faad2bc8e61b75e595a80ff2b6d150ff8b27187a8ba426cc1e5e38e193ab6d42

Analysis

max time kernel
53s
max time network
57s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BootstrapperV1.11.exe
Size

795KB
MD5

365971e549352a15e150b60294ec2e57
SHA1

2932242b427e81b1b4ac8c11fb17793eae0939f7
SHA256

faad2bc8e61b75e595a80ff2b6d150ff8b27187a8ba426cc1e5e38e193ab6d42
SHA512

f7ba1353e880213a6bdf5bd1dfdfd42a0acf4066a540a502e8df8fec8eac7fb80b75aa52e68eca98be3f7701da48eb90758e5b94d72013d3dff05e0aaf27e938
SSDEEP

12288:GYa9sBhIBdCdbX1USoeQDj/VNpA+dZIznBpGTEy:Pa98hIBdjSoeQDj/VNpZdZIznBpg

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	pastebin.com
2	pastebin.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperV1.11.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1928	chrome.exe
1928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2952	BootstrapperV1.11.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe
Token: SeCreatePagefilePrivilege	1928	chrome.exe
Token: SeShutdownPrivilege	1928	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 4436	1928	chrome.exe	87
PID 1928 wrote to memory of 4436	1928	chrome.exe	87
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 4804	1928	chrome.exe	88
PID 1928 wrote to memory of 368	1928	chrome.exe	89
PID 1928 wrote to memory of 368	1928	chrome.exe	89
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90
PID 1928 wrote to memory of 1508	1928	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.11.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.11.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdb00cc40,0x7ffcdb00cc4c,0x7ffcdb00cc58
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,266323981639332441,11866829244022921873,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,266323981639332441,11866829244022921873,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,266323981639332441,11866829244022921873,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,266323981639332441,11866829244022921873,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,266323981639332441,11866829244022921873,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4392,i,266323981639332441,11866829244022921873,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4600,i,266323981639332441,11866829244022921873,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,266323981639332441,11866829244022921873,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3276,i,266323981639332441,11866829244022921873,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:352

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
dc306f670fb62f85f7d028864187e20b

SHA1
042f79dd00b0297d9b5bf353bdfc279834ec580c

SHA256
b4a8788e22badf12a6c652f7568b125bae65cccc8b87f7157d080ffb7a167c33

SHA512
b6b5d6420b86475858edbf2b840b7122bc6bf9cb5daf6b183fdc1839413421b6412c7ad421a3a91f3dfcc8658f7e0450eba549fa50b81f38945f44ab994d47d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
903f31ddae17c7d8b07c396062ce8321

SHA1
d6f2d9239cc8467a235461f9df58dc2ae02c7de2

SHA256
e7fc9046d9081ea7cac3c7dd418fdf208dbb716c588882790047e38f497f13a2

SHA512
2701f7fed39db4a3e997f63b9e484c1a99eb105be0b68469a73abdcdd3743409b3b31d6b6690f46c7bee1e5b8744c88e56dd5c11660e064765ebf7f725d48e83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8996211dcea690c972f63bce49460aa0

SHA1
f9395548cfe63c9e58dc7c8b7ee3e1f0bd5442b6

SHA256
b94e5420d01a58cddb60cbd3dde54b4ea7bf90119b05573f8f5ec1482e7b5a08

SHA512
40f94eb1f77379af80d924e651631a6466e3fb840e7e18534a0433fffaaf9443b88eca71ce749655351df53f146a460f950db1f4a762a784fc2e098fcc7951b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f8b7b0e563d877950ec5f418db07728a

SHA1
22ae342bdfda6e02249e8da181943e2a171429b3

SHA256
3f853399ed3bd72bb1e2354574ffb332f10f5d547dd689eb7a4e29b7240198e4

SHA512
7f7c871fee06e9053bd7161ae094cf2d703576b1612bb191794665af7ae81748574bc2365c13583919360001a59c2a67ef71b17d7d2799722f5f3475a2c3c323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0e0c03bb00228d158cbbbc15205244ac

SHA1
04a7e3434407430d5091a0cc0bb0813748140409

SHA256
a1caf6ca5b5bf1b4dab503f3dd185fb57c503ef23f4e04faa1730c5ac763a9b0

SHA512
97b1c5c2acc70f7c4ba5af0859613de2571d022024d9025aacb4e7e74f348fc4094e5b5d06d25d673ae8f659b66fc437e331c1bd913e58c169fedf17979c340c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dea1cbab4f1369041485518e415925c6

SHA1
d894b896bb516c5e848053c0fe4b43a01c7f9062

SHA256
d4b4fba48e96d873900d41cce9a4939a7717e062ef7be2547d008819257b8a6b

SHA512
4c61b571fb57901a682854011291e27481bb8d4e119b93a87bebc172a13f29757e177341e032c7f7d591cb8f2c5c89375ab9bd7cfe4c059e970ef0d972a3f133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e40df756834cbe12c16e05a671f4371d

SHA1
053abacb9db49a1c93f14b1928193a9bcc3d8ebf

SHA256
0e6d72655727b2ef20cbf8398505e8ff2b3a81447fbf10e5d50b42880d059a02

SHA512
30df1a91500eda9bc514c1d31d468855c2c9cbd8ba45f6b6b38d9145c4b72b99761e71cd0b2c10169d996aca74ece23eb951af4cf22346547de35e8c5a34f2bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
03cde698b53480bdd808f813af5480b8

SHA1
bbccbe8d33a864605fec8abe21f02bbd0102aeb9

SHA256
9c10f34a4b50f961c81f466bc6f90f060fd769876e973f149290fd78ce1ddd05

SHA512
d856937c75ac15490d9f3d308e675d3741eee6d239ed8d5ebf12222eac43e07eb0cee318029e12f9bf6ed55a0f75bb0232a6be0de6f4b876319386ccdb0cda26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
d72e51866f1e115efbf8d8baca298af6

SHA1
2d8724a60142310c85f165405e32bbab1da4b689

SHA256
0ce9ad4e6acc506e40993d439de5469412557721eb4a0950c03ea0b8aaf98a72

SHA512
0e5fc370e4971f98f375fb64460d461e27eb4736da881c5cfca4e47bcb4d11ddde047ede182275de89e14e1bdb7afe71796201b3e76c1015ad27a083da7b3f9e

Download Submit
memory/2952-55-0x0000000074EEE000-0x0000000074EEF000-memory.dmp

Filesize
4KB

Download
memory/2952-60-0x0000000074EE0000-0x0000000075691000-memory.dmp

Filesize
7.7MB

Download
memory/2952-4-0x0000000005710000-0x0000000005A67000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3-0x00000000056E0000-0x0000000005702000-memory.dmp

Filesize
136KB

Download
memory/2952-2-0x0000000074EE0000-0x0000000075691000-memory.dmp

Filesize
7.7MB

Download
memory/2952-0-0x0000000074EEE000-0x0000000074EEF000-memory.dmp

Filesize
4KB

Download
memory/2952-1-0x0000000000050000-0x000000000011E000-memory.dmp

Filesize
824KB

Download
memory/2952-205-0x0000000074EE0000-0x0000000075691000-memory.dmp

Filesize
7.7MB

Download