hxxps://go[.]microsoft[.]com/fwlink/?LinkId=2086738

Resubmissions

23/03/2023, 01:48

230323-b7739aef9x 1

23/03/2023, 01:47

230323-b7zrwacg74 1

Analysis

max time kernel
61s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
23/03/2023, 01:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://go.microsoft.com/fwlink/?LinkId=2086738

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240133204937625"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2260	1180	chrome.exe	81
PID 1180 wrote to memory of 2260	1180	chrome.exe	81
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 1844	1180	chrome.exe	84
PID 1180 wrote to memory of 3116	1180	chrome.exe	85
PID 1180 wrote to memory of 3116	1180	chrome.exe	85
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86
PID 1180 wrote to memory of 4968	1180	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://go.microsoft.com/fwlink/?LinkId=2086738
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffbc1029758,0x7ffbc1029768,0x7ffbc1029778
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:2
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4684 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4992 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3612 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3616 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1664 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1680 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=964 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5644 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5804 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5172 --field-trial-handle=1808,i,11770664881514591651,9741722449594494500,131072 /prefetch:1
  2⤵
  PID:4880

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1488

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
83eb361d5f32d66171bbbf50377c46d5

SHA1
ceecb3eec8ef716a824c133a6b7f628a8825b1aa

SHA256
3b6c9c0e61c404b128ec44b509a5ba2c0eea781c170ad135419e3bef9c96af8f

SHA512
de838b5810bf6261ff3b569e1884c3d3b78560866b849dd3f5024b4d1fec95ad6eb98fbf92ba008411c8d98ba9a2e7b3632a8f55e1567922dd81ca00d0a0a2be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
33KB

MD5
c36dcde83f87931be2a03750be60141b

SHA1
3125c5fb4b9e42576ed68885f78021434a38559e

SHA256
4515dac5130e5da2712f9ef9b94fe82ae52a18d3dedfc0bed03b487d14266a76

SHA512
8e1a8b786f24aa8c74a86cb5752f40ad793789faf311ebbf60f1629fa884944a396d02a534150c43de5926c7dc2f044bec0a0f534c077a6c5d76e5b8e51c811b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
22KB

MD5
09800dff9a5770bdc368ae73ec89b229

SHA1
52864194fec1b7fa70ba6e8bda68f0d8f27b21d1

SHA256
d981d06eaec00bf7feef2b5dc799c3b50332ee867b8048109d45cb6a97e52557

SHA512
1b13a260a4e39b6f828784f0e8be9c2d0e22c6c1fc5b4bb53aeb4a1311f54dc1427b5a5a38656e7652bafd652aef59a70b0c4e81cad54c83f7547f0454c6d84a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
baa1c9a4205f658dcb21cdb1bb6263e6

SHA1
e47f78630f90d16de2b78a666a117a449aef7d18

SHA256
2b8b7e75ae6d8ea533bec3677ca8a986884091ab63edc28d13770826607fcaf7

SHA512
3be236b2d0486043274dc9c26b6424d7be36b13b650e0fe9755dbf552fb2916ad2c102fedb58c6d8a0af38681e60b598e4296f86b66a058e052f75b6928bcc95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ddeabfad1e04fdc567fbf4a29a76fdf0

SHA1
6fa3e500eb8089e73aca20dd9c6157a5c3ccd6cd

SHA256
f1dc3c4d271b7cca98798b7b6b76e201f4c897743c1a3388bc77f2a7b9730009

SHA512
b5c181559647dd0fa6d19de98ec5d12cbb60ab348b179ae86927f0d5a85cb76429992066518b7c114f00668725a236814684b148b7dbfea220eafd7e2216f058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1eca663285dd45112da01a55ac524728

SHA1
539fc53cced59e2b7eede285e949d643d4fd0cf8

SHA256
ec17c01f7d885fb68f2e87198ef42370969ddb055162ad675ca0ab847bf56e19

SHA512
19fda33229d695a35ba1fb8087e6b54f8a6c6bd9be071d901b38c4ef8956dcec1cd775cf7cc42ffd40566ed9fac8e480a7d05444f0a3d16135eb35153546983c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b6044f77afb864d470136bf91671f9eb

SHA1
0f57fd2f2af4a9193f0883aa5f34a2a01a9a4421

SHA256
ac952402f8172e9a99e644301f660728ce857b125b80f6357258c120bed5e1a7

SHA512
3fe449bac21be148297e09279561a4655054ff98d3c2db87d0b592fe587475e89ad8257283354341d5689890123acfaa6b69195562f955cb41abac2447c7c34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2e2e3b95225cc92a1275c793e25c99e4

SHA1
953ca05260a0df91dae9c8f658d3c3b352de69ef

SHA256
34b2534817c849f42f657ba672e57c37571c28d68ffad618fa60d6f331ccdc30

SHA512
2ac8d705097254012e24d0788ef608f749552060ce75dfdfe5b1eedbfebfaf12641425b157710dc5525c974d6338f1e9e42aa0d9049f0120be5e7a379e9b7c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e47f72755124722df46ba63f1dd7774

SHA1
aabbfba7d3132fd187757db1415a8f84ac26ba83

SHA256
e4ff0afba97a407d228b23d1cf151bf0ce34bc0138b6dce3e3a7ea97f643e358

SHA512
e49171726b2e646cc02f5fa955b911e10bcf9341705280699e109e3375a86b751a583bf04175206d959d78903a53afc5eaea986b4fcbcba4ea708d69f1d31225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cb7c758ae5eb0e51cb184d93a327028d

SHA1
e74467a2f32cfe4553ff3da578b771fe8175229b

SHA256
2a54695834f51aaaae4417302f5bbd996e0e50da9d05d2112054b77a0da0f025

SHA512
ab8d3f7181107ff7e08ddefd0ff1fa59b0d620b93d9a66060c7eb51ee7b1998de194159885adeaad897e88413d6ab7f538808cc3d37d7da34b157abf508ba858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
4c18682391e922431672b01f228e95eb

SHA1
20b11c482d8172b8f557e25b54d3b8e39e6c8a7c

SHA256
cabec5ec75eedafa349ab72bd73cfc5a4cf9d2c49edcd4c2f75843d39ddf7e8b

SHA512
0b16726040b1662e61aeb18a8a8813dc7eec9d72b7f837e876ca02b49c9cfa56ae2053aa1e531826b162b4c38649bc51bf9c7d316a807a4b5c5c01b603e9f814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
ddc20ae3d1ea8bf604021488d97f4424

SHA1
a65a3930f9d908a1ba4c8ba1e3e36191a60ae64b

SHA256
f9eed917f787d1a1a3079ae363e8ffbb76b7fe4c2e9dc00900da9fee6b26e7f6

SHA512
c3434549cb7338f898dc93098b6c6ae7abb5c8f83cd051a935af75bf69b6f580a4c563661a975fa36c29d408333785185f0c480dcb3b81093997167fd7e2a8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
c409b9449aca6e779a83a7e4c68554fc

SHA1
324bd77331f9def1d547d3900bbe6387a153aec4

SHA256
836fbbfbbc0c62bf1a6655eb28dd83bdc333f162f480c546a4b751b6044079ad

SHA512
6297df59e890c8294d136890e7fbab239f6127c40b8b498f11a283d21654830468ef9f98320fc09c11df0648e1b09c9fafed5c633a84296e2f160012abea2331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe575ca7.TMP

Filesize
96KB

MD5
1cf6b77ba9ef7e434688a5b4c7030bf4

SHA1
a06c5b483bd715fe19673f508a128532897f78be

SHA256
5b6f2d27680d42afb4672519f941429aa45a0883cdace7a4d413aed2a74af85b

SHA512
bc167703f7baf5058cf0c71560f77156710ed68385d6529179f7a7b877bcd16dd0ce3da87adfd9292273adf39bbf9a2e68d89f457db38bfcd4a0baae94bedef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit