hxxps://www[.]curseforge[.]com/minecraft/mc-mods/the-hordes/download/5263673

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.curseforge.com/minecraft/mc-mods/the-hordes/download/5263673

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608216548398670"	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\The-Hordes-1.19.2-1.5.2.jar:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3840 chrome.exe
3840 chrome.exe
1816 chrome.exe
1816 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3840 chrome.exe
3840 chrome.exe
3840 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\The-Hordes-1.19.2-1.5.2.jar:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3840 wrote to memory of 4340	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4340	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4888	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 1720	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 1720	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe
PID 3840 wrote to memory of 4608	3840	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.curseforge.com/minecraft/mc-mods/the-hordes/download/5263673
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffae000ab58,0x7ffae000ab68,0x7ffae000ab78
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1744,i,17168411058155212498,16582172961530265900,131072 /prefetch:2
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1744,i,17168411058155212498,16582172961530265900,131072 /prefetch:8
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2116 --field-trial-handle=1744,i,17168411058155212498,16582172961530265900,131072 /prefetch:8
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1744,i,17168411058155212498,16582172961530265900,131072 /prefetch:1
2⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1744,i,17168411058155212498,16582172961530265900,131072 /prefetch:1
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1744,i,17168411058155212498,16582172961530265900,131072 /prefetch:1
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=1744,i,17168411058155212498,16582172961530265900,131072 /prefetch:8
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1744,i,17168411058155212498,16582172961530265900,131072 /prefetch:8
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1744,i,17168411058155212498,16582172961530265900,131072 /prefetch:8
2⤵
- NTFS ADS
PID:1312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1744,i,17168411058155212498,16582172961530265900,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1816

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
574KB

MD5
183d8df84e8ef868eb2d79b3d7174868

SHA1
7a97d2c4df7a3089aa7e187c4a581eb2e23362e3

SHA256
c90e7426bcb7e3f8e6ae95fb1a5503b52b5b0d93e657e21861b552e14235ad25

SHA512
bdf3068354448d18b6e09d994ea5077a72bef04256f787c57134824d0beb12cce1514a343f537a4d5fad336c9c1b84d831eee643f6e91d9b1621fc0a43ef8c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2faf017a31cffe42b48291d27f7f2f76

SHA1
65758699d5ebef581cf635f9bf23c438da4f8436

SHA256
7ee3370abdeeaf909513aef42c8c8f6af2b8fd41642d44ac6cc6629ce492f71c

SHA512
0f32da33eec15a1a10e293cb5e7a011946bc237cf737cbb3707a09bf0d1deb48188a87d7dc030d6891bb030782f9c4af08a4d5dc46f72d829a404be8ba32d308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
d2a50fb43b2752b481a9d94946997bb8

SHA1
08c93fab9a0f8b873219f1925ab59d9ad9f13a93

SHA256
60728074e7bd4a365240ffa9fc4801a3f5d5f440985632ecbdf7e33bb7bfbe20

SHA512
9820e4d07b25072383b5413cb031c764c4b45484cb3d30a2a9893d991ab6acf542c05fdfd4f7787e66a95d0177dc5b98e772fe6565af25d9b6fb7e4f06496fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
091a7434ae9b5be2b8f8369b6f4fbdca

SHA1
2f7b713a2aecf0edca1ba9e4871c619e0ac0e71b

SHA256
686d107f6f60baa983277ead8f424f4465e34c273b6cdf80953c1c29be954d90

SHA512
adb9d7cce31e755efcf5e5fad803d58af279caf669640f212dd519c15be97cd983330ccef66a45de2b6a580d2fe915de3fe60cb34cac5415f6952b42468bbe37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b130aa84901196df73730c41301017c0

SHA1
aab13f7c7312f578850469bfe2b1597ff85d650f

SHA256
f360e724ab8a4cd1e560ca7ea3d7ed490ee668909088e8d7a028fdd8f4d75d18

SHA512
37cf3c9fea429048b054c0f3e05d5a12650b90866515f33e92ac0fb60d557978ce8e437397523ea3a3bf7be69c4a0db3132575f01da2cc9e02f7d650b1c72929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
40984453f95cb7854bf563de56873098

SHA1
09d97c00ceb4edc194437cdcdcf6c5e8f5c8b91d

SHA256
293fa898e0e482dbbe138720ca820eb71d555be1f44921e8b510f75a76073a66

SHA512
e36a7b9ce71212a279f38230e22ee5c6d27b8efb5b4d4a921b186086bbc28513ec743349a6a2f4313031c698480146da525acdc71ba7283019346a9b48c9313e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
22399fa856d1114f64d6f99f7d32d3ad

SHA1
9619bda5bf5b5f57c0b02aa078260643a1eb1653

SHA256
d5528f1d2dc59d97076af5c2c0d0fb4b7e6984900ff963142d575d7d3444a0c2

SHA512
9e68ba074de2c6f6c4ef6d9b1c23c1e9e56b810a788a2e6d9456a12df12adb6c23cd0c28231979e3f2f4094243ae481e529041b3d855f0dd1fc0f1440fe989ec

Download Submit
\??\pipe\crashpad_3840_MGAPBMRZGKIFKZTO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit