Overview
overview
4Static
static
1URLScan
urlscan
1https://wardislove-1...
windows7-x64
1https://wardislove-1...
windows10-1703-x64
1https://wardislove-1...
windows10-2004-x64
1https://wardislove-1...
windows11-21h2-x64
1https://wardislove-1...
android-11-x64
1https://wardislove-1...
android-10-x64
1https://wardislove-1...
android-11-x64
1https://wardislove-1...
android-13-x64
1https://wardislove-1...
android-9-x86
1https://wardislove-1...
macos-10.15-amd64
4https://wardislove-1...
macos-10.15-amd64
https://wardislove-1...
debian-12-armhf
https://wardislove-1...
debian-12-mipsel
https://wardislove-1...
debian-9-armhf
https://wardislove-1...
debian-9-mips
https://wardislove-1...
debian-9-mipsel
https://wardislove-1...
ubuntu-18.04-amd64
3https://wardislove-1...
ubuntu-20.04-amd64
4https://wardislove-1...
ubuntu-22.04-amd64
3https://wardislove-1...
ubuntu-24.04-amd64
4Analysis
-
max time kernel
300s -
max time network
279s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
29-06-2024 11:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral6
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
android-x64-20240624-en
Behavioral task
behavioral7
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral8
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral9
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral10
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
macos-20240611-en
Behavioral task
behavioral11
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
macos-20240611-en
Behavioral task
behavioral12
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral13
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
debian12-mipsel-20240418-en
Behavioral task
behavioral14
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral15
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral16
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral17
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral18
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral19
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral20
Sample
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641343603378290" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 4456 chrome.exe 4456 chrome.exe 3944 chrome.exe 3944 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 4456 chrome.exe 4456 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe Token: SeShutdownPrivilege 4456 chrome.exe Token: SeCreatePagefilePrivilege 4456 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe 4456 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4456 wrote to memory of 4692 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4692 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 3032 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 2828 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 2828 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe PID 4456 wrote to memory of 4528 4456 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://wardislove-13a2b-default-rtdb.firebaseio.com/AzuAnticheat.json1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97f0fab58,0x7ff97f0fab68,0x7ff97f0fab782⤵PID:4692
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1888,i,1327151209177985169,5180687248404517093,131072 /prefetch:22⤵PID:3032
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1888,i,1327151209177985169,5180687248404517093,131072 /prefetch:82⤵PID:2828
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1888,i,1327151209177985169,5180687248404517093,131072 /prefetch:82⤵PID:4528
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1888,i,1327151209177985169,5180687248404517093,131072 /prefetch:12⤵PID:2684
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1888,i,1327151209177985169,5180687248404517093,131072 /prefetch:12⤵PID:2656
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1888,i,1327151209177985169,5180687248404517093,131072 /prefetch:82⤵PID:1564
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1888,i,1327151209177985169,5180687248404517093,131072 /prefetch:82⤵PID:4840
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=888 --field-trial-handle=1888,i,1327151209177985169,5180687248404517093,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3944
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4976
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5d3c4d51ac60a9e4fcf6450fc2da69e7b
SHA1adef7682ca4f5b48ee79c63898133e40604be260
SHA2566997efddcb7fb69271aba00efd39cfac72d636e770759d8aa443ae4d86b8fd8c
SHA512f8e4c3d879cae1840f28fa33ef2de6817c30666132462d421a560497789c3a23f5c702095164295778c1abacd0091a4128d97985be801b12875c069c87dda70f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
523B
MD53c60b9fe7d7dd4465c02913b5f342135
SHA1ab2d1e078532988740b50ae196091e5e3e31bb3c
SHA2563b802b19109bd14757a6af2b662356961c0cd878c39f19a012a426090d060757
SHA5129fb6fc6f9bd0b565808da10739eab204a7202f3999cb8ffffb47fadf6b0dea4eab17e2a7c4cac841c79bcd7dd5917021aa7bc271ef17ddacd4f9d1c28f32fc2b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD535e84d5c760325d705ce9bf1728161d3
SHA12e5e927e1f821ae6931dba66490e1081611a38ee
SHA256d12570dbdd31ea99c147a0f79091a50ac3292ba1dac7c7f8c4adea2dbecc3cba
SHA512c60124339880bfd4701fa335b0fae3c9d7fc7e19490f984f8076f04e2372502c72f442baf9d1559c7577827714c05c451f75722b10f2f0afbed386b3b84f4ff6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
138KB
MD5f664adc83f95da5b3828317f101a9c4b
SHA17f3110676d873b37f3d9e45293af6585235958ce
SHA256c85eaa9f05f98c2abec2ca81f340f7258932b1b8f023250fdba8700f29a63b95
SHA51203cc66101d2d80bf165ffa7853e2879b146f4e2756ad8648218754e79f28ccf8920ea292ca2532580b25b9349999472cf1c2efcb8199318012e207c644575cb9
-
\??\pipe\crashpad_4456_OXIDAMLAHAQBXFAPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e