bfdb

SHA256
a58a1047606507a7815de0d9454f44c5ff577fe5a553ea841e59035cd3539d4f

SHA512
cce98692a025083f57c90e9801c2c6a8b31a2861914cbc14cd1749fad3186435f44b399fb0d877d44f40c3cc54d386b3aff5a0d2d1eb730b4fe40911a610c608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
5cccebdebe8fdbdd08a4c9079f45e3c4

SHA1
1c1f83da27b7e4add124a8aaf219d9847bb140d7

SHA256
f564c8bee7186ea2ce89de0ae786749905bb659a76d44e5d4b6e3bce356bd927

SHA512
aa74c8304c3dcd10cf5b25e9e3b61118351054f63fba197ba188caa4d5498335c3e5697736c6105b67bafa1189d488f587ab970e5b9642211525a02b35bb360d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fccc460f3b15684804f6702f7ef0b6e7

SHA1
e432da1c0e182a1f65055eaecc7adf663e345364

SHA256
43558a1dc6be52ed929b2df90370790033c4af4551cd45cc02ddbb23641aaa76

SHA512
e5c65349b0930db6b2bb67c218d881660681435eef1926476ed6098b83da5777706e75d5940ebd4e758654f81c1398bc50a42b5f79ba33538fb0a3f00c9adb4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
8c02277cf8538087440e250eaa6c2e2a

SHA1
05c074a2f6e02bf90cff9164f40361bfc773b1d2

SHA256
7a4e08bb19e05c5b90034b985dc54a9409129caa74fa2e6d8bbd608df3f9e7b1

SHA512
c496e95e55f99b50f72f1a466161db3ece7bdd2e4e51b282caeaffaad6d78b0fe0d430901dc4bd08e9d6ee89eb2f19bdf9227eee3ed8af0cf2da0ef709c35d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
d65c38cdc50311dce3a3175104de388a

SHA1
9c5e76f933371c80026ace1cfec2cbc67da8435a

SHA256
2072a6a9ac1d85d7abb772497f8ef4bfcf5e22ac5af2073b1a192eef150ca40a

SHA512
3347c9319e95254028d3bf73994a5964bc2619b52c24ff8250a1b04cb3310461ee3f2edf0aac98cfdffc6e5846010e59502ff05bec9a242f62c6f13940173793

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
5249ed4d8c00b7a910f6c0a77a40cae7

SHA1
50173c5418951bb2535bc22de9bf45acb8b6fa98

SHA256
ce82da2303670e666140bfedd4b4a30ea12c19dac76e2914c298f3774e1985b8

SHA512
e39cf6a97703f9454fad8469f903da1e464772da743c0985dbe53513360889b8a7390a4b29160e0051c18cf92ac4211e6d2731333d3583465db72aa7827cfb19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
ae717c54d71c95f093026b4d0dcbdb8c

SHA1
9a1136978e0b416c12bc062603ecdb219e4310ca

SHA256
c1da5e9c22f1f1912f9697183c52d924d6dc14d33b1402eea2471992f7b75236

SHA512
d0a1a9d0a20abeb8b4cd9df31f6a50b9a1d7a86ae93a9fd6902363b31ee8a1106390b6d0b5f2a50ee6a8e55a3a95f8c060429350b2d89131f22efd800e8748fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
90KB

MD5
ced02618bfd15a022e5ae55e7a040d54

SHA1
084ffe3944f0aba0885cc706da40082195b4faf3

SHA256
53e90350107abfbdc03e6d3355c0225f31f23b9e101cdaff498a84a19436abb5

SHA512
babd5ff656b868b35f4fcd7e03afd16c6bd6d746189bd49dd0db76065b65d650df937eea1b803b2b2c8a6ae0feba7f032160cdd69f84260300d2218720b1b45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e2de.TMP
Filesize
87KB

MD5
3155c017599455834cb303fc5b568109

SHA1
3bedd9ee42e57981b72a7fbb52f2d209eeb921aa

SHA256
9c7f7ee02d355b45578d70be93b902ef5df6b229018d02a27eb1da9334c9783b

SHA512
e761f7067dcecaa874d85bb418c8662ae03d85b7ceb2ef192a42674065cf69b22e6ffaade3df96411f32d773b9c173eadd4c9b9c0d2f0701c9b9184f56df1a50

Download Submit
\??\pipe\crashpad_1292_GCUJNBFOGZQVVGXG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit