hxxp://kinitopet[.]com

Resubmissions

05/05/2024, 13:08

240505-qdam8aea82 6

05/05/2024, 13:07

05/05/2024, 13:05

05/05/2024, 13:01

05/05/2024, 12:57

Analysis

max time kernel
227s
max time network
229s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
05/05/2024, 12:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://kinitopet.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
18	drive.google.com
29	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133593874598676495"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "203"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4692	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4692	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe
Token: SeShutdownPrivilege	1132	chrome.exe
Token: SeCreatePagefilePrivilege	1132	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
4692	vlc.exe
4692	vlc.exe
4692	vlc.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
4692	vlc.exe
4692	vlc.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5076	MiniSearchHost.exe
4692	vlc.exe
4028	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 3476	1132	chrome.exe	79
PID 1132 wrote to memory of 3476	1132	chrome.exe	79
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 3156	1132	chrome.exe	81
PID 1132 wrote to memory of 1892	1132	chrome.exe	82
PID 1132 wrote to memory of 1892	1132	chrome.exe	82
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83
PID 1132 wrote to memory of 1492	1132	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://kinitopet.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffd7d5aab58,0x7ffd7d5aab68,0x7ffd7d5aab78
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:2
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3980 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3200 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4100 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4380 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1792,i,6221083534181764563,2471031896244327067,131072 /prefetch:8
  2⤵
  PID:2440

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4284

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5076

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4692

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39c5855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
20KB

MD5
a5459ae0a430f8f3e23d13f7338a9e7a

SHA1
392f71ef296aafaadf2c506936a9ca7b96bf5485

SHA256
2b001664d567f7c9b53c07ba4e05b6060761d53d1ea8801d541065fa66427bcc

SHA512
c4d414106e2fb064ea50b2ea11d01f3d35b7c6bff91b42c40c56137ce0b1a92840b32bab2fd892c4d14ffe5643ef5938cad6b6db029857935a820653dfa9f1d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
7d8b943436b29b0eb090193bc7910eef

SHA1
1aab510b8b0e82aa7d4e578a809be8886eb6f8af

SHA256
aee13776a2fc9d498cce8503e3f4d693f77bf188878cbf6b9f00ba6541613b10

SHA512
a8c667dd17ab82ae22ac99b1d60a7ed7446f79745b13929a5536cd8889f061ff2c4008d6319a94094102c1d6d1acc0e4c06918e62927fd80207e89491c4cf914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c4e32087433bf94b42682c22be0739d6

SHA1
d1773e1dd881e0452a4784f5141613600de3a947

SHA256
304d54aec492118d09c9be43b3431f849e56a959a07028bd785256e8102afc9a

SHA512
c7ceeed4adb2ebd9d08a67e3d84a628aa7afc2ed23950bb9d6cb117b7824434a914c994eb5a775489a80c471e33e1e41998ef9aef8db92a40dd96d13c04edbce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
071b0f4e57c7e55aa568877298006012

SHA1
f2e61233fc8b97eabf7e885aa665fe472d5c54f6

SHA256
63319ef7157366593e14bc633a2ba4cb28f113f9b9297d7484e754d89b3c1d84

SHA512
52b74a2456051b37c5228b8e1fa2427b87ef15818ae0ef5a5dfac9e6f37ffdaf426a934e7dbdbf421593f4052293529b45cfc69541aaab1b5899cd64ab9f511b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
69b734543a21540f77c5d36134514235

SHA1
8552adf997ab303ef31e0a17ad9756abe767fdd2

SHA256
eecdbead2d279d582a63ed781b87d8c1575f430c818c2d5378dd59978d19ea41

SHA512
e19fe184d75279b5cf31f76db05f0fb45f29d678d363658aa4bbff80d0f88f11724b9612055ca28d4579b26e6e281f4ecfa4c9cccfcc8f44a63e318c142f0195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
a47d0b33d7ffce136103540966700540

SHA1
00395b77b6ee223ff62dbf358da67dfc06f54508

SHA256
e7c4cbfad9ddcfbaf86e7b128176d26f9681029931cff67f229cea5b4dc885c7

SHA512
9b360edcfe34dba89a8d2d434b0c135f1cf1f5ec184805cc4d781492964105ed22c4794f99222de6ad8df1373477a23846ef1249e5b3e587616ecbf28919b2d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
73a0d47bc475f79e341d9f67128eed28

SHA1
22f0d8dd51faf7264754ce9d0446046315aa2f62

SHA256
b8fef6301df0e6b37f3cb862167a34a99148e63d0126da0ba61d8234f32e62d7

SHA512
a5e9a273bd99802e8a543ff43cc08aa31f1835b1db692f727da4bb7e0d852e2c9fbea7b0a0dfcdad25a0a9debbd23e0a67e05bb5ed95ebfbe167a98dd326974c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5bd6a9126e6a04c1d5f1509572e619df

SHA1
185e760bfee0435912979a7053e9b682c2dacb6d

SHA256
5732f0a1363fc99087fc0dff0a88c27989bdc02afc85a8ccc304271e9eeaf345

SHA512
7494f4e318f2e819265e7760d251a9d5f003abed789aff5d31592163f86ec52087c82c989dd9a4568e8fa894077aa794e15f6a528a819182747c11d11dc4c36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1779821fc564cc0cb95c7828dab77c70

SHA1
a1b05cef00070b5037ffd48985f103b4f349d7c6

SHA256
a1314ac961787242996fa43aa9bf6b490e6e1823b0d59dcfa4c471743c0e62c9

SHA512
48ba243427e649ac600abfa4758027fcdbc7b9d73d3497e6635e8131ff4c2e538454c00ae7ca80f78072b58ab9a16fdb3dc052db40cad78fd3463c617990fc1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
c1176ca530e513754aa939196007b7fa

SHA1
c8fca6f9c658173ae6c04f8eb76bc6801500f978

SHA256
d6673996765a7b26bddfc0b3b95dcb3cee861fe0a5e020ff1c9975ca26541cad

SHA512
0f6839b9ff2717fa37918c236dac6c0d8e8fd0e5adc46621c167ac6804a16cfaf95619dbbfb96d4e4dce0feda604a3cc27fa83681ead6a7e1e561f5318556ba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
af57ddbe137465bcd359cc725ccdac39

SHA1
b8bc879a8b52c59ae3b52ef70831fb17d158bb8f

SHA256
1a5f8d7dfa43153e95de3a6d4f4564806d7060434e6783b158c7c77a9b7c8f2b

SHA512
ffe9c91c56dd8e7b93297006d66cacc59e1fd7e4007e5d67979639eb946c7315198a599cd407024d29028b00039a9ff974323b075572914b0bd2aba4005f3101

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
e91ba7113b9ee73bf73cfbf795374b4f

SHA1
beef122500329c4babf0903b183e7ecc933a234a

SHA256
71d02f8625c90f7c9499fcbc6f2335fbacf9a5fdc58b475e0ffde696de5a9c98

SHA512
7c7644a911b218d20300a51c288182312bf57e48c78faf1791c0f710451bd907721d64f3f6d26a0cac77fa7ed088b0bc084d272f4416299122adbec9896586e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
2b4dd1474237a4dc70e20f421915ac73

SHA1
d584be2833b590e89e2de69626463c89f6637baf

SHA256
f3d1b90af58e98b943ee01c3ced5d13c6bdbc5f0c2eaeca9a204aff10c2d3b9d

SHA512
f7b5470b68bc07270f01cd0032b61e60803406bb5f1fc06093dde8fc00ea7c309a9d1c467853c7af5521adf8bacc2257649a4c65d97023357950353707f31c1e

Download Submit
memory/4692-250-0x00007FF6F1770000-0x00007FF6F1868000-memory.dmp

Filesize
992KB

Download
memory/4692-256-0x00007FFD7D2B0000-0x00007FFD7D2C7000-memory.dmp

Filesize
92KB

Download
memory/4692-258-0x00007FFD7C6D0000-0x00007FFD7C6E1000-memory.dmp

Filesize
68KB

Download
memory/4692-257-0x00007FFD7C6F0000-0x00007FFD7C70D000-memory.dmp

Filesize
116KB

Download
memory/4692-260-0x00007FFD73070000-0x00007FFD730D7000-memory.dmp

Filesize
412KB

Download
memory/4692-255-0x00007FFD7D2D0000-0x00007FFD7D2E1000-memory.dmp

Filesize
68KB

Download
memory/4692-253-0x00007FFD85650000-0x00007FFD85668000-memory.dmp

Filesize
96KB

Download
memory/4692-259-0x00007FFD6A630000-0x00007FFD6B6E0000-memory.dmp

Filesize
16.7MB

Download
memory/4692-254-0x00007FFD7DD20000-0x00007FFD7DD37000-memory.dmp

Filesize
92KB

Download
memory/4692-252-0x00007FFD6B910000-0x00007FFD6BBC6000-memory.dmp

Filesize
2.7MB

Download
memory/4692-251-0x00007FFD862B0000-0x00007FFD862E4000-memory.dmp

Filesize
208KB

Download