hxxps://u[.]to/VyKIIA

Analysis

max time kernel
50s
max time network
51s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
27-03-2024 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/VyKIIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133560469839058996"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4092 chrome.exe
4092 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4092 chrome.exe
4092 chrome.exe
4092 chrome.exe
4092 chrome.exe
4092 chrome.exe
4092 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4092 wrote to memory of 816	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 816	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1972	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1184	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 1184	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe
PID 4092 wrote to memory of 4308	4092	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/VyKIIA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdcebf9758,0x7ffdcebf9768,0x7ffdcebf9778
2⤵
PID:816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:2
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:8
2⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:1
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:1
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4916 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:1
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:8
2⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:8
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1552 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:1
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2792 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:1
2⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3632 --field-trial-handle=1824,i,6664039631384377534,4021233782982195304,131072 /prefetch:1
2⤵
PID:5008

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2992

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
576B

MD5
8defd5edd31b9e8fea86aa6cce903269

SHA1
5ad5324ad65c06315faf0a8dd395242bd1f3e006

SHA256
fae962d7c24e6baccbe1b88813186ae8301f9c9443875709de3091cc9375a076

SHA512
f647c5e44f7d4ca6992423b987b0a9236909c8db930531e8d3ce97e9af8159e8f769785e7f6132f3ffc7a4d992a7435d86d943952b9afe571bb771c698c95a6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
1aef1238f49cd1e41b20328c6c1d754d

SHA1
95164b167b4bf55eaef0d4340b2c40f63a0c3260

SHA256
29e2a14b83ec7440914f0d20b4816a97d795c7d2d2a0f3d53ce6a6f0a6f3ab74

SHA512
d7a6c35f665cf3d1df30ff9944c94342ee9660550da470a10b74fe9fffd0a429609ac062e309fc0457e194dddcbbce22e70dae87629a3c71e0b0d702255a0e22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
25e7b361d4f55f1a4622ceb78e925d9e

SHA1
690e2da415f125205292621920627dcedc9e68e4

SHA256
65c9a6fbca98280051df5c4b0c1ae4874fbcbbfefa1408f6df9720d8ff4ba09e

SHA512
b3e69071d2fb1e1f7ac53cec690b07fc1222ad8ac6bad42c3f5dbb208ccd39091716c4db1f9d44b90cdc40afb2bdf6169be94974b566027cfe25329844cc0be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
754efb0f7a50b18b281d7b8b700ef164

SHA1
7ff3fcd553c155b1851d4e58d2062a0a70c508db

SHA256
3ad4a6e7b32a6629d03494e70e5f03574e5875d8bd7879c0ab2acbc7f81b0f2f

SHA512
e2cda068405c9e13d7746fc773455c974c33733585593f55b55e900a414c77c14c66fa307d5b4a2dc2de4540b8abb2d5bdea87e02acf16c1cc377ef130ec89b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
698b48afb413d49a74671135d39e275c

SHA1
a00db9a879b73edb553a67555c0fdef7e64dfafa

SHA256
21ed31e783ffd2c25bfa646a41dc154da5a20edbbe7d6b062df2bc3dfcec2180

SHA512
b6d6c46cd5df388d8069d56faeaddf158e300ee0be967cbde6366abbf452ca2ff3407b1d0eeb5db6875eb0d153afc619ae5ed8d479a41420c1b4697975e120f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
778ace6731ca210092a462689e9cc299

SHA1
b42e7593ec335cca66c69cff45d72814d1b92d7d

SHA256
ca55c06fdd52ab49c4f077704d04e8d3255d5f20e05d87c8e129716b07c62f2e

SHA512
c841ae7a4d3930cae9330f296352fe39a403e3355d3eba2b132ccc0c0dfaf45009e5533bc0d401e90fae89de7a62a9896318b2fc363f4a84d5be1f25fd926d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1e7ef95f1ed1c2c50372d1be95aa66ba

SHA1
0bcbed491a1fa1bda0343055b1b906c65a52dda4

SHA256
4e13d5021cfdb78b361872cd3d57cdea8087263da8b4461851c8459101e76769

SHA512
f7b65f95833fe33cfead651712f23616d4478ccdc32fd9f397e165eefd01d99e7ae93645ee5fd34dba4186cc94092dac20c923c7f8009855a59d3641b3584509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
28726df99a8ba7cf61b2a55aabaface8

SHA1
e966e49e86dd4914abb2a74c022e6e292b4af4f4

SHA256
18db63e8795864eec50d012f1c75cbb7e13dfd3502208265fe5106e1e5893529

SHA512
42125d6cbe8e118d6aedcfc26263d35ac792296878332cc602fbbbb0e5731ac743ba85a5963b14222e33d7817542e20deb835f7216c469875d5fd2d616eb6bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
ae190d6cb8111bbc69a6cc56e14fe01e

SHA1
ce318b5bf5687ef602982dbce3c6a719dc060f09

SHA256
a0026e9997c0b80039584b473752ef82d427a11a5ea69533d724de0e645f32d4

SHA512
d8c13a1a25915607e6f1ecbb9ac0c38e28c33a3a7fbfb5b94f89b5e5fc5f6a3a44e1899c864c9fe9cd731aadecb81c5d4b69583417b56559be1857bbb4a26a28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
c98d90a8a460947f91987cab58b775ac

SHA1
49d8163b6ac80c8fc7257b67b3529fc22bf92126

SHA256
3b35a2b211336dcd136aa2c06bb853cc5f98eef2865b40dde9d5b25a164f1dca

SHA512
887e9fccf3ee1e67ec9f987e69b8e6e8ae23d7e05ed006ec4f108ea1cde9a84a8c2be410ffbf00f658b731126e5961c977b111152f347b779890e821265d1cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
6c12bb7515fdae485f021a2cf60e593b

SHA1
84fe91d278961c4c44995b04e3554afe9546d9ce

SHA256
2684d5fc9d36d7412ce971852c945623c79ccd12870f406173d9b825d4a70c10

SHA512
13c083831aaa12e191f582ba06f5bdc40c7b3aa4b3b3477f02a777a603373fe9102270d659b063eae3b5624ce5f274793d5fe707a8dd8a5cddd0ec2f035ed99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4092_OZEKXUKFMVNTEAIC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit