hxxps://code50[.]ru/e

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2024 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://code50.ru/e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133566996342099461"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3836 chrome.exe
3836 chrome.exe
2736 chrome.exe
2736 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3836 chrome.exe
3836 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

chrome.exe

pid	process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3836 wrote to memory of 4412	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 4412	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 1028	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3232	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3232	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe
PID 3836 wrote to memory of 3360	3836	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://code50.ru/e
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeac2d9758,0x7ffeac2d9768,0x7ffeac2d9778
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1960,i,11668926340591650947,10091057057456755388,131072 /prefetch:2
2⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1960,i,11668926340591650947,10091057057456755388,131072 /prefetch:8
2⤵
PID:3232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1960,i,11668926340591650947,10091057057456755388,131072 /prefetch:8
2⤵
PID:3360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1960,i,11668926340591650947,10091057057456755388,131072 /prefetch:1
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1960,i,11668926340591650947,10091057057456755388,131072 /prefetch:1
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1960,i,11668926340591650947,10091057057456755388,131072 /prefetch:8
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1960,i,11668926340591650947,10091057057456755388,131072 /prefetch:8
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=880 --field-trial-handle=1960,i,11668926340591650947,10091057057456755388,131072 /prefetch:8
2⤵
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 --field-trial-handle=1960,i,11668926340591650947,10091057057456755388,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2736

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4960

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
b9a9e7e601cd640d5ba482f36ac074b2

SHA1
e9045a5a67d1f0bd685f2469c9ec2ed39fa9fc16

SHA256
434d18419619d5639861cefc0b32ccbc98a94f9c3764b1eeac46b5d7e9059809

SHA512
e6970fe2991b483e51da3a61f92fd95fcf45fd28c1128d8904119e6ef61ac817e3371d22c25c44bc2694a4ebef9be3a6fc93508a3912e21791950ba6ff875115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
88KB

MD5
13a6d74ad6b98b7194ac1e2bb91ebf9c

SHA1
f4e125f62cdfdcb8774a8479ce7ab070c88815e8

SHA256
57f0940477fc9fec40f298c5dd6135c961d947d63375f0303b445d22346c8930

SHA512
155e22e639e7eb54ead79ac114e5bcbcd1169359742decb7a62d1172cfe6e8a81002fa28c1a68ad80d9a6dcb1da77de4030207ce3b756ed7f2ea7f5cbf95ca51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
0882872570fffa9190d510d349870602

SHA1
422275c800f67f80ac4b106f81670dd143d03c78

SHA256
8f29503a0c05ac2b6e5353cbe3fbbe416237182f1296fd3cff727ed71460a933

SHA512
0c67561e69d5c0d441087375666e76eaf8d2631ea3f7aaf178d6fb3a8925f9acb85d4a58e3c896c3e2a7cc2ee071eac9cd6a6b1d53a75113315f36c81e34e7c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
9e4898455f0105d226c2b89d1af8a932

SHA1
3f09df19e2aea2b948801518777a4357cbeca615

SHA256
204712a03b362d9f6c7a34c7d759ac6ac75e1b0e724782753f70ea0a77f55751

SHA512
1c2d65cc564084986097db5d5e94afd8f4b085f32b9c0ffe5133a1944af4938fceef9c5f23a6f30d25fd9c30629a06183c2caa32e61529d750e8ddaeda8e72b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
1adfe2227f132f49a7fc3f5982bd069a

SHA1
255109562161d31e3044f24d7895292cd0cdb63a

SHA256
4a0476a73405d929f9180a831329bbfedc96243be736ad3cf4a09f05d9d23afb

SHA512
5eafd3c1ca8df11ffa3f74eb7f844f61c72f9f20a970e9ec8ec7791c25aec44eafc5420c5506040470df4a12317691f434d007fe6a4acd01d3c3a3f25bd5dce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
2b25d408c68c2004c5393861e3217ba5

SHA1
8e2e65443c757a671eb3049765aaf1c0bd7307f5

SHA256
07a3ccbbd011edeb807bd9e2df539c07ada418ce2bc0b342bae3510ec72ce083

SHA512
309e5c30bc237aa871265c4ac29a375c93ec3d8d6dc4076744c3596a09f6f4b7c2612c1c0ddcb20a91ad5b4ceca4060221b032e57b82288a54f48c57236b3646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c2036af5bfdda8afbd86f6ec5b7dacd4

SHA1
d19c0532bd9f3c972ceebaeacaef36bfc39f96a6

SHA256
9181bc5248dfea8e3693ad9eac265a380316ba9733f93a8834f327bdfdc56ba6

SHA512
843ee129b232a2adec0f4e9fc54139f0065885ba02db361ba678f64cd77ed7ad95f3c187b14959f2c02f3b46cea215db96b6c3c2e7bb8dec4d4e04340225e449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
51d26cab1ed4f7ad5e120062e4095f9e

SHA1
f6b18e3c6e8d0bef5a3b71fcbb8bd2a069c9b89d

SHA256
a2b8f22818c3330eb1b8997aebfd2664f3351eba2970dcb9bcfa8ef84dc1a5e2

SHA512
18ca8a340f8127d1b495a705abbac6674eabe0aba0716dc296808331c6a37c1761ac691e1926025742ca505c0b528bbe9e9c96512696031b162749a9b7736182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
834fefb80537deb23cdf2912070f8d6b

SHA1
67f983b2828b4fd16e10e95e1605ef8c538fca35

SHA256
3cb6d457e10181188ea6763b420d4110145118b669202aaf9558872aa17ad400

SHA512
1782dae31cb0e868a1302f36d6159052fa58fbe1e3dcb9023d9a16db4e7a33ebc6f16fa06b903488c9283fb628a19cc1f1bf5ca51220225bd063e5d59a158d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c799a3c8e2283e0a1c5ef7f16b68affb

SHA1
e87874e1a3fda57f036cd846ab2521ad91af0f13

SHA256
a42be0aa56700b73dbf0996fef8872a2f6943677259e22db097ec556388b0d3c

SHA512
1bf61a62a7f7a0ab22f85f71289da27c3e61f952601905bb0e4060a63f4d366eff5a6b1d6cc7a9d708be2c3d8b09d1905612704e25f5365a96f2edb64783084e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
5a4d88eb62eb2c4325c37b58ffba314d

SHA1
3ca338e5e4540592e65cba8f7e572d00c86f3009

SHA256
e29ec196dfa0feb6fa57ec857f6f8738dd3a2b37fb04061a378b55d0e4d9b305

SHA512
f23a687447d7dd777c5542924ea0c54c4b495ccb1c2f83fe70cc709e2e96847f0e9f850f702f3bc2a16dc341f94d2c90328b7fa587e38834f5a4d4f6ae7c7d3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
cbdd9a70de9563523cfc99d2b2b61678

SHA1
b0f4ccfb223b341683705b717c030eb7072c366c

SHA256
8aa1a75a485a93ae5af0b4a55ddf5fda9769ebe5e2daeb0a51dd5ae3dce7ac37

SHA512
d5b63af9bfd078d0282d3c3dcf07aa9e1a156211a6958686dd6c11b7e8323ac4b6a4627d1676850c6595fbbe4df08f729de63a59736638b87e7e7b066fd7e5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
1aad65bfaaef299b54db0e35dd8a55ea

SHA1
ba2fabcdff092411cda161b0ed71ebf7dcca3ffe

SHA256
bb7593081adc09fb53179d7f27ceef2bc9874def759bb53f32144a75c24b63dd

SHA512
be9be9debb45b92d249eb8a65217255d1d745cc266470ccc40c41b4a5e3a9786e873a8c467b3fde4a9094a3c3be99c3704498c8765d3ecafa588068752b53418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
25775d9d8c9e30460feb259e78baea1d

SHA1
5d4133c50918bf75622122e16f7638a6b4b5d50d

SHA256
42c71eacf06af27b2038d4c44c78e0fb1f25308365d34aa62ea96460d38c5553

SHA512
f07b4784cfeae7e04a2432913c8f879d269a54c8c70b954e4f8ea002e5bca3c0cb1afbfcd624ae97222e7dd2c365722dfee23993555c421975ebefd774e9d797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
872608fdc72d6b953890b1992a4bd8e3

SHA1
70a58465e3f1c57abf01cbe7d83f554cd2201b7a

SHA256
b9759cc4825a5173e035f92ad8f72115bf6f7e87432e847a850e02280eeb8d27

SHA512
e7cd1c1cc0e39b9ae0e6b6afcb59bea208db2e5a35a0afb7f007d1fd8693fb1121f074b9af219827f958e63059409b8c7f8c7180b551d2794b639f9237fc0e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591321.TMP
Filesize
101KB

MD5
4b3e51760221f652b018fada86a89399

SHA1
bfbd49f52b8132b9ca5080b02fb0b01f5fe9eb01

SHA256
4b751d893886c0bd19d7ee21f63e651a4eaee4fbb95169fc4fda97933be69907

SHA512
0ccbf6451caefa158c1c972b8ac67aec6175cafd9cbf6c2e694e7369b49912c5128f9a33f366d5d070493747cd473bf3e82b01cb0e52349917f17a56bb20d7e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_3836_LNLRUCBFNFBYIYKY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit