hxxps://wantingcandy[.]com/?s1=350114&s2=948878676&s3=5191&s4=&s10=2346

Analysis

max time kernel
315s
max time network
317s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2023 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wantingcandy.com/?s1=350114&s2=948878676&s3=5191&s4=&s10=2346

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3232 208 WerFault.exe

pid	pid_target	process	target process
3232	208	WerFault.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238325902095905"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2128 chrome.exe
2128 chrome.exe
3976 chrome.exe
3976 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

2128 chrome.exe
2128 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeCreatePagefilePrivilege	2128	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2128 wrote to memory of 4472	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4472	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 4688	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2624	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 2624	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe
PID 2128 wrote to memory of 1852	2128	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://wantingcandy.com/?s1=350114&s2=948878676&s3=5191&s4=&s10=2346
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6fcf9758,0x7ffe6fcf9768,0x7ffe6fcf9778
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1848,i,6394565741985129085,18145052202042741508,131072 /prefetch:2
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1848,i,6394565741985129085,18145052202042741508,131072 /prefetch:8
2⤵
PID:2624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1848,i,6394565741985129085,18145052202042741508,131072 /prefetch:8
2⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1848,i,6394565741985129085,18145052202042741508,131072 /prefetch:1
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1848,i,6394565741985129085,18145052202042741508,131072 /prefetch:1
2⤵
PID:888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1848,i,6394565741985129085,18145052202042741508,131072 /prefetch:8
2⤵
PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1848,i,6394565741985129085,18145052202042741508,131072 /prefetch:8
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1848,i,6394565741985129085,18145052202042741508,131072 /prefetch:8
2⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1684 --field-trial-handle=1848,i,6394565741985129085,18145052202042741508,131072 /prefetch:8
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 --field-trial-handle=1848,i,6394565741985129085,18145052202042741508,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:936

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 476 -p 208 -ip 208
1⤵
PID:3248

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 208 -s 1468
1⤵
- Program crash
PID:3232

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
0b6d000930e2ae89b5cd0ed3da5d92c4

SHA1
e8b7b3d9dd51a8af1b67fdcc459b5930f84f9fcb

SHA256
e63c4e8191237a8e29b4370f8b446d4a3fc55baea17871e7af73ab13006009a8

SHA512
64f47bbc04504819f35a0a6eb91838549d184870a8b360f3a69546b28b401b2287f8c6936a6c79d4dc9a33828604699f60ad2542dd10dde037da2c0b7761d779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
f329898d73b1da13d73eeec20ac616e0

SHA1
161d37af1b8e7aa63b93b5fc82be2b6bd36ed080

SHA256
bcd0752ef3f86475ec4a078c478cc52f3981c32c49fea9fc7cedfb1ed2b8dd91

SHA512
ab100c3e22aba7ace3abf49e56a8b45a040147419d2bdd0b4d2bb6c521ab5a3ab6758e74980f60d9595f695837938c8863d5c8c5473a5204cc5d50f5f8290f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
5f565e6f619b31a5056a75749bb75414

SHA1
69f27edb7a7332a4d6d46cf5cbc98e175a5bd195

SHA256
f1c51a34970ca7a6e6c8206bd4e3983b86d5d082358e4f86180e0053726fc407

SHA512
7c75b67a8276618c9de800df99d81651d5940422e98a2b35cbc61271c1be90b747da301e987ceeefd9a5e92ab7820db850fc83f3b23e3f7553cf678284a00dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
bf5b36c80b9a75502801369b979bf4aa

SHA1
2327b7d282d7c5e71ccbc38ee54e263f89b22ab7

SHA256
78157a1b22f6864a853a5f7adcecaedceff795cc9c5d1666ee5a1873d99a054b

SHA512
15012f95ec94ffdb39019d7294709151893b76be3cb3402a14fbe3a440e99e1d9b5c12acd2ce6aee84f757c9a274e95c525641f1ed7ab0178f68b5ad31c20c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
61b9bfe14e80ed0639686411cc6f32e1

SHA1
c69d0dcb64a26de8d100e8329f225cf6fef718a4

SHA256
d6da6ba984943bd4a29dd18f8ed975b1575a5d30ac07b19aa3792e430fef74bf

SHA512
ce676a5d5851d8f287137d42e52f7023dd36d3013610784208e99c3412ebedb1ce5c5310e2d5e33addba7159ee65d30cb0e874a1af9954753492a673d695996c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
0436d8a3fbc34057eec7f45400d17b16

SHA1
0035135a71ce3fd81fcbe19bef44fa5473a1815b

SHA256
e4191d88aa52d36bb0dffdad88a27af9554b021ba7b52fdd6b544a2c8d93541e

SHA512
3450b8c4e24a26c1d304a26cfe7bf7af931d82a16488573329dd5bf815f1ecbde98fc0c2bd81e0b4da37a441182b06f33bc24fbbc7ddef5c10fa4b645a8036b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
c12d552fa4d69f8a1b8118002020e251

SHA1
3bdf2bb94c2374b08a5298a074a07daf95b00a5b

SHA256
5d4cc24c85027464fed4bd2d8c6996600915992bbd5f1fe0aa016eebc8a53f1f

SHA512
9d2f0f32747745d282a1e1582f74a6e9df023bb43a4c6d37880774375a87898a61f59678ebb72581f69979345aa2068c8b686df1f2d78eda74213dc27d58ff3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
94bd20a15f2be9ac057c1c343742360c

SHA1
ea13be3e9dd0f156588b1d36cab37f29c99d2dae

SHA256
85eb34c843fca8ea62344e8df2cda1adbf8877cc29e0e96a16dd208a01346e4a

SHA512
1a02246c29fc77e5c8b92b1299de954ad15c05bfeb0400a4a5b25c1851f61d671be89c8c42f873a3f4ac693321fad735dce24962216948e5c66b4c2b293a9b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
4cd95c284f4450484d123e2fd6e2b7a8

SHA1
5d8733ed95fca0f5ce8a0b083664c7172e7f6d6c

SHA256
f5d8449542639da3bd578ed81ccdeb6ecdc6200ebabbbbd3caea33e0ea9a9260

SHA512
aa6d6ebeec6cff027167bc5e963fa6815cbf5cec90ea264d1b86ba04229601b033bbc3ba47a94469fa6c80c089c9dcb60bc8731225bab6f0e3148db13b9bd2b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
360a48ce575ddbca6104ed896b5cf756

SHA1
c34488eace1b95d68b75b7d03e6edcce527aac47

SHA256
590fd6f0896e34dfd7f6f236f11a2a7b4870ac73223a2cfa39175f6438242242

SHA512
24caf7d27918a2596be0464e7cae43de1262e9a90b2d39d9c76a9fd5b3d3a88be575183d16ec8a4d3e7455bcd484706ac806aa06299ba80f717b17950b44d0be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
c97195582f095e4692c9b20ca6854b4e

SHA1
35b8e26e3a85319bdeba7fd06a621f051ddc46ef

SHA256
308b5f5f0b8c0c4f11b177562e3a4b79324a4402abd93d5f09e323a51fd3c226

SHA512
6cd67717ddf700689c58ed023074bc923a6a40116fe594fa8681406291dc8c7e7cd1b31e349e25f66a463baeba7f87441b325fabb0d4c33c9e2d25a406b502db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
68c0562e22f5da52eb13559f82472fba

SHA1
1e08da93002a64856fb60674198433bad7c61092

SHA256
6780b7e136b3298bed9145c078575fd5581831536b09eddd12b57f4bbfbe50b5

SHA512
36ca955abcf39e63782f1b83c4bfa3624961f8e4ad0bb26454a4cd81ad6d858eedef5a9f8eadd97ce5b9237c6868f88bb84475fc6844d0fda95884467a991c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
17dfba7019b29e23dcdc874f6fb1f99f

SHA1
95b2aeb735aff47bb5d3226cc7674738f1d2191d

SHA256
839d9ab463539d9e1fea3e7b7da328037aff11bd3fe11bda6395287fc75c81ba

SHA512
1a0f1b0ecb728a147d79069b61493e8c07322b36d2e8b0832dbbc8e3afc4c7cb7ef736d13285091ce821f89d3d6f8312c22bd1591b5312ad67f21a0a5ada7e82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
120B

MD5
49743e5b7dc37def6f88722d00f39244

SHA1
0a0c50ff749b9518970b8faca4cd4bea81cdf8ad

SHA256
20a3feee97ed9547e5531c5fb5d774919a318283c1a0b2cbe9c4bee409036d1c

SHA512
24f3012b0aabd77ec21dad11a880c67418a0a177c166e69575e6228ffda586f755a881b54f50bf0f2e20a309fae8c078413153b7172cab179aac831fe98cf44c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56defb.TMP
Filesize
48B

MD5
f9324b97854f2bff38c50c57c21d1b52

SHA1
1ae1206bc0b9cd9a913ca3dfdc162d8760c2608a

SHA256
85a72d45b76280303be086bc30a2c7c71a6c2ecebfb3de23c39ba87a6dbf4c68

SHA512
1899d801d41d88e924a8161b6f9bdf55a3b846bb8f3704b5e0caf32d63f4ad1d174529770b415ee2f48e9948b8fbcac9cfc2108047e9da65a888ae268887380f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
a2279016844f70cf9e02cfbf3cf139ac

SHA1
57ec6277fd7813b6c19faa350337a7a0aebe6c6f

SHA256
7f50e17b9582289b91dab2ea716e7e91e76f5e82d3c7f889e0913d0fc1fedb3c

SHA512
f2fb7895df31ce96183970dc4e397e95135e30a2b90bc46b00f9789f93e3582d34b2fc16a0114c5c24d78338526b4a707189b8e336c90cee9fbf7bc29e752cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
714e29952f290c4859398e015db9141a

SHA1
750ee916557f511ff238e58a6b531d8d2ea6cf66

SHA256
bc3673e0596dc0a3cf360955e1fc4f2e0b9e0a18ef330b50cdf4ad19209ce11f

SHA512
35bbc31630895b894ee258c764ebbc5f13f20f08f40e81de84613f2dee1fef4c13661252cef5d41251009c1d4c18a041b810ba0b78f7b0075ccbee1862dfbdfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
f41ef0c59b8240037417f17053e8f34a

SHA1
4dc85e9fd1552ef193d0b6b9489d241a261135a1

SHA256
6f5de09851eab5a4c209cd2c395f312e2b7dfc8f35c74030371497ac2d851ce1

SHA512
b78023bd2fa6932c7fdfc0f264ce2c5ed338666b0ad049f8d3ddf0eccdcdd515b73cdfe3b0056297c659b795a3410cc7e6a622e9f8248f88f885969cfc7cc067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
000ad2a5302cf153aeddade279cf3b07

SHA1
8d05611e117659c62cbe692a77ae4cafe7dfa55a

SHA256
884afc18e7c5762910105b81a16d163eacedfe63608d944709c24cd09d087664

SHA512
68af23d46ab9c679ebf6d26f40ae6870ffc40f7835b73f0405a0cd50a7dcfda664d7baa17eecb880cfcab1de861d61af7befb5e933dd3de1abd39e65c164ef70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe575776.TMP
Filesize
97KB

MD5
2dfe429f30ef4278a5ba18c5978e2369

SHA1
e286ce586d086f113dc8e1aa8ddd26ed370be972

SHA256
855af5eebd8f50e97f47dbf564afc3d7a0b41df1254217e31ebdfddf53963deb

SHA512
48e3f42bb7b1601053a779d96e09f864f1e460ba08e8548eea6f168a73d16fab1b174a2563ec793b6a455f9fdc3b3fb0b87800dbb50845ce189a2ac0bf62adf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2128_XFKHYBGDDHASEQZN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit