hxxps://cutt[.]ly/letkkPXZ

Resubmissions

21-05-2024 17:58

240521-wkgyrsdd97 10

21-05-2024 17:55

240521-whtjsade4y 10

21-05-2024 17:51

240521-wfe9dadd7s 1

Analysis

max time kernel
144s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cutt.ly/letkkPXZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607879356746356"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4276 chrome.exe
4276 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4276 chrome.exe
4276 chrome.exe
4276 chrome.exe
4276 chrome.exe
4276 chrome.exe
4276 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exe

pid	process
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4276 wrote to memory of 4744	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4744	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4844	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 3896	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 3896	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe
PID 4276 wrote to memory of 4056	4276	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cutt.ly/letkkPXZ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9496eab58,0x7ff9496eab68,0x7ff9496eab78
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:2
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:8
2⤵
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:8
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:1
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:1
2⤵
PID:1524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3960 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:1
2⤵
PID:2036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:8
2⤵
PID:5276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:8
2⤵
PID:5340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:8
2⤵
PID:5820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2576 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:1
2⤵
PID:5276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2280 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:1
2⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4700 --field-trial-handle=1904,i,4945691337086589954,7741655356181142441,131072 /prefetch:1
2⤵
PID:2616

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4036,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
1⤵
PID:4852

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
e646991f9b7863013f4543e5deea2d49

SHA1
7d3ab1c249b15c5bc5761baef819fa96b043539a

SHA256
0cc277125b5bd55a7c42e32f351b5bce3ca6003f28bc0646db5bc6b9b5135c07

SHA512
8b7b264f086ee2d1c1ec1199307d6511ce964890e84312a1c12c21a0a1fac24d6bf005a2ded820ecae3b51b58229a8ce724e98e40b03e1f93d3914948025a76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
576B

MD5
83723f8abd33b37e363fbd6b451173e2

SHA1
335656ea14978051a81f7c70d8684b54cd90d046

SHA256
19a7ffd411c560e102f1ca608d38e7d2dbff6414ea1ef4b79236b387ea4bdba3

SHA512
3bbbf1599182a34f2fd3ad44464441c33a9bcaf1422202d57d5fdd5b16a3b5d24274c67ea2b3f755f61e4d070bd253a68922878198caf5af7b475d99e34c1f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1008B

MD5
6cf6bde35853d148812efd4c01d0ea60

SHA1
50d9b6b952470b5715dbd500f9a8ac9ae3753b6a

SHA256
b1ca6a7fffde5251f3015621bab171bd1e7993c61b4b19e535553a448817c45f

SHA512
e26d2cc83b7abc93aa1460e4e58c1502a4a4af22ea0bedab66bbfaeed94d4b96844e8a2be2678d08ae5ceed72611600c43287baf7dbd131cee8686097169861d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
ff217576b629bb57a1530f6400186c67

SHA1
e83d48c967513927d9539b385084a1d7e7f74809

SHA256
47d2e53148074b9b8842c46478ead68f4e25a3caf2595327ba82de4702588ef1

SHA512
87420fe10f2bd3224b66aeb59d7b1786ff3c53d7501dec9be9f4bc83a5923e6e8cbf7e75af7f01c5842bc1568281fe3e319a8c9d268abc75d5c8b60d3c8b2541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
3b8468f81669e64a481c7f0bf4348146

SHA1
1504e8be7a2858d6c1c7a05866c9c4427a54d9f9

SHA256
6de0e44bb7e59e71512f4225135208173029d4c29e11494639a62fe9e7ae41ab

SHA512
cd8a17cbdab9990e14ddc2b1f375e675ff54fb456bcf5efcf746d1f33401537ecc4fd3c1c3e683153ffaf1c96d6db5b6c9db21ca72e2f2f97a421da02fd47d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
fca4eb3822fc5a4c9d54835449bd7b84

SHA1
cfd09e94d871b20bc2d444c1ddc9d60e79d1a492

SHA256
8ee07baa25094a4ad63b89fa00c737c0f7e517ffbf729abfd47ef816fa24d375

SHA512
1b490fcb0f555edbf802bdb2f2fbb07c6d0f6e9f515cc6ff171a27adf822660f6c9eee9bd960fcad8b75b9acd3b4badd2c5257b5adc0a70ba6fbe48657a64ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
966bc92274ecf82579318b67e239d191

SHA1
058fdf046cd663056360c0360068ab0f5c240fdd

SHA256
307af3de635f661bd950e77ccb16176dc6a29310b3a52e5116e6cbef597840b5

SHA512
3cc7997671c27ca0236ac84afb24e6f342efc6ee094b7076d20019cdf68b34d607aee476d329d879e516418d16c98d968ffae6bd53feaa84e89377ebf2b2d29b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
11dd8cea4a901ca115d554c60d3fc886

SHA1
4680ba5df806d289af1b4baeafa0de37a167031d

SHA256
df5b83b9079f34706284916cc982cd0d9fb5b4895c48c06b7bd73dc473f7e514

SHA512
8abdd5c27c68231f95ff710bf6d788be514d656275683b77891af3aaa89570e81e242efe01c5d9017da1b21955c0471c45906fd507ff0375eaca71adcd00809f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e7ef1949e0bb2ac312e870d6e005ea10

SHA1
f278bd6d2c905a7b7a4198f4cba39f6106ba6762

SHA256
d94b0c003a3c7e8d983a63fae0a9ae19039b28ae0c379dc48719096993ab0389

SHA512
1212a80f435ca5eb5dc02002b566627a71393b946691b9ae00036b2584542049e803d21c3818296b1af87fd3a26788dba9f8186f83db7e563b48ace3efc9d752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
a2b4fc73c0ee86915437ebc4d30481ee

SHA1
43a6fcd28c096c77e79e5f446e9b92d054016797

SHA256
15375391d95d8d44990f9d26cad93a33f1b56bf060464c8f0b16dee559b70913

SHA512
f22455f2253f673ba4774f673a57ab783b172b05df1e94bc701e15a17d5f310a19bc32be827b65ae02b6e3a02768a1bf10748704b7e801f742aabc339af68f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
abe32945928ec439dbfc99e41f90d2ff

SHA1
50aef95da3bb6fa34cb0530429f707b47da78a54

SHA256
6fdb1632e76364d325cfd4969148ac51079f230dfe8ab122983c267b64b3a6c2

SHA512
0258cbf6fcbfd185fdd9158c677082132a4e7cdecc80cf7a8b4dec520ac55ccba9479ff8905f4a993e31e5b1c4e0539c3dc97563ca5a3bc84154e0215cb25162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
8e9d957a5c3a7792a8ae1e942d9cf11a

SHA1
eb1875dec2c2e89ee80d068040dcd9814499543d

SHA256
6b53f8ba2b43f2a33252d7c7feeb74e51f7707604d2d2d833d3a6ad3dcd90fcc

SHA512
4adabea9291402884bd3d093bd0b1aaf3914917f5fa7b5c7cd64a53df3c0bb685012f49e238d721b2700d42ec5c19e1dfeac7bb4a88e23364464e7d113269d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
1b2ac566fcae6b81b3896c8817237eef

SHA1
2da24fac0294ebcda34c5d8a12be0cb434c435ca

SHA256
d7faf9fe5f62ce7edd7cb24c1f1488456e63a2f854ec7c37b8bd83e6efa4a749

SHA512
e50356504016becddcb28c9f21cb9c5ce8ac0471e2fbcf769a82ec007777ae6bbb39ed20590b0824d6c8324b8dedfb052bd7f1af37a20d63942e432706896317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
27cb1e2644a506d1c4a330dcfae8ca87

SHA1
951b356e5feb17f7bcdf8253f77fb836c947e266

SHA256
c32845c8b5cb4d9702fe6e8a272d079f67a4869342aa47ce545659debf46f7b4

SHA512
fa0ff94f8ccb072ed0bd202b35a084c1fd2cc122bee76f70e004335a8aafb43c11fb05acac86d978f5f8c5a604f0e9fb5f893163c9066cce131899d1c06c7346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
89KB

MD5
9c5e8b408c8082829336ff3d3f7de15e

SHA1
40f862184b5d4832ac48f7fc26c5d985d0a3e48d

SHA256
b2538b669662cd14e1f06d305267bc5c4b9c88c0600433d06f7ca34b33110efd

SHA512
8680487eef82dd5bb7b60e716caa4decd00f70ac0a2c2adbfd18079ced8f852863fd929d45620c1f547bafeb72a8eb001b1ed20572c5086a8f8c1470a5b942d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58651e.TMP
Filesize
88KB

MD5
5f02469decc89baa85d74abd29e57667

SHA1
845b37ec507a775eab038c55f458c5d563f2fb7b

SHA256
da7fc29f139778d4060cb17612ee5c91deb777d7b69a98f10338972c48be4939

SHA512
64414fe0c91aecd319c1d73f47a2de84caf572410bf78bdb5b46f774e21e45655de0350e0b39230f6b6d938318888f451017599e87c28c83f5453583684e8bd8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4276_JWKVDTXHMSYMWNSR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit