hxxps://is[.]gd/jjjLPa

Analysis

max time kernel
232s
max time network
232s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-11-2024 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/jjjLPa

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764753909700601"	chrome.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4456 chrome.exe
4456 chrome.exe
4072 chrome.exe
4072 chrome.exe
4072 chrome.exe
4072 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4456 chrome.exe
4456 chrome.exe
4456 chrome.exe
4456 chrome.exe
4456 chrome.exe
4456 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

Processes:

chrome.exe

pid	process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

4076 MiniSearchHost.exe

pid	process
4076	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4456 wrote to memory of 1040	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1040	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4908	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4864	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 4864	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe
PID 4456 wrote to memory of 1700	4456	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://is.gd/jjjLPa
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e9bdcc40,0x7ff8e9bdcc4c,0x7ff8e9bdcc58
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1732,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4276,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4904,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4388,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4372,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=948 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5188,i,2748660025274413429,10826014171697947973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1444

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1056

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e933d81ba8695a302b15252a8d63a386

SHA1
4efcd6870e1b855a9d46ab1b653f548d469a0281

SHA256
ec5a0d9db59681c91888ac04af2f273ee37356b128aacff20ee0331d81739899

SHA512
d2b6d5d57a503e3a5a2e46572d275d64af69d9127158f6b897f3c356bb8b328ab03275a71e09d8667f0b403dc89f921a903458bf46a84afdf75017cb4dbea028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
5d2bffa669eb2834b469fd731e8ce66b

SHA1
f7591384a4a3cea19b2d3768c71c962482a06039

SHA256
cca5036898a99db3e282c3fc8b88718d7931ac055484f5e2ce16dd34b9d6d293

SHA512
c6cac548aab624269d7ecbbfde7d8c9b7cdc4ecbdaa02be617e9d57576dbc5032507397081d67c30337a732b3560d6f51a925f10469edbd504a4ef4a4a631cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
4322b3069a7e2002f07e6dedfc79a30e

SHA1
69769b3b4988c6ada26ddfa45b76f703c0b96b94

SHA256
e84f7dbb510336f9e1538c1638be01a06982147605954d4f79e8e65e540639e9

SHA512
b04bc584740ba5d04c9fa2acbb52fefc84b41c89371db77f38c11c55ae75348e5b1035cb5bf267b02a7860a0d54dfbe672229b547432c9d75a973bdbeb93abc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8a12cb7e05b9f6986e9fda12eff61193

SHA1
c31f00303c42a27841e4ab04cf1bb95d89fe2b38

SHA256
5ebbcb0fe8f6000ee7510fbdddb5cae50b0e95a8e2f7fb4babd5f437ddd6a7d6

SHA512
baca568f5cde6455c9022fd52d063a6701d923c4304884797211868204f09ecb63725cad030fc3de19ff52fa6e75f05eb0a98ef60156077faf3f29d451219771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
16b2e1cb5f7053002e53613e0740e9db

SHA1
fa7b4597106b11192013a5a690fa93a121ace7e6

SHA256
52fb3e9f8bd3c2ea1fd24c49cb26b3e41bcfdcc6145c472890662ade8b677463

SHA512
2ca0aa902d3857422551ea15105bcbc95569129373f158e4c919866999eacec60940f0972fda36863dbaca2bc50248e0a51b782e4ced19b16368d8498d43e63c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b12f7b0479177a284ae269830e883308

SHA1
be90ae7b4c9a3da6b4b1cfb6baeaf260ea1e36d2

SHA256
d7cfd531acb9dc1080500b9e5fe347253afb5b73fb141b2955c5e66d3b007b9a

SHA512
1190bb1891df8acb9e7c20efa3a8757e0726cd593620e8a50ea23b27f8019e515427ccd3bfa596611af4c69bb1bc798d71d8a24218a7e345d98e4204f62ed7d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12faecb220ae4a3d12f6803e1a21f893

SHA1
0259138505ad565b3a0631f58cba1b3a7070e3bc

SHA256
a7c5505087b7fe8bc2ac395af5d81dc4de6e50a5b76f7d3ad26be76ebd5bb713

SHA512
ebc88151ecbf5ff4066ffffc4bc9c130502d8adf795e4da2d047589e3e95a60d2ac72bddadc80ad33df9ef0bc45b0d4578ef3f76be8fa0b6a185343b661f8642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
827e7df964452b3e168dee4330e57259

SHA1
d422b524683b62112bfa19865c17e75ba4293b63

SHA256
ee75eb58b1c781c62cd06a8e0f907660646e6038f62c85680aedd49f0aeccff6

SHA512
406ec9c2c52bf518801c897e62f00d741d7c56ae774aa8f68d891bf0b01a02f8770e3acb462c441d34658cce3959a85957212d0674fab7443fadd9627c5ed170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74f44eea7b560f1cfeb05e7e50687a59

SHA1
274c8e85cabedac3e54e14a712b3010a5542f6a4

SHA256
8e1766f8f4bdb203f068dd858979e2e86d0defe922f540ea60cf880c89b87a6f

SHA512
6a758fdbe15c2d0f1618cfa9cfab7c31cc79cfe85d1c9e2fdb913768973edb55dc9db37f7e8767df660968c290a251e99f52f6c2dea66385df344ea9c8fad57a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8bac05b7a0e349fdf6ea6af744164c4d

SHA1
08edd09dd64ae3f87a44d174f3ca8a04fb286396

SHA256
986f6358326ff3f7ad00d789f5961ed90dc2725990788fbdf19617f25a3d05b9

SHA512
c613deab7c0fc9d7585472a019ff7174d496486c330d5ab5f11a6743a6078c4310df611cf5c95900e52aa3f31442a0296e34fb9cdb5edbcdd31878de40eff236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7802e5622bf1fdf5f9c20b777b2eab0a

SHA1
d266b84833013b499a4dd85a8ea8a7b07cc07b5b

SHA256
ba62a00b163b593e005a7172016063ae3fa1398b096b29f2dfea882125175369

SHA512
67297d1dfd719bed1cfc4ba6dbd80a5ccfc7c9dfbd2900fc1c7d86f2942354b138683573b2f6658472fb20719faf48ba92fa2c07ed3e9d4006d987dda7c36b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8b3c441febad041f28ae3c552ed3c55

SHA1
dafa38696a1b8392826b8ee2d4605ae1ff97b4b8

SHA256
83af5a61d49ef7cd7e3a4be31e0050aad036b5cfafbeaf181eb50c7bdae5f85c

SHA512
289201b6dbac4be1f80306fb320a14fae8efe5a0dc9837ce23ac27d06234fe3a903904a0b39b034b1b087e9ed3bb3809bdbd5164fa8844d1e140dc0a9f128503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c37fb28f8bb1d079a49e76979fe197b3

SHA1
5db44946f4896ed47334a148ba3de0c738903112

SHA256
0ca5f92ec22f7d118faae6f587dd7d340f491ba7acc12190a69c3c5d3cab569e

SHA512
713cc6692972fadd7d913ab6d2dcb2105653e2acd10ef47c46c9bd4e0565e86e5250315a3152a4db82c7e0aff4db49b2cc934db5d4560898d4390aad7a701fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0b78dfa6d3c648eccaaa182ba1d8cf8

SHA1
23e05aa4b47ad582a9b2447120d022d4e5a5dd2c

SHA256
ec43df6465c45732be9ec34a9f458322e8c1fbb48099dcd2e01d7b93656b90b1

SHA512
e3ddf7765da4b6084983bc2399c5f5ac76939fdeaccfc1295e931d71bcecec9b2d12be5210010f7eb5ac5de0e30da4724ddf9b4e600fd80792d5c01ab8dfa204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ef7918d35bd226604bf7d957115eaad

SHA1
e118aa997b2f7255eccd9ddd4a12dee75c084257

SHA256
ac63b0762fbe04f96103533b9f842f4eaedec39e43fda52b65a051163a6f2fb2

SHA512
b76b7d48d898be72354ae493e257c59f5195405f8f2a2b7f07d596540acb80bf261c46d99e8ba527bfa7bbfac6ede51eb7afaf47d1e9f5b302eae540d29086a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e905bc515f7b23591d525f58c4eaea1

SHA1
a030488f3acd6384cb185717c557b11d93e6baa5

SHA256
42af58a729bdea4acee49b03c66a5e65cb1000a71ff1438bf70a251c58ff5e84

SHA512
5d29b67ef68288b937fccff7208910b1cd3665ed94cee675e2564a7fb4ade96f9db8398f77bb3115922f631296ce511baff82ec85e8fcd6bdc7cffbe80184464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8daf78a8e4b4985e73bc9f8c53b45b9

SHA1
5675dc954a243436420e6676d1fd319e99b9b09b

SHA256
44c76f99148231f66bda76e634071984c14809a65d30009ee06827b4bacb16b9

SHA512
a466ef28c03a56495218b57841d9a8349d52550f68e28a101ce327100798a458a548da29312c0ab051a2c001668a7a990aa2d7ae9eec1a6b9ae545e765f6925c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08c451ccb4b6e7046d5f52a8b2843bed

SHA1
14117b9c55b8fdfb7a743bc45f96d50b3f166a9c

SHA256
3b086f5d38cff7a4d313a6147c61a50a58a724943c3697b0aca1948bec347acf

SHA512
382d609429ffed32cce4dafbfbe03dc0025f38a4905afcd54e898bb358386ca0ab41fa6bb9da090cef4a768bce61467559bdb12581b55420861022b8252f3efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22376a14fed019f0111f11a73544dc89

SHA1
a25890f80e47f34cf684dda4fdff1140e4dd7425

SHA256
fbc286f9c3697e8c13e9a3bedc8e47cfdc4560844f8f78f39ac96af400ad3a3c

SHA512
3df70257a84de17149178f20767a719acd440f70abf2b7250d7d2cedf717d462628e06a0876ce4388da1f867290d3f76cb6450097bc9d00da39d723e72422f19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
877219dd30b1542623fbeec9f1481441

SHA1
2b1d82ddcb74af234fafd409b67318ebf72721ba

SHA256
515ce6233a2f0a8099ae2671fa648174d665d419249d181e1c4eceeb99f6a2a1

SHA512
f83fc44e026da3690e59b94f06d7a86cb7e44764f59cf97d11a926d8bcdd6365685969d60658ef16dad68fc8a8910cc4659e7671d34b1d67492dab450bcaca97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a495f249884cf8e82e66cb0f5d55487

SHA1
83f95b4d51114c11f99a7146470edd198e3c204e

SHA256
a9b8a1bf796c48a7b6d9b937d1e4f92c10bc26fdf2d467b14720198d59683de4

SHA512
1496c45831375fff7a990fb5700195e0d5c4d56229e96ec347a63788e4df329b61198cc48f9905b1ccf1739463af107adf3f2751d3065eb8fea06529f901b541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1253013a104702bbcc8f7ef1e5b37f93

SHA1
3e8e1e398ddad5a5dfd7d57a19b70f4085d9602a

SHA256
e369807d1f52a75b0a98cb1139d5b7bff5f2b595eaeece8e0311a835b096b869

SHA512
ab261ea6b739175532c6239e654ff52b69bda1f83e1ddaf6794ae132700771fe4b9fc8bf826db97a1976013f902653ceec637d5190eb2e005f3b479f063c2ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
250e9e322baf90871c79d0159122568c

SHA1
1d266d625de3209285eece5d845f0271428bb1f2

SHA256
0be6cf8f285011fb6b7f210c0b396a78c8edc8af27c169959c05e389d35763d1

SHA512
5ed4ad901203d3e0fba6f407bca1212fc91dcd9ff0a5bce35dc3c8a4cdb47779e0a3e29c25c0008504dc9f5e6cde3a397f322f6f2699055ab2f1a030d20b20b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75a31db7c9ae12e256575489c6f2e1f1

SHA1
f7fc33b8d73ea4126a7bba49b8cf8f7366b32350

SHA256
e6facbf5b96900cdbeefd37478ef7f874c7a84dad8a82ce4f62dfa23c9ceb908

SHA512
666b2c4c7319a1506f721e66f6cc21163eeba419c7d50f980d4bf02fccb76871879c49c7b343b49c90dac66a171632df46cb845079fe184595484b55dd148b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02b93d843904856af5e92c9834c26a7e

SHA1
6e2cf14b2ce9e90e416e7ecbe353f2fae981c7c8

SHA256
f4d51c02e41e53ac34d3c0abb2104ee5116e7dc5e944e26fd4eb2eeb75c0efa4

SHA512
9743ca149a38e075052f8ba58e5c0c5b24c4756e13cd27fb3367751a6a44177b52a8b055261d57ce8846d7bfb3530815d3a022c238fdb0e39b99c1d74c8e8ecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
53e9612b415419be8009b854ae885464

SHA1
227718eb701413986557c78fe807578f253b26e0

SHA256
b4b504df5f908bb7aad4b1bae57a014db774e09ea7dd33890aa069cfd9a1ac94

SHA512
bf9370e70c8f1d2e555cfce591a44dfebc3728514afb446df6eab6ce714ea2181c560d180b6746d300e7b398377c43c95904df8c94c10adf35a911581455e810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ec4e3a2d2559b9b6918e6ee359ec431f

SHA1
88e6c8cfe4fb0348e5409f081a7d2b39c9dbe7ee

SHA256
dd4a76980319739fee5f673bccf4431e1c00173b5dc998fb804cb30f8a3888c8

SHA512
8f6ae76735fd0c1dd0780ebd9458a6e9559becbf1db9eb56bfd7341431b0191fda7093e100b9a74e89d4325e139e2734329597b79d004aed9b1c4334db642c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
0b29197c07a0ba2ba47742253ae8a28a

SHA1
cf0dc95c43e69632d9076afaad406526aed24cbc

SHA256
3a04ea6a07c67432c63459fb5fc91dead8ad1716d361d91bf0924117b96152ec

SHA512
4069b4221542d299110b251da12ad36935bc8de591cb011b3a904e4c8f01833eb34be4ae7da636a1d736ea189b7cb5132bd7b4a525f3db692be95fef416a78b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
9ae2ec961845af1b0c78913002700fbd

SHA1
bd2243f4ecdfbef09799641b105550b79b41bd5a

SHA256
0c08f8b58eb2852193c5221a0a5b14d9d284ff83fbc6e73250669b0a3dddb15b

SHA512
84a90f541306a1147b40faa7845704f8059ddf0d5547810cdbeef58eeda2507852d49c24a8910d7221080db725fefaec6228a38ac2414e25ef0a1baf4ccfc3f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e6b2fb415ffdb95ddc1f67facd95219b

SHA1
bbdf2e1047bcb1353a8453b8749a3d17b304cf9a

SHA256
de2134ab0a702ef7ccbe6323d08f431cfcf069f24ecb0d7425a3494afbba9bda

SHA512
01682cc7c46b9ff27af7e56719dfc71a3f0943bfb561818e2e230157e1755bea3e76bce3c9faa501cefb04a09bdaefa2eae12c2d5ff931fc5a7c7ca037a12506

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d6d3499e5dfe058db4af5745e6885661

SHA1
ef47b148302484d5ab98320962d62565f88fcc18

SHA256
7ec1b67f891fb646b49853d91170fafc67ff2918befd877dcc8515212be560f6

SHA512
ad1646c13f98e6915e51bfba9207b81f6d1d174a1437f9c1e1c935b7676451ff73a694323ff61fa72ec87b7824ce9380423533599e30d889b689e2e13887045f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
fbbd10b5151e4365bceb3190d826c524

SHA1
45a77c1d88151d54383047d84019bc9e84cfa0c8

SHA256
4400d61bcd5543a3123ae53baff8863336555d96350ec33ce9a3f8242917cbb3

SHA512
32404e11daf2116efd194a65a96c24d83c8b0f1eed80ae63d6077d26e8b51f636db993e98474257fb2aa262d87b6ce6219fdf8f2162b4fd179a3e95c9dbee7f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4456_YJTWULZKRRHMYABT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit