c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

Resubmissions

11/09/2024, 01:42

240911-b4r8maxdke 10

10/09/2024, 23:24

240910-3d24pazflp 10

10/09/2024, 23:19

240910-3a9z5a1gjh 10

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10/09/2024, 23:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

builder.exe
Size

10KB
MD5

4f04f0e1ff050abf6f1696be1e8bb039
SHA1

bebf3088fff4595bfb53aea6af11741946bbd9ce
SHA256

ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
SHA512

94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
SSDEEP

96:IJXYAuB2glBLgyOk3LxdjP2rm549JSTuwUYXzP+B1izXTa/HFpff3LG+tzNt:IJXDk7LI4uwtDPC1ijCHffSs

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133704840785083276"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 2636	4960	chrome.exe	84
PID 4960 wrote to memory of 2636	4960	chrome.exe	84
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 5028	4960	chrome.exe	85
PID 4960 wrote to memory of 4104	4960	chrome.exe	86
PID 4960 wrote to memory of 4104	4960	chrome.exe	86
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87
PID 4960 wrote to memory of 4912	4960	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fa6acc40,0x7ff9fa6acc4c,0x7ff9fa6acc58
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,18246765703897302471,7530682899367860992,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,18246765703897302471,7530682899367860992,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,18246765703897302471,7530682899367860992,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,18246765703897302471,7530682899367860992,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,18246765703897302471,7530682899367860992,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3528,i,18246765703897302471,7530682899367860992,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3784 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4564,i,18246765703897302471,7530682899367860992,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,18246765703897302471,7530682899367860992,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:1972

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
80ea230de490c91947a1d1e96e38362e

SHA1
4897b058d810744e373a1b3da5c5fe4f12650f4a

SHA256
ef73566dc2559e723009938a3815f656522bb7fc4075b236e9b55cd9e2211ed4

SHA512
983b664635e6818a4e395238c3b4650e15b92994e916e4c62d728e31611842d61bede3034535fe0994a4c8c7c815cc3d2a3f645e132bdb8b2434077e2deeb6a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8c50680baae84783f5af865daaf59d73

SHA1
d5985ffda63c2b59fcfce57b182a0b394129be62

SHA256
f9695668caedd68908d878db4b34684c4ee96c703d6867b8db32ea74facb3c59

SHA512
a00a72f99dd45d0c2826bc5f3e8b75414cee27a68de818ff164452f6e3af4c1f2663ad002bc243c4088f1c941fbab40a8f87df39bb98554577de05f6c03914d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b7692fa04ee6427cbeccb817d72e000e

SHA1
dc633756ed8331eaa3b9418eeb649187520afa71

SHA256
2048cbcf4b089afbf13286b1d0303c6ddb757313bf58c78f373d498a1086c136

SHA512
813277c50f15e15b19929604aced62edbd98608710e7f39f750760a6429d0d0ca224f46b7f9199c69bcd51fef2b58e1c0bb7f86a438247be64d6dd47890bf7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de23849fc93ee8907ba7815c7ec4abe6

SHA1
6ca55dc644222ccb986bfa6d29513302eca38c2e

SHA256
934dc031c28dacae85bcf1686bba89be57b34e140253634948b238f38dc5c39d

SHA512
d39912eaf4f11394974b220e4ff10a4b94f1c5e1b2c0a49880931785e120f26a60336a82369e7228ce4e18d00d4dce40600fce8cd1321283a5806353b9d83d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b20f0fe66c701bf2f8cf3f78e8fed25a

SHA1
b3868c53461783a6f840ae56ca1150ad6ee8a1bc

SHA256
413f9a6bb6f6ddb2bb65467781239bcaa75723ed4173d9e9bf68ca6c8e1ad297

SHA512
bb649f663c1f60d81bf6e5c2ce8cb64d4abe79e9107ce3138e85fd1ecd60fac9cf3aaa98e0eb53d8f4a2249d0525843ddc1ff729b8666d472f1e39c8ae95bc8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
781eef5ed39c4502b6bc2ed30aaece9c

SHA1
3fbcc2daebb227337ac95769b901231d4b884960

SHA256
dadddb54bb5df83bd421ef17c3aac1671c765d6612c052f24fbc9d43fa2489de

SHA512
8e6624fc59cec8f1d672fcff0cc7c1583c0c169ce984db84a9abde99c439ff0c472efbb2d12e83b4ce0441c85f62c869a715989e0996f7b2eb35d21d8e68fd78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
1b8de57cbc24ab8b424165bfe5f94af9

SHA1
12678e7a5eb931b193956807fcf69eb0ef8ddec4

SHA256
3cb7d48b4f43128d186445dd62833fd6df9df96b84c2950b4b1b81c94c95d7c0

SHA512
1f428e7f6cd2addc6c1ec6ce714c8506307da0f6a336d8609e3862aa8fc46df4e38ee762f008c46832e992c2fdc9a9658c1c0bdb5606938678ed58562d9791af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
9ea9f977c8054dd217aeda2d09d9993e

SHA1
40d1f8d67b29e8852d76660c3a2b618e0ac3527d

SHA256
e623a1c1ed3a67a718bb727cfddc6be916824085c7e19d54a0379e8f10159fe8

SHA512
7661479b7f400343dc970ec8517f0588f594017ae44ef7e5f5d8d34ad13837a434777e10a664672ed5f1c8a747d798163fe6235b3465686f343134e538959b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
731fbe36988a28584341bc88b41adc52

SHA1
12f8ffac4e1432d1f4f55dded24c69cfc0de6ee9

SHA256
8db7aeba2cf2f1eac0f9211d9c6439aa239c880ceb4c27f2e1a23dc2d092f449

SHA512
b58243880cc46f0106979f32c62355cde6f155072fed7328db032939f0872710d526a936aa6f78bd41a60f4939cfd4e64d3415a12592a363603f9429ec496d0b

Download Submit
memory/1628-0-0x00000000744AE000-0x00000000744AF000-memory.dmp

Filesize
4KB

Download
memory/1628-7-0x00000000744A0000-0x0000000074C51000-memory.dmp

Filesize
7.7MB

Download
memory/1628-6-0x00000000744AE000-0x00000000744AF000-memory.dmp

Filesize
4KB

Download
memory/1628-5-0x00000000744A0000-0x0000000074C51000-memory.dmp

Filesize
7.7MB

Download
memory/1628-4-0x0000000004FF0000-0x0000000004FFA000-memory.dmp

Filesize
40KB

Download
memory/1628-3-0x0000000004F40000-0x0000000004FD2000-memory.dmp

Filesize
584KB

Download
memory/1628-2-0x0000000005450000-0x00000000059F6000-memory.dmp

Filesize
5.6MB

Download
memory/1628-1-0x0000000000490000-0x0000000000498000-memory.dmp

Filesize
32KB

Download