hxxps://xxxhotcontent[.]blogspot[.]com/2024/05/content[.]html | Triage

Resubmissions

19-05-2024 20:07

240519-yv4xdsfd99 10

19-05-2024 20:04

240519-ytntsafd37 10

Analysis

max time kernel
54s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 20:04

Sharing

Report Analysis Logs

General

Target

https://xxxhotcontent.blogspot.com/2024/05/content.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606227130293253"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1936 chrome.exe
1936 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

1936 chrome.exe
1936 chrome.exe
1936 chrome.exe
1936 chrome.exe
1936 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1936 wrote to memory of 4152	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 4152	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1240	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 3372	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 3372	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe
PID 1936 wrote to memory of 1004	1936	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://xxxhotcontent.blogspot.com/2024/05/content.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676dab58,0x7ffe676dab68,0x7ffe676dab78
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:2
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4404 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3048 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2968 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1940,i,11595157356602578689,5795531326159431299,131072 /prefetch:8
  2⤵
  PID:1996

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d46c20dff27a70cd1889b7c57c26ac16

SHA1
454b2151e88bec91ec3a9f7e0bde02d64f68b282

SHA256
8c9d73f4020a68a6c807c2293d0db752a07046dfcb90e1dbd43b320b26d23ac5

SHA512
a45a4bc25feea03ada2b1b73a543e0d027ef9f5112d61db4fff09c3ede721b759523fb85b1f7b4ce6d91f174a36191fac0f28527ed6d49d028cc21fff98cca17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
846B

MD5
e349d02bc238029a52958c3b4d36dce1

SHA1
57d8b3e966b84a4702472fbe66bda62e20d26884

SHA256
b0af1ee59623671063159a87496583297b1ab02754f98fd928df9d1be0b34976

SHA512
09eb07476ccf43879a4ef0c9618363c37cec89d7fb759384d4e27691d3964dc9a1caf9e1785f5c65ae2512199549c7bbe79da5b5ec41cbcd803749517344a395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7cd0d655733dbea6b68ed32d7afc8ba4

SHA1
834e06f2c4bb534467b030abb58bf3dc41b67111

SHA256
9f289e4c584f7ff30d4d51aaca4714cca56c011e8c3edc107e51f19739824743

SHA512
d5ebc4a918e396f79cb29d75110c7f49952512c7715aea51542cefa214ae9cab39b01ef0f82d5be11b3a4f934918d4b578a36e14734af668fb6f9400f957cbac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
18b3c204ef9c226916d3df1df6c4229e

SHA1
ab230eab33a16f4acb53657683677d34566b8a68

SHA256
1c0ae6ad6b92d059075536febcfa38236328e64a1a4cb6ac8467becdac171fc7

SHA512
d61ff1af611919ad511892442db3ca4800300c90223b6da1e080d1712961323b0d4fdc52be7fe0a16a55ca1bab33b63f2347ccca2b55171c7c909c5ff1152167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
d0bbe1a96161ad3138315eebaea4489c

SHA1
e247a18b3b97e21aec3f9705ecd67bede81ba5d1

SHA256
17793461e7839031bdcc11af0e3766ed58dda4a4de2ec879600cad65bb13b33d

SHA512
f8179ee03f38684730fade28db88ce436b59af9c045f4229b8a01e77381830c69bbaaa7b2b8c884a5eb420e50acfbd728a8a7bc02fa22b774348451733944f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2e5699fdf0ccd576d9a01a6b2a8988f3

SHA1
d3a92be948c7671214d5a20b269e799bff78712a

SHA256
e858c57b38bb30039ec6a6c26c101a9e804df65cee4f057f2e4a85e9e4b56244

SHA512
13f09bce0cac2845f7ebe1d184f0b2451a89e62968300185cf333b6aa61b3942855d93f6d77dcd10f1bf62361f786927d3b949c5b694d7444648546801c41ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
79cda4bee8025f2b43423784c53d2ca2

SHA1
33be30065a69a2460c6c4f44b5c67431c23a7848

SHA256
f21c46154ecafb209f9d5f5721893db6b2e35e2824684eb787ba5098cd37c4d5

SHA512
41773184809ed65e340a556d101e17e1aeea8987364135b57435ac2f04d7022689b835c3640b036e1c8d727d23c88afa947382f87965e48bda7992523dfef198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57dbaa.TMP

Filesize
88KB

MD5
c80d29bb7888397eba5ad9c5400e10ff

SHA1
b1cccbb3fef50e8d9363865c1b960a8266048b29

SHA256
09a1f3b361be57ad4a599efddef9199668a1bf428024822d40746fc6f8c1959e

SHA512
143b122e19c329f9e4f1dcc92b08b37055909b09eaa64921170689c43b7706e81808027976df04ed4bcd62a98ca92bbfb1775ac9bbd9c1d69ea20ede36bfd893

Download Submit
\??\pipe\crashpad_1936_EFYXNKXJWNZKBZPQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit