hxxps://www[.]ired[.]team/offensive-security/defense-evasion/windows-api-hashing-in-malware

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ired.team/offensive-security/defense-evasion/windows-api-hashing-in-malware

Score

6^/10

microsoft phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239699603014717"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{BBD914B4-7E14-4A51-9B22-73E41EF83353}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

860 chrome.exe
860 chrome.exe
1580 chrome.exe
1580 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

860 chrome.exe
860 chrome.exe
860 chrome.exe
860 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 860 wrote to memory of 3344	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3344	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3508	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3976	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 3976	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe
PID 860 wrote to memory of 4308	860	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.ired.team/offensive-security/defense-evasion/windows-api-hashing-in-malware
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb96539758,0x7ffb96539768,0x7ffb96539778
2⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:2
2⤵
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:8
2⤵
PID:3976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:1
2⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:1
2⤵
PID:968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4952 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:8
2⤵
PID:648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5508 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:8
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:8
2⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:8
2⤵
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1276 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:1
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2212 --field-trial-handle=1812,i,9032531532831579075,15633217521650676186,131072 /prefetch:1
2⤵
PID:3520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3240

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
Filesize
242B

MD5
3661f042d9a26602d0d220af9e204680

SHA1
5e9550176799c87617187f9c8d461d5b19d3c8e2

SHA256
62ac44e9c52ca28dcaf15916d6556d0c0308fa672ee7b50d6a07da66a2284b61

SHA512
3cbc32fe5ef6d03e9f25c8029ff7952c0428adc694bf28fc1cb7f703b1684d7f03b75a2cafb0b1670202e9b415d4f7d5f076c980d9b6e6eb279902746d9fdedf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\99c8e350-e51d-455e-9b17-e031dac7c6c4.tmp
Filesize
6KB

MD5
7797376698bb498c7e275c0d1b603df9

SHA1
3dc86eb3c6196f2583657650efc789e2446c1f2d

SHA256
88c69780f770ea5fc405a5634b8359c5c10b94be2e2c88632b2467ad3767dd8c

SHA512
c04f94c5945cc516f340c01f69d5792784cbef3a2dc1977d33dfbb8ce3c49e94f6f164cab5a429fc03fe45fd9d01103d760285b78720c9a61464c3e52a4bbbb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
720B

MD5
f073607c1065bbf26beefd9000dccd15

SHA1
035d1cc75284e202721d84ed61592f9f3226b9cb

SHA256
2636a9604505b7db60e07a2eab106265853146d471136452fd880050413a6959

SHA512
ef46455178f298194346e63ce18c9f96c3734e55e6e218e022d83acf4ece5ba8acf61489ee5f0a7807b76624e43c1a0cfc71dd7cae67ce902bf6562995fde122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
8bed1b5f8a779feb71f7d8b306d700fe

SHA1
8033baa26ffaf187af004f8a6cd5d50bc13e4662

SHA256
2f37a0dbd3c512ffc82554e3b9818807fc973e7913f95c4058aebdd5a1103d47

SHA512
8de13d558f57ebbcecc09afeff4651d34f916d44c74e56266a90be13661d9761d0bdbc54984c1b9ea710aeaaeaed2a18c037cfa6ecd235e00beaab657ff60d6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
92e9c10a92a88407bdbb0ed19cc188e9

SHA1
edc32eca18d8a0bf7760dc57316dc725f64b15ce

SHA256
8f09044ddd44871da6f35dd3e5c10383deef2e5747fa74f330a9bacfddc1c859

SHA512
e16d8881928dc74ec2388d8367b76f7ccd8dd3b449b31fe7f116d10f199a2131bd14928393d5dcfd0a9b5c5206d746d509b0712af416474aa33603d72d929fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
cb433f8a54b358d223541ae1bcdcf0e6

SHA1
319da46e0e349bd2a2fae6f1abf75aa90ea31604

SHA256
b36a16d3e112030385b42d0b66304e32be360f9204fb31db3989f53cb41df62a

SHA512
0a8deb1a255e4c3acc36222cb9cd8c004fc604ba575596eb9c40e6c17c2559b341c2f10ace3c30d075aee67a341db1de4ddaa3c69c22f4e58a81ebdabc2e6321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
79b60ffb1852b918ebbead971775a0a0

SHA1
5065e5452c7e5086eca6dad942154e212683e047

SHA256
964854ee4767bc4975e2d3c3f39e160e59881ee7865d8ea8553540bc1537fe6d

SHA512
5350231a799bbbedab5ca32d663f25480267a67480bbf5e32dd7fb8f2344a6300cbabb9bc258e57ca0b7462e80deed64849b9669dc910de7d10d01c481c3ae8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
cb507663bcfd34705d08122332c14de5

SHA1
82abddf184ae69ce4ee6ff161f6b23306ce056a9

SHA256
4d1b58e4390ce4df59a4ed2f9a0e65ad358b274f8c2e289149f255fb6a34c504

SHA512
5b1779035ad4508394eaba8053424cb9935bceddc30a7fdf476a104779a411a07a74b2760a9175e963e95fb59512f71e3e34ce07a58150958483628a408eaf2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d7c8e36cb74eae2780a74aa50c2a6dbf

SHA1
232a223d9606f68c50023261d8805d8e494a8455

SHA256
3dbb67830763bcb1a17109b36715f9c640eb91ec589d892276b7619375471a7b

SHA512
4f41ba0ed8ae6ec530d982658dbfb5f1fcdbf09fa29cd7f197ffdbd23f2ddbfe117806addb4ca123439116a756da393c3d4a83f241ce118d42ab1fc82359f79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
af6e5f412cc4dc62360a4fcd697dd94a

SHA1
b4cc7bc9e42611ad1f5d7935f324d5dda1f6f707

SHA256
89f17c4e275790b4f2aac7e4798f59f1ab8bba88d53b0d0f5e0e9da2db0e8d44

SHA512
8d0d678b74d2b95356f2c62a8a876e192c682cfe925ae1f40a3c063030df1829d57ee3d97f0f21781be5de9728feecbdae2ef9e60a8cd8090457772be4a3760a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6f9ce57e768f4116b144c19b21e58893

SHA1
82fde433907b5e86c829efcbf44cff010bfd08fd

SHA256
4ff711613c68460f93d0e0b97dcba7b985a1dcfb62d38ab5be61624cf611c31c

SHA512
452da7bd6be09868a4341bcdb3ed04ab569df214b05e08236644efa4ea5a79039c4525f8e00fc299ad7241b4ad17331290d271c8552d3195f1942d5abc500b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d416bc3c6827a839662352fece457b45

SHA1
1f2ef3bcbab3b45d736d5e21d4df3f98a962f6bb

SHA256
ab186918702457371e4b41bb4ae7467bea8fe7118fdfd1bb9dff5549b20c8d0c

SHA512
42e5417c6c9033583edfc0af29956f5f6227808b7a79cd8fc411224ebf91f32b5f9943e26b1dd9a4cf9b8d8160442f22d4e2a9fb4dd77f70a2904065bd1256d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
dde88337354805a5cc8479281b66dce2

SHA1
5888f0b6ff2f06a9a400e951008f4487fb319218

SHA256
9db5925307079744e6c9f875fe55505ec5ce45076bad0d4df2de1106549bac1c

SHA512
23e26fdd5f086bfc71aa4b6129cb67757530df86569dcf373302b83b268bbe162f391c49f0da1da1b638ef28af95eebdef88eebaf2d4910a45c70e4ca11514a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
8ab217bea854f5db31af3fb6cb2a4e2a

SHA1
956630ab7503de86b459edd74b9484aa33fa414d

SHA256
8bdad9b34d26f0a6ec4e96d87e6e428dc1169978da66d9614fe1ca270853ff19

SHA512
d61c2949f75d8405231654cff2a00abba3162d9bede7f81a4eb15b6f9a1cfaa7fa1749e61732f472ff207d881ef5ac29d285aeaa4c4edf3f091be78db0344a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f8cf3619d921e230403543f8461c30f6

SHA1
b2c7239157356af1daeda69b09770b6503a6a254

SHA256
84bd5114a788dbbb74693f8bfd8cb232ce89cdaeca8bba7e4972690221e2ed3e

SHA512
04980d5effd7dfd73e675e387b7eab6ffa606f2b202580e5fc872abd0b46b40243df3173a4f9c9fbfae4294b452d16404c5649905d3e2ff0912a966c89d13b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
dd2097aa9d22b4126f9913dec1a135f5

SHA1
a052552ce7b1af83d2871b5b23018d04fc0e17a7

SHA256
b734ed08978e0838dba59fe9ed027758adfb456a3abbdcea3df7bc5cbae45978

SHA512
0377fcf3d40c3e7685816e8ce71d7666bd89e68bb2db417e7d36c270198c6383391c77f444b43b002f189c9e9106623c0ced2ad4b4572c968059e30238cf7c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7c0b303609e56c6ceb52ccedf72902ea

SHA1
450b373c12c0a278399e3a72c54de80edbe71725

SHA256
82dbabb7973f18bba05eba031a5f2c087d1e5e85360436e6d68b96a46d0715b8

SHA512
452fd34fcc13ea79f594a021d3f824b7d2b7adabfb884e678b227de88917629b850fecefbca934d0506d76c568cc9f507d032041b501963ad3d19de27fd9dba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
39a105c342a1d7524f574ff284881bd5

SHA1
eb693bf100050faad19cf13b7b1c35a3f9a5ad3b

SHA256
ff1a0148b476034603cce01c8d0600f0e4aa42aa3bd17adbbd9604d739324944

SHA512
a62d9b3b2fd53433d49d3eab0d7b7d1fbbd1c72d84e529f8772c6ca6260171ff0069b0b634a4600e3191191f0e4addf502d5cfda8c428acce1ac79469221b323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
c214e6b9f1f8d3e8cc5ffe8804dcf430

SHA1
d1b8a175edb80bd7ebff278c648652b31b5ecadb

SHA256
bde77c265b3c4860311283180933506883276d2d1dd71934fb45d451b2f11266

SHA512
9c2d05b8d7a74806631dc1b6ec0661c6cbc5c829e509571b88bb69d6a0c4050fab1874fad213c98c2484fc6e30a9e6e1a1a911b8b852a8593104f0be2e7cf6f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
c3c29ecc0506c17ba3777fc5db9f23d7

SHA1
66bfa50b588e8671e7b389e2c6b85b22e1c30c23

SHA256
07eb8d0ac2e1aef2053845da0cac4969383dadde9ca64778c9a82ab6cfad8612

SHA512
05a04b357e8604482326a41a7d5b5d15da969644aedfafa53623eed931a485f45e6dafb1ae29c207dd4d1cdf92e14c50312ab131c144a06a053896420277b3eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
6176e685741482fffed884f011810ad0

SHA1
dd5fd07d715d91434b7d84d379edcd15eb5aad44

SHA256
0f4a5f2ab0656f604eaf66e08c228d08bdb8a5a6335cfa9c7b43d5c6d228e20f

SHA512
aa392daba831aa82083ae283507418d15e138ca9222d6afba525711f6385415fb83e3c4bed7f8061cf636c399f63d1d8f2804ad4f4c0a7708bd58687224d8e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ddc3b93d3ac61751d7cebb9cd0e9df00

SHA1
7f3a4c9633ab38a2dae4a61360940f0651a9062a

SHA256
55d854a633c0b3477cb782d5769cd944e5210a121e0c6af76c0f032b5cbe3db3

SHA512
81d19eb2e2cf7f9a6b405efbed9649d2d56762b9f53cf2f6f818499f89d953ab410ebceec3c0d1da07bf56a093191e6c17c8669a73a45f7433c92531dd8b5857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
023e1a86e09bf9127aab3fb598d1fd4f

SHA1
97a321f72593364a5a4e89afd48e27c34a135082

SHA256
3f703c9cf27150482a224d0d3021161d39b7d27dcbc7d1054077a9d410e6e29b

SHA512
589bed68d854308f6c29e1c2f68337368bea73c79b43f02dfdd3e502fde41e7be328a23f9204dd0d65b4c2d39a1e46828221d864a4bd637f7c0fbb6e26322954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2f7dd813fe6e2f145217c8ec808bebc9

SHA1
965f1ffbf153caa23f310ae86cb3ec31186c2973

SHA256
5bce07a910be03a92082fcc3ae87a6cbf759dcd016c33910d210ddb9ad9a87a4

SHA512
15c6ea05343323322e697d0832f11bb2a2a245978da13344a4cdb206c02c5066abf0e2c5ec4fb49eb81d4ee9da7990c502a1a21cb40564187e4f110c611ef4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
36ff7ba24f182cb2f8acd5ebeb42169c

SHA1
6e04a8149932af926cb56f20de9b775d10d162ce

SHA256
468d3d479a1f3a1160f770c2a563c7af794bb982f2f4ae51933744abb17f3ffb

SHA512
83ae8a80b6f3584f2fe83bae44e6b3935907aa922218f1f1769efc2bed27080535cb4335783ed307f4793e76299881b752e87441435c5c8fcb6d43cc4180200c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e118f5cbfff0c6e05ab1b0cad3564064

SHA1
a0e6d3974bf8544bd824276f4629fd1409193482

SHA256
cb980205b8a72d645c9747518907143ffc96ee594ecccb331c1aab6e748d653d

SHA512
3194b2d687f3df2dc482c27e3d97f0b9a5d7154c02a19397a13d5ea0f6961d49b62cb777c82f003dcfd1b398cd9c40387815213862b81a97d414e261d9287ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
08705846250cadb56e3f52c18aa322b7

SHA1
5b649c751c6cb13aef7f3dd5d7f76ef17110370e

SHA256
f54560a55294e17e54f610671370cf470483c5e74d6d736940ec8164e9a0a0ee

SHA512
fc9dcf9f36c62d3dbaaf8b4d6b45afc4a6e8e48467dfdf559d3f396c10ad5680292c4696506e16d10830ac8c50b8b4f9e22cde0c52833009a9f99577ff31e27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
07961430bf23f3762b38ac187e2bc207

SHA1
896eb74425e30559963946b97912c3e80bea4a28

SHA256
b7dc8e690ca18d5a49ecd72265d545c2c2968f24bcddbdef3c151564582ec23a

SHA512
90c466e92d8afa462e4eeb7408b5f918f0eabcc568341c2f388651ea5564c1f2589d0d178a6b1b0f4a270092be870ab18fabf9daceee766c3ddbccc3b870dd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
15bd9fe27a26e537aacd29ac1a5ef1e8

SHA1
f02672b382eab433c374f7b083f2a4de999c920a

SHA256
ffdbe14c876039380e5ce15c48d8bdf07f68f407bfc693961253de2008bfbeb6

SHA512
cbe367c05547553a2547a6c38a450497a542df6e64c6c56fc2a51f7b01c47e27fac0a0e7096e148fdc026c26a2c81d8b4722cdf2f3ed6619cfe5537e8da16dfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
e441ba7d791f769881abed33d3a4e1fc

SHA1
b914778489ca9195d923281b54c7386d0c777139

SHA256
d25a65a9cacfa4df97ddb39990419375cf31db774b6a05173eb84453a0c7c0dd

SHA512
30a54598dda279d056268b7cc1d8a59b60440bee32dee0c40a7752769dd4af3873aaa6fccee9b5915c3957d7a6c79a48f5a99636e5071e90587f0d2acae8d359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
a95468931fc2d07d4deaea61ec95a814

SHA1
0d88306668f39819130850e913f3c9b6f39ac3c8

SHA256
7aa2ce4f7ca35e74d491c3a8aaebeb7d6ebcd04aac63cf64014c026d5da97d26

SHA512
36fd0847392cdb554dd257359822be95e0f961f7311cb93a6bb30cf8d56ffcbd0da2eeddf4bd6a41d2122aa09888226abedca525d0f26020fe6af88f6eb89812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bf4e8739-d9da-4992-b73f-364a777c4155.tmp
Filesize
144KB

MD5
9acd94528da8280b5bf1df6754893d20

SHA1
1530d2bc055dfabfd9047434949251d76ea42c5c

SHA256
f18fdda52ca972117c3508f763f75f72dac8d805cf7f89526a73e232daeb0d64

SHA512
851300e4ff5709299a1ae76a58dd4b2a5d44ea72550551455fc70c71ab54db6b12d3d5db638595004f37470cba72ee9e389bb7fb85fe231705c5407725af7fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_860_WWGMIWMZLYQCFJHW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit