hxxp://ftp[.]halifax[.]rwth-aachen[.]de

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ftp.halifax.rwth-aachen.de

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607927513653051"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3180 chrome.exe
3180 chrome.exe
3180 chrome.exe
3180 chrome.exe
516 chrome.exe
516 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3180 chrome.exe
3180 chrome.exe
3180 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe
Token: SeShutdownPrivilege	3180	chrome.exe
Token: SeCreatePagefilePrivilege	3180	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe
3180	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3180 wrote to memory of 3652	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 3652	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4928	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4220	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 4220	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe
PID 3180 wrote to memory of 5004	3180	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ftp.halifax.rwth-aachen.de
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff84231ab58,0x7ff84231ab68,0x7ff84231ab78
2⤵
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:2
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:8
2⤵
PID:4220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:8
2⤵
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:1
2⤵
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:1
2⤵
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:8
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:8
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4104 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:1
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:8
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:8
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:8
2⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:8
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1900,i,5765015560359954828,4252303930038011745,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:516

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0d9193bdc1f79ba25b6a0a5cc21020f1

SHA1
dbca22824de8e75fb031282e421221fb6e63b577

SHA256
77c5ab996fb016d729f529cf50128b287aa6c7d011fdf62ec9b15d6a94c89ecd

SHA512
8726cbabbf7a8d6fceb2404be0042f9e455758d3f6ed10015894e2c10131de7df8f4b5be19b3a157f50c1bf3b785b0889e191206a7f82aaa27a5f664de841258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
98ecd828037478e5099fb7a57b8feea4

SHA1
8c08cbec6cfe718893f31e6239b024b8d96f2736

SHA256
bf72db1a8293bb7514dab6fe2b31f85dbd58736a9db8f6a8138dc14e788747d0

SHA512
87a4397f7738e86a00755cc547eded0021a3f54e2e26490538a5c341b110cc8eac3e2a3f25b6bcd63d8f4d9a087b77c035cfc703ed61dac17c367edaf363d603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
ac0baea237cb55779293df4012eb1777

SHA1
434c1e0bcddc316b0532a2fefea78e3558c360b8

SHA256
cf19420942b96047760a5aa815f0dcbd6a8440b24e965a4b63c75affe713a1be

SHA512
e6a4da58f88d2f0a915732aa80684abd978eaff3d09db1ac17de7fe402be1b03689387863c1a669fae65cae4c1e8501f1a89c3c43cb18ae4d89b20927416c529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b0ceb2d4835b5cc03115ecd3c018b674

SHA1
97d4ed4bb3b96a316354d2845a997c209ed87303

SHA256
b2e1deef3b34d89f98ef6a7e4c1ae52c7012aa249c06838df9048cfeaeb5a134

SHA512
7e0a78c705fc9b5ce573d0398b9e0c446596db079898e6b974723402a72b98cdde16510d55ed2638d663f2af6ea2b4cb5bf3d833ca5c285e5d6a219361f3d959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
16ea2367a8ebd7c5e31d4a44650bc4dc

SHA1
6c52238e274b758f6bd395acacb4ce59a9515937

SHA256
3f6230bf8b152f5b4c47a143dbffc71be10b7260365e1fbaaeba40fd4ec6539c

SHA512
d5b5ef76d0dac78722a70b8f31b2843947027f7071e8ecca96ca302373d4d7619cfd36712c5b69139b6aa4568cd4eb08d2bedee35330467980337bf33e505bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
f5a2da651c14c62857e1cc62de084d94

SHA1
b0bfb1b31fbaf52e3446180b58229c14bc7a1fcd

SHA256
03d6482b6c9935b9547424ff3418f6c084d4e4051eb2ccad8b722453679a51c7

SHA512
a43075c5966b7d846270a847a8bd124292b7486e286042a8af40fb2fe6c645ff649d259ff930ff9bf30f17350b9adb46f8818ddcfb4b9a447fd1722a4d885680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
5e5572c957e73a9baaf327ac7d7eb3f8

SHA1
7d04beb0413423a089b15ad144d5d3976120d147

SHA256
71fec4d2b0be428c088288711a6b4b8114642c9437534790bbb6ca2eccdd0f71

SHA512
edcb5a570b47df0925d3575ecf731174ec22eac0fe49a4af8a4165361c4dc3c0f108cc13677b088c771e2c4e62c5555c5162c30485722c59435626011af95b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
f55de300bb2733f30e0ef53ac7b0afaa

SHA1
97e171f42636a0b40e4d9df8986329c3be5c658d

SHA256
a79f92b67fc3a75253c4165c9cdcbcb1a4a944dd626b15ade1265f62558127cd

SHA512
064959005c10f48610ce50b0b0e3915e9c10c09f6e4e713013f71c125d0c7df5a9d68f3ac7feead1d32f7691f56cb94fbd837286e1e835a25c4e7bb64bb69583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
40fa3a02bfec7be3a063a3ea4b626502

SHA1
350165e390124c08b556b967e78689234f4bf2a2

SHA256
7648d56d2fd390d5c06a446049278b823c66330d47e0711ab4ed36f53c2f2894

SHA512
7ac28b1bb7885ed609653af6bfd8c894ff844958ac6fbe612a8f39a39d1e01a8e8ef6416cfe9448a785189fcfdcacd0fdb2e553bc03f24c0b2be78cc8b9a89a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
545d5221050d7d3a777aaabde6099bca

SHA1
a3df214f8813c235e0ba9642dcdd1f971dad6782

SHA256
24efca9ef037e8721de599b8c6f8e04640ce4c4792c15ab07a5e28b5c0c2da92

SHA512
e9916a58fbbe03457f83263d1576d0ef6b4d8dd8844596496f2f1e71d1070a87290dfe9c12507ae23c84d49dd4172885b26b9759f367caf7dfda5c4c3a37b7c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57db5c.TMP

Filesize
88KB

MD5
397327d8185a11922743ee02d446e163

SHA1
2b29a6f596574e946c6b20a09beb03e841533d0e

SHA256
31bafae5171d06419fc33ced7310265fb5410bb07b63a526842bde2daa6435c7

SHA512
4322a826c5861f472a5db940a3fd76a27baaa863f4f591a962f64692402b377ee0471048716d725a20739a51371ea2fee6ecfbeeaaa56c5886577dc7bb86beef

Download Submit
\??\pipe\crashpad_3180_KTJJPLHMNEZLRQYN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit