23e1ad954878879f60dc0154bd5a8b4443f2ae8c0e4a342c132fd5948c72f2cd

Analysis

max time kernel
149s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
21-05-2024 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

free menü/CLU6Ip4AKrC2.exe
Size

1.4MB
MD5

025c9c1d81a59636b571bdeb5771e88b
SHA1

1699b594612cb29084c10117dc17762ee94c2f78
SHA256

d16f4df6d0a0b0993748bd01ffd6f4ef8bdf1a57399f4310583986b9fbf0be40
SHA512

06fda7f365306f717cf328d56f4be0c8ee5f3752dc09d2d2dcaabdf225bed13e7a02478543aedb01cec47ea39d8d59a85939515066dadc37e951ec3c95c93139
SSDEEP

24576:iJgvkMzSYAM9YSlbczEpQizftQDc06WogeOfQr0W:itMzLAVStcdiTgFoR2A0W

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607940918116749"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4900 chrome.exe
4900 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4900 chrome.exe
4900 chrome.exe
4900 chrome.exe
4900 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4900 wrote to memory of 2956	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2956	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2760	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2412	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 2412	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe
PID 4900 wrote to memory of 4248	4900	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\free menü\CLU6Ip4AKrC2.exe
"C:\Users\Admin\AppData\Local\Temp\free menü\CLU6Ip4AKrC2.exe"
1⤵
PID:2604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fffe829ab58,0x7fffe829ab68,0x7fffe829ab78
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:2
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:8
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:8
2⤵
PID:4248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:1
2⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:1
2⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:1
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:8
2⤵
PID:4136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:8
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:8
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:8
2⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:8
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5032 --field-trial-handle=1848,i,1367674656160604791,1555603135654041073,131072 /prefetch:1
2⤵
PID:2996

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1276

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
d4b4b64e906e093f2bfcc2ff8b0ac6dc

SHA1
f89691deae62f90a0f51bd79a2e6acb214a8791c

SHA256
af2249a54e38c4ef086e080160ac2e35afd2f34f89b07dc71da53aa5f9a0e14b

SHA512
da19239540785517cffcf465c694986d467e07aea37333bc10efa82ddeeb052fe20ae6fe6b914acb5eaa39584285a8eb75eb248999700304a407a31e9e8ac0d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
bcc308a35ba7f09a8b9586ef7332f407

SHA1
60df7f4bbd3c5f58ac4c088fbc825f3abd54ea88

SHA256
bb7812327a838a29a6bb05fe21d80a0e3beafae0c71c8c9578d4584b3d731b57

SHA512
e8b2333f3583f19955937f91ed941e6c8f1d833cf46160cc5c9e2d0eccc5ecf112e7156415b660bf646fa20863bbb0e45a3dbb32890af32cf822e4f96292602f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
520B

MD5
8fea00cc5a50f85202f9d80a18244e1d

SHA1
31e5ef2c4d74c41ffd618d74d79c8e8161cd1565

SHA256
8d15278a604e42badac1ffc72f3bf05412916d5f31d31ede08133204307c7600

SHA512
7b61260d817d2c8b456a3826f3ec68bdb5df47cc91a040f81bf7e5719791ec282fdc106c0973e9c6f34de3509472dcbc30aa651da513316647af8c4c87a56556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
354B

MD5
7cfda43ab5ad01e0bf9fb1632d724b26

SHA1
2fba40f0186e2a26faa99022fb041bdd0799fe17

SHA256
509c4d7b99bfb96a8ff4f81ed97c5408a28682d0eb653f119ae076891a3c7b4c

SHA512
328f0ccaa942ffcb53ca4b306e5157c393f5b3c048f544dc24b024cd3b67577f69789b92004b8654527e4876504a6c31294beb7872f9ecadf1b074c446263d2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8327a7ed8a8b3991ee47388097066011

SHA1
90a313ccf7b37a9b3fe4ac5f1e007c007c76a2e9

SHA256
f0e1755d57e1fc60df5b9ad8ff84861ee38bbfe77ca8a9c183dc184f31f7a04f

SHA512
9f690b709acb96c396059a7b439281ff4ab19768f51e382746ea1fa8ece0f34d90fae5bf31b268080ceb96497950017882f1ee3466c9326d640f994984d39c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
0c1cd6c268b658e3600426cb24fe4cc4

SHA1
1deab8f179376c554205a64ae22b9c7d4f132363

SHA256
7254117bdc1f2149287f2d67dfd4424d42e7ee43148f46804f1b29e5ecd10e5f

SHA512
bd6bd9648358a46578c938ef0f8955d8d839181affa1af093b093305e8c0af96b52147ea4129626ac68c0de4a2cae79522f7ad398f74bbac1cd2e666dc526f6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
259KB

MD5
312f83a9c9209e7b448b09b05213a437

SHA1
47fcc231cb89294a0e7c98ad34f4e030cff84a55

SHA256
d873b795af74f77d5d43e3b9008232f2414a7283a656098e447e77fcd52b4664

SHA512
45de77275bae0ac650e906cad1d4c45bfb8bc52d6e204630e0f96335cdd009bf1ab8d7a626e865baf8b14aebb3a2624673a99cc17100d9d86635ac11a937cde2

Download Submit
\??\pipe\crashpad_4900_LVFNFDJCSZBCCZQX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit