hxxps://steam[.]workshopitemvotedinfo[.]com/sharedfiles/filedetails/BadlandsWarPaintCollection

Analysis

max time kernel
59s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-10-2024 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam.workshopitemvotedinfo.com/sharedfiles/filedetails/BadlandsWarPaintCollection

Score

6^/10

discovery

Malware Config

Signatures

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133744086712145482"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1376 chrome.exe
1376 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1376 chrome.exe
1376 chrome.exe
1376 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe
Token: SeShutdownPrivilege	1376	chrome.exe
Token: SeCreatePagefilePrivilege	1376	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1376 wrote to memory of 964	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 964	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 1436	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4256	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4256	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe
PID 1376 wrote to memory of 4972	1376	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steam.workshopitemvotedinfo.com/sharedfiles/filedetails/BadlandsWarPaintCollection
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaf3dbcc40,0x7ffaf3dbcc4c,0x7ffaf3dbcc58
2⤵
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,18271202884303023573,3196038960991692012,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:2
2⤵
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,18271202884303023573,3196038960991692012,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,18271202884303023573,3196038960991692012,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2404 /prefetch:8
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,18271202884303023573,3196038960991692012,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,18271202884303023573,3196038960991692012,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
2⤵
PID:3088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,18271202884303023573,3196038960991692012,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5084,i,18271202884303023573,3196038960991692012,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:1
2⤵
PID:916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\16d4d356-ac9c-46e1-ab91-480a837ba55d.tmp

Filesize
649B

MD5
58cfb9e50f7460dfcaa1313ea83b6197

SHA1
e1967439540d46bd21916311168cd222617fc514

SHA256
69d6cf44f7bab7d4d05c21b015b3cbfd2637779e4e1530d3cf84f492ecf37b27

SHA512
b7c5e8a5ac97db61ade74bbcb13c4fa6ad44200124c79d5dd14e48b58b40990643dd531cf1440886bc7b25476f20e4a5290d00f5e5806e31d6384c05c5f4f051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
53c228b6d03909109bf981ca6889d76d

SHA1
ff7792e78759caba05297de70c95ff31bd7f6e28

SHA256
fdb21c7ce400b7ce31c5d195388191adf64a25a4059e97b8853c076e59988e19

SHA512
b4a76c38fe0468b63e7b6f53b023548f3109f4ee26d5789b9c1110d0b0da1c87a4a1c75935a4836f48fcaa130571aa27f4f89a3f8e6dbf17ef2f60c5b01417f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
08d5857bef358f83716252f63cf8b8e1

SHA1
02d9245ca0c65e26b99fd7f2e89c4f66bf3e2436

SHA256
00a721d1936ec312c84d28aee74020c9a438ebf099a3648cb297a48a2f0bad65

SHA512
663ffd6672ccf7a9edb28c7dbe730fa6ee49daf142f37d3a5a92660484547400e76218ab3b8b82cc5a0787a8bff6e4570b4c0f7ba4996bd93f901cfc8b01ca87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1a7b2390397931857290d1f806e83f7d

SHA1
bc48754a4b992b8c5e0338a4d4a7451abc69529b

SHA256
8608567e187cde1a4a50050a5a69cf1babec284afc04ee768f3eb104e4363068

SHA512
efa9497737048ff79124e2304bc1f44122d81dd5476cfb630a21448acd281e82e82bcf91d4f35df2d3fbc9ee90fedc30e7bb3789db57b7f923d53d60f0cc3280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
9e8077722f262da406466ddd48054dde

SHA1
1601c089b595321d91a5741c500347f8a5f92ec5

SHA256
4fe3c9614fc95c71fe3bb8a2bc253514baab2706f64fc9635920d715301a79d1

SHA512
f293341706f29cdc3923c47b44d7e6f04c25abe7bf1724a471a8be5306e29fd69a9019c58cdea6dc95c4bca617dfe2d2911a53992ec945527f3698401feafb9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
245f2e61c029b8a1e668c1b43841b4f9

SHA1
e4245ddd5c91c25d0cc030827f58f3927316e7ef

SHA256
f847c880c26d1e744aef854021ec062fe14fb41f438eef01f66f7f92724b6a53

SHA512
3278347efebf041d2cdce96ad33da99a26a9f39d22465fd6b68681111ba90cac2bdf3dae78390aec128f9e42de23f827f85aa3d5f5dc8d9e9389e49728870949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53c2cd3c13e9bf20524febb39e92f2a7

SHA1
f115bf1a1fdde9df50f6dad0ec758a0257078103

SHA256
e4807d125717fd4f2ea3b66930cb9d6d96dad012f95117b5a20c0d92b4a7f8a8

SHA512
d93577717f014b6d8f210ca2b281412a4309a03a2c855f12faa26fb2032865fbcd07924942ad53071b47cbc1cb964d1bc06bc51d14aeaeddedb545f40896fed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15d47265106a5e3962d1afe5d3568aad

SHA1
09573c95b96710d7199eed601117bb3f32c0d295

SHA256
c867dc78c958c79da5c46f235daff9ad60b8ba34be35694f8b06c86bb1358ee6

SHA512
f87037eab6fc88038d9c060657ba741d5b6b2a058a13b2ba3b5ac9a5905d00d8f27d57fa881a0d63411294ead60d31a6eb7e374add8033f5000752ee33ba6a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
036e8dc812429a0a8de658c21a940506

SHA1
cc638b585fab38bb4a7d464ac1c858fcaeadac79

SHA256
f60dbd141089571f51e65402f43102161c05fcd3f4cb957a20293bc74c36f377

SHA512
650d54c86648c3c71c35cb925645a398d71205a656fa4eb6fcb03e9e0452061077dd9e5a276d135b57de519f09a17d5d1a86aa8d24d12370297136283933e842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e6a49be6741046fb1bd459fad6e01586

SHA1
6b3745e24392cf94dda15f783a0ebcf086433c26

SHA256
597152a31b1108d24d3aa9fcaa5417401f3ff8953d0eaa412751e4d877807b9c

SHA512
f9742b7f2b1a8502bf06c5782a0b330e1adedf9c26c11ceba8ca107d9fe65ecb06e82bbc32899d76fad632eec24cae7d0f73b87da788084808b975df43f67ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
72d02fad37bd297174b07e04147e5dab

SHA1
7ac0c64a18c5713654da20e7a20bbce46ea70b2e

SHA256
8868830bf2fbc1e94e2878574ade95ba7bbbc74e5673b56b38b48a94fa8692b8

SHA512
654e2242cded916b4300bf4962cb1882baac639148529c93a044f4eb88f4f300e379bd04c60dd76173849bbcf4e5e87d2ea739d2696f765f32d07adbcfda6a51

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_1376_LVGCYBIRAEGPTYWO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit