hxxps://cutt[.]ly/verify

Analysis

max time kernel
1200s
max time network
1094s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2023, 02:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cutt.ly/verify

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133241892574372953"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4264	chrome.exe
4264	chrome.exe
3960	chrome.exe
3960	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4264	chrome.exe
4264	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe
Token: SeShutdownPrivilege	4264	chrome.exe
Token: SeCreatePagefilePrivilege	4264	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 3352	4264	chrome.exe	86
PID 4264 wrote to memory of 3352	4264	chrome.exe	86
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 1044	4264	chrome.exe	87
PID 4264 wrote to memory of 228	4264	chrome.exe	88
PID 4264 wrote to memory of 228	4264	chrome.exe	88
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89
PID 4264 wrote to memory of 832	4264	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cutt.ly/verify
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb1219758,0x7ffeb1219768,0x7ffeb1219778
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1828,i,9526882467538715753,15474445393687205365,131072 /prefetch:2
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1828,i,9526882467538715753,15474445393687205365,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1828,i,9526882467538715753,15474445393687205365,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3232 --field-trial-handle=1828,i,9526882467538715753,15474445393687205365,131072 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3260 --field-trial-handle=1828,i,9526882467538715753,15474445393687205365,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1828,i,9526882467538715753,15474445393687205365,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1828,i,9526882467538715753,15474445393687205365,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 --field-trial-handle=1828,i,9526882467538715753,15474445393687205365,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2360

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
255ecd7ab398770c2750d0ff416f37ac

SHA1
d068129d60a0b7f9535291cfff3105994e4eb765

SHA256
c0e02822f73e463c2f4e20d652adfe3b779ae84d5df01acb4a70dd4fb0379685

SHA512
29498ea19d601d4c55cfa2b5af6796623a2220c7c69a418eeb475ff35a4472b77930a6508a793466db9c7877353a3e4e318701648969e6dc3db1d133b962593f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
cbbc21865f6a1f7ec22a7fe9b5514987

SHA1
fcf332f3cd4e50ed8b16dbbb4fcab1ae3ed0b398

SHA256
6de3190353a835de29ad60781306a7bf5c4b8ebbb0d7cad8b1acd70a80d3c6df

SHA512
def0cfe5c1a20a299773c1a3bdc3e3538ccddd13f65e2156950c30de29f9cee398febce78bb93b221e0d19272bc189ce3f93d2e12067395f5308f844f58bde44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9ba9af69740849c880f06b86b7a64349

SHA1
dc016bf38795ac0866a86a4ecd7715502fb801fd

SHA256
a665d76df4c4636c7462dd307da9eb24aa75f01e084db134de57d30ba0333fe4

SHA512
47ee738adee9515b09a142ac9277bb15a2a2b7f848e29f30bf34b30284e356893747ac6cbbb61bce2ef80170895c4fa0b14c4bde1dd6fc64878e27a5c2dd23ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b8622b6df162fcc0bd3d593155f0abff

SHA1
03a8027df8054d51e29510b34f77260d02f68cdb

SHA256
8640da427516d8991cfbc0b1bd7bbb65f799bcfc6aacd8a7fa8a2dfd4eb6737c

SHA512
7ffe6bb1d6d79c2c379515ec39fee00d81c32df3adbe5d3b5aacfd10193416c47748cfde8e9c0cf9efcfbf6aca803797fc2d77432a02aea793f975c27d9bd5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
59a334025f19205fb3fda5c0baf66099

SHA1
c3feb6f9071f3aa6ecf2a3edfde40a3dfcbd3c44

SHA256
99f092f511edc598f442a74032153ecc349a58c737356afe3b9e601e71f9d8d6

SHA512
5bf4068debae1785cf0ea0cd6b70c20eb42e44a8921af7c49d4913e80f2eba0ee80a2e7f97b91cc490305bfc66124f911862e2fce8cde71cb115918f308823d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
c3577547ec2a7c1dbe92a00dc74cfec4

SHA1
b820aa95b4f6a71c4faa4f7d595a6606a3f3bb07

SHA256
a1104bbb88a3aa518a6c4abdfea004894b0b92dc0d4097a23524ce42741f6b51

SHA512
44f7f7fe5f3d42925e144a811ba57f2686b3e257b71d8fbd4ebc7a6f68cba3cb17f23877dd75eeff98140af6e67644054e20a708890617b5204b4ad05b468a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
0f7324ddb1fc5a9e50e90a05db4a716b

SHA1
83393a628668214147ef406c5a5dd64384ab29e3

SHA256
79fe33f068d6e56c9632d39ad7ef1560d0d3bf077ca953ffec11c7eb233fd1d1

SHA512
dc5369244f4a56f5a1f42b5cdc65ac18dc3bd4d16f647c557b963ecf510fa1b426b2f0483d6193696193cf95a177714b5566fc648cc592b059877871dd2d10c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
e383bd2660adb2a079ee33882b40af66

SHA1
7987cd04b7f9d8b393154566b92f381e9a4e6038

SHA256
fff0d48f31e277e6870dcd23d70f8df5cac36baba624bdcc4c1b9f55761231a0

SHA512
bdb2511a75fccae783c5b081c812c0c1c09a3da8ea5b3d80a355f6b2559f44269c1540dc534dc9094965cefef4078c3151d8533a89025fb1767a9ce97d3741ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ec53d487f101c8c8bccd6a3869dfdc03

SHA1
a01288234c55bc529a9038a31cf6ed26a4bf518a

SHA256
38cde496a38834e89e75e7a5e7c77ffa91de66afdbe5246520c241f60608c0c0

SHA512
4c4ca56f75714c870992fee229252dee985976268af29e9391d406c08fb274e1ea38492e99d3ea5e5c2555c27ba2a209e7d8037b708e9fc937a1b3dc41edd89b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
94db70ca1ce811702628179bce108984

SHA1
8614406a6351beed9b0b5bcac0d81164df002be9

SHA256
e858f5ddc3ac1cb3689371d946d4fa436f84dce4453c41bb542a4745f3a360d1

SHA512
46dc77e8d970dc2d1f96a2b6ea84b18bef0eff6dfb4a0817f15fd388af36204d9834f11e226727a168a2af810204f02f2d43919c8db1231902a2295949ac8edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
fdb6775d3c8b3bb77f9f3d5620fffaca

SHA1
329a5ef48a0a1488559fddcfe8f6efc1fceca156

SHA256
fcc0670b611a3b1c08228614dd67369dcb4e7567dc8153bc7f75b8a4d92e5895

SHA512
c5ec755cb291bb4a3deed4a03b13d6f828b90ff7deed19546cf36e4d1bf9c4c738e1b5b0f76d18af5c1c3f33f8fa89cf1d71ba40ea5813dbbf21ccc50c49c179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5945ac63565b7f599caf02a77eb07735

SHA1
dfb41db7b8d0f124f0d432589fe8964b5ce3e4bb

SHA256
3b882e9a786c2921947c81d7d5dbcc76098c8e8958d12bb4beb4d8fe2f0d2847

SHA512
2935e03d5181005a8a2e338c9ab15b7fe8ba6c7f1e52f750267c9054bd1ea412b25fafeb21fe16744432f184d787b788cacf11229ec956cc9c03de0c09a5eae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
aa7fec761a4a837853147457843eeeef

SHA1
fec45c88b7075a364583cf3c83e478d6b7de01c4

SHA256
fe3c17597e83a882ffac4f484009d03f2e121fadc528f6e64c5291258bd44e4e

SHA512
221b9c084a5a78e671647b588dd21ea3d2a21b002ddaa7b96a1792208e4e3d50242b0d35fc1b35ea9b7e97a1f0998b58247c6763e07507b31d4f4f48dd3bf1f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit