hxxps://shift[.]gearboxsoftware[.]com/rewards

Analysis

max time kernel
453s
max time network
452s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2023, 14:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://shift.gearboxsoftware.com/rewards

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133236276044030733"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe
Token: SeShutdownPrivilege	2396	chrome.exe
Token: SeCreatePagefilePrivilege	2396	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 3996	2396	chrome.exe	87
PID 2396 wrote to memory of 3996	2396	chrome.exe	87
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 4328	2396	chrome.exe	88
PID 2396 wrote to memory of 3940	2396	chrome.exe	89
PID 2396 wrote to memory of 3940	2396	chrome.exe	89
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90
PID 2396 wrote to memory of 4244	2396	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://shift.gearboxsoftware.com/rewards
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84be9758,0x7ffa84be9768,0x7ffa84be9778
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:2
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4024 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1600 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4684 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5284 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3264 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5432 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1888,i,12123658820929725411,10478664742824091611,131072 /prefetch:8
  2⤵
  PID:3064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5c635f855d972f2f369f96a10b3970e8

SHA1
df0ea7dacbcc062d3dce8d8c888a11c8f51d6cb7

SHA256
9f229a49aa730c1dc3dde5fe4f65b25306d2c3a8a94fa88b98a257221b580a01

SHA512
06841c77cdef5fb1518b407853e106d5bd42799659e14ce88223cc1fa5b1988e799faffe102c4c3df300e88c9f3bae2119c442de7ef2c60c81be2f32b9a61265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
12d807354f3322cece25f469a1d257fa

SHA1
5614c4314021f340ce2e6093471f0b66d6c08c7e

SHA256
c1dc75d5ac31e7f4fa3dbb67af1c4a16ba55ec7371750b2a2b46d0079eded272

SHA512
64c2b3df3100e4b56ad4ee7bb5c8f32dcc98774902a09e3ef663c9aeead56ed24743bd5f38343ccb42a9f37b1f153af3074d84efb58afb45c7545f064b6a510a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_opentip.kaspersky.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0f741908776ab970b220df4cf64053ed

SHA1
b9a5f4c8f29ae976870f6254ff2f332242498305

SHA256
5fbf7f4a389f30725e0cbfc1baaf7172f34708c5325ca4776c18e3a661abcf49

SHA512
81bf30ec0d56a5e28e41e4e797ce8c06587d0594d0ffbd9c2233b6dfa7632c2a503e8b46c2616b88adbf47d8a1b3d3d14f3afe155faeb7f467248a1b15a50857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fad4baba41f75edf39de3a03519f7ba8

SHA1
bba5d452d30fe84392c9ae98fd01e6f4ac949565

SHA256
2e4b8b20312f94a822ff019299751db794a2b295617616b80c649dd00e51d4dd

SHA512
a807c9e1157144753c1026accb0b15ade4f2a3de463635a5882549c02654a0a35cebf85e0fd9c4424d113cb6ad554ab6a74b32a9c545c9b98779caa07dcd7745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
0e5c3e6c6e8acc7a0490098ae10fcc5d

SHA1
53c67176466527ba3b2b465a820941af61237eca

SHA256
8aa81a4fc962c9a1b07bf8d9eee1b78e7c8a1318a4ef3605b194f1239d14927f

SHA512
4620beb0ac0a54799a8c17eafa5224d85bbbd7dd8f4ad82efd3f1f5fd5555c189bf05c9d581c3233c8f04611dc034be375ccf84ba50be773d5ca66722c9a6379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ad2dad1f100cf846a4add8a1eaf9f499

SHA1
d48f2a73d54c9c7d7f7b12718895b593a0323a5c

SHA256
3b6d5b93f9a4e884f5ebecbb569e803625009599f83bdcaac26508f1c55e4416

SHA512
7c7782341f3b76d8eecff351b595ffaf553bcf06b9d118e0d67a187765b8cf6ac24bc600ababc8d35290c1da25f056570d78373d7fb2ae32917d49c57cc3fa57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
aa2fc47e42e95180aa02532065a72ce0

SHA1
859b031e53fc6e43633bc164eb6d71382f7b43c1

SHA256
0e71bedaa83a16d8905fef10cbf8ca4d21ad9bcd087e7cc815c1e7f4f8b2e87f

SHA512
ea91f558b688069651bb2bc7867e897575ca0043127eab64059de30d584350dfcb60ef86e6aa814645f2839e3b6888a074e73e1707c477af0619fd79ffcfb58f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
80ad36e899b26938c9741b12a00e6a84

SHA1
14159c4954c1bdcca377de77eabf4eed263b4a25

SHA256
bb45f07d3f2420abad75152f9bdbb020176c7c68d31fb1cfbaeef21e87d581fb

SHA512
600ba8b04d98be8c6559caf9e1e7ae1ca1645d55cc691038309888ded48311e09090c9996c322bc2e16de422544509f288ab297d9d610e97e45296196963f5ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
06c6a63e23b7a3cb83984b74109121eb

SHA1
5cc56f5f56cb8d231619165775a302334d3dc252

SHA256
614ec40ca82d1543894329aefb0373eeb4610346e6073ef8bc9872a3a379235e

SHA512
0b8d2861195c336996c4be08b8d22c2a7b6658d0e96671ea0217297a337fb06ae16f3a15581b9d9c8697d9ec502e2dd4bfc3f8bfc8b3cd01346fc65096bd6b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
bf643a9ae7d9c47c491c1ae78887dec7

SHA1
fb095dc9fb477a996d3666bd95f7327e4d6cb8cb

SHA256
4fa45ba4a756a1a49494d64242cb61fce88d9fa4ca83a82d761e248c0fd0c345

SHA512
4174137ccc57a3a030690945f18dbcc5c6cf3f7850f482d757165b9b18f70af0894a0c3beb1e8b17f4622e93d0ca54dd8c9d38c2c41837c19fdd8c091645c1d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
e4ca7cf47c30b5f87ab44914d46d8451

SHA1
a647f3232f75f8653e9af70226ea0e98203e66e6

SHA256
eed889153f856b9b60d55f4ec7043dffc9997d1c299e22edae348a9ce6c2bf5b

SHA512
37fb7c4ebc201fc891e252130df2fde86a6246dfbd30f042d801a82b646067bb35467a563c59bc6a49c4f130dfc640e34fa83dc57fb776788677a828bb64644c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
48917b8406c8ce4d959f38bc170305af

SHA1
7afc01561e265c1803d467294d1101e5c887d700

SHA256
b3e01e01ae7e4ab0669f86b4e9edb59b313c77bec428cd64cde7f23d763670c9

SHA512
ecc357d8aad51d23e11efc9481657442cf70ff65a0e69c254a21d5691a0f273c4c0679d8e4e1393e758c592f17f01aa4e0f445f72ac476821fc9463ef9d41727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
6bfa88c24997a28bb8b93328eda0ac27

SHA1
d9bcad68819a0b76c15791d24a6ffeae41c93cb8

SHA256
8258f766015fa69705c6dd718ca6f241b8c80b370052f78af48802f2bc332e8f

SHA512
1d66b3a4897d0a0d4d6f602ebde98263870da2002b4d8f64a79ed55880524070986b5bef7fe3443c64c1324a1fa82aebb3bd982691bf9c07560f292535a42065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ce508.TMP

Filesize
100KB

MD5
48aae682256a5e551a323df119d4577b

SHA1
df9a577a9a6f7c2a832c882d69ae8400e2606f4a

SHA256
31264ba64bd0bd40c371154747e65a50be4c8299ee9498bb52dfbfaa3d52349a

SHA512
e2ad50f4374dd96b2225e9f4ee931b7db358df7a9181ef00fd90c164195d3844994149f17ae101ca9167a78f5f7b3b529c7102b6f2456b2b31b9a766135ad39b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit