hxxp://gtatest[.]com

Resubmissions

22/12/2023, 10:44

231222-ms2hpsace4 1

22/12/2023, 10:41

231222-mrmcdsgbfk 1

Analysis

max time kernel
1798s
max time network
1822s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gtatest.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2176	2524	chrome.exe	28
PID 2524 wrote to memory of 2176	2524	chrome.exe	28
PID 2524 wrote to memory of 2176	2524	chrome.exe	28
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 2332	2524	chrome.exe	30
PID 2524 wrote to memory of 1952	2524	chrome.exe	32
PID 2524 wrote to memory of 1952	2524	chrome.exe	32
PID 2524 wrote to memory of 1952	2524	chrome.exe	32
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31
PID 2524 wrote to memory of 2968	2524	chrome.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://gtatest.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f69758,0x7fef6f69768,0x7fef6f69778
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:2
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1524 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3212 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:1
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1444 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:2
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1388 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=828 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3456 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3716 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1176,i,9447559245300049302,14826903960569561168,131072 /prefetch:8
  2⤵
  PID:2684

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3669fc6d9b54da6cd952302991eafecf

SHA1
e9e4970951a33d2832dfa5f6c936e21c140e3b85

SHA256
266e3a2493a3a9ea7f990ab8fbd5fbe6fb94941b96725ba80f150c2b028acb46

SHA512
26f600aa3960ba478678adf600298c59e1968035694c47d2e3ca140b7d8b1d897a26472dd2bbb8e1fa351ced9e01c2aeac82e3251d0dc885e65b55aaa1d206ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ae9eb2a5a63599a9ea87175f9dec639

SHA1
e513acdf1e75f78db932f14529875f8bdb248271

SHA256
e722b0106846656fe048f2b6d44bd5fd2d8b3faa54dc055ca86e8afeee71ca60

SHA512
a5e1eceeb539fe21ed0d18e7939346aeac0254bf8d30a1c9da52dc0f8d41f5f165e61ca2fa87e31896d79a2a4427b149a7342d806ae444f1aac62ad20fdcfa78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11a2454f2cceee48b24b9e53838c7836

SHA1
f512f99e7e5c51750ceb419a769a2b4de798c717

SHA256
5974a3766f2c279541bfb2c89cdc1e24c456005b3679e24e08b977018ff1b247

SHA512
cbd51bf283e8e7ec72e6e5e4ee3eff9f056132ca1fc111de37802e013a5ab7bd41ba6e271deefdf9e9b5e62d5a258a561ca2cc643b085423d6c8537090178e45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49a8872a1e05192dd073146744f02f6c

SHA1
98df67ba615f326245245e82fc44b9993e233952

SHA256
74643bc3b3e7e715f3e66d30f810750da02b7b1d4fb3614ba975a88942bc95cd

SHA512
f4b5d88f52aa8bb54491c55762cb7fcbff3aef4aa90ad00c909889eeb56cc20a6112a59b4bf96362da5dc4204c81f22d6123e8761ff2bbf805d731b34c1ae34b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ead79240a589db521cb7503c0b140dae

SHA1
bdf8a5790f63030f02a0ad0393550b1fc724e010

SHA256
9fb35cfd7bed11fc890d0a775f33d5bdbc278a638051275ec2a04af5c490beb1

SHA512
fbf9a1f1fa899a1b753e604a20e77e9d712b5a2fd2974de6048c47932cb7ad354d4022fc283d65e8ecc3bc4780651415084c40a7955cac3211462c365305ea36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a64592075c7130b2c9d21d6fd594ab1

SHA1
06fb03f61bb5c09c42c74c266056fef6bd6d984d

SHA256
5f89265d94e2106ebde462c1ae0f49f5e1bb6de3ae92f523651687a7f859becd

SHA512
71504328dd723b7358343f973f9532fc35f3afbe62485687c2b27db9f1a330c0b5e32f2a51ec4e7bdb29024494c2f0c224bcd22746b10d1afa725ac4580da307

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85215aabac6da9d65d4c88322cb5068d

SHA1
d4cfff328d9bd279e1e67bbecf3a4ea169769250

SHA256
077ee345fd0fcc658d4a0dcb84d9a240bb83c77fb71e44cadce1aa548f649564

SHA512
fd3eb1f11945ef5ce1326d591f5857e55191aa31aa3e644fadcfe861c8ab5734590da6f052da25d302ed65934b0fefe887ccfdc12e79bde0ae30360542a7d41e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
42KB

MD5
258fde70b219c0bf1d27e38bc07f36f6

SHA1
05ada556a0b68a2acd88085d1cb966bd5e9281ac

SHA256
6071c7bb03a36a8a52dec8a67a799261762aceb945bca1c803bb0657a277d0d0

SHA512
79e8507bc4bb51ad70377f8a3f92c2b8f7b70922d113caafc0b1664866aca52a4df2dcd760f9f5763994577119783e2db8f8afd30718cf877eb7d3f89284f23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
60KB

MD5
ce3e985cab0dbb494941f5338fcc0c9d

SHA1
2b31282313b8ecee7d8de8bf02abcbfb11c83b79

SHA256
674ecbf4e331d754da61efed3da73d7a6001b41ba81dcb8f4da1f070fb8919be

SHA512
52e9a4863cce3a6bc077eff23ccb8dd2075e05f2e5ea44eebfaefc1b2f2bc9447c154933192650e71985b2510180debb1d8acf0bd144dd2672f56daed9233d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d34b65748176495427d7b825c43d53e0

SHA1
5cafa1303f667c449c34fe99052fa8c3c53a66ae

SHA256
613c9172558defcc46c725204a490ba1314c9eb76258195a25bf836f16db7ba7

SHA512
6b79a97530f1d00b0b6ba9b77c2056bcbad251782b1959bd3afc53e28574697cb296e53d16fea25f941d6c1718a6093c18fe068e58eebdbcd05fcc810a428846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
bbb67ed4f8b9f7305ed66fded4810495

SHA1
beb3a75e8e91f70fc443ff1f21fcdc6b88cfc330

SHA256
efe78db8ef1912171be76fe48b89d73ad0d7e4ddff4088d0444549c466622035

SHA512
0e7eb8360bd0b82873ae39e424ccbe019fb3db94cde6edf29467109a71e10fea084e2e381e465659f86386eff388819aa6dc424df0169d88cbced3b840b80781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c0a027a8905785ccaa4a5f7d4bd24c5f

SHA1
faecc025a7e6bed876b6a05a7f2047abd7fed403

SHA256
a73c015fdbbc7315f8c5e0178363fce71eb430242379e995a721a6164da2d9d7

SHA512
b66ac8febe824b09534a39378586ed3674c2bff4d21eddcada46936b14b55df4db6fdf59d93d306b9cc16eaf1d71dfafccf9123a3932907d071b436a4bc6169d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6a259710983f085b053676432b33bc88

SHA1
8d7c91c71145b1afffdccba4e2bb8b2108ef1fc2

SHA256
4fad6d5ec574d1fbabc64baa7aef8ee719f5b352283d82bca4b3a0bdcead67f5

SHA512
10a9f4b42675d587d33e850d987af37b6bfa93013fdb0c83e1f7475691c12127e552e123d256acef3d276ad7de64e1973140bf07866979a53099bdf743c859b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
6c9ceb72d4408e411ad4beec7384d77d

SHA1
bbde293b44360614610153d37d2afd4a68f240d2

SHA256
c831802381ee93691de22a10eca8de1cf80254e278561c9072adf2f5bd10e0a3

SHA512
7d78de89d2891fb2d3c4150dcd00bcf6a47a28e6c7864fc5c6a51295bd2aeab46bc23d07c27a1882b25d24fc02721f60f9d45e32fd964ae6c50e113e0566fdbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
76d865d89dc032c076b8d97918eedf35

SHA1
da019cd539305636db61e025e707651098ad620b

SHA256
c6581069f21d66cc0106610c667a8b59790f808f71ae1ee0722b3c05b0519449

SHA512
eb925c963b5c5c1cd60c6802de236ccf984169db54a53a0d72de6a51f87312c5c96976550cfc58a61b751791208a35207fc6c4146ccc96516b023a3bc5c6bc1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ff4c64266246abf351d8ed4101c3ebd3

SHA1
aee4f73dfab5810543b69a38c3220670b662dc81

SHA256
8572146783097b60432e9bf574827936feacc8f6af99bc28da17160b738bed3f

SHA512
ec1dfc24cb17368116824ea2d5808c832a5ef136312d55c60972704a820da0f926ea2cdb06f68e5b494d4cea22ffd90bed0102187d5c06d7f48d7a2152552ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d1109f87083de3b1861b3dd8af69c042

SHA1
ab7b3df146d7b3e9fc36633b69f58c982e54b307

SHA256
16ab092a0df6deb1ffc34c92e66792bf1928c70fee4cfd73beb0c09e2d472e38

SHA512
9e6b84224dc6a8550026ab2da7c857e6d6072170f5d6de9ed0f5afce9d188d5b28ae560bddfbb220590ac5a9799c43051366a67185cbc53fc1ea51f338fc7fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
672a84e65063ae853e02bdc96621b6dc

SHA1
d997256ef62dc9f3486fa87e0a862d1cbe86cf01

SHA256
62aa1ef50509a50b6817508fa9170de2ae3b46793c702f199be1449030a86363

SHA512
46b48cb3f0296644f67b0a0e78cd400a3b20c53dd1a9e352d5a9d571bf2d9191d79014aedf20e2d209c8e4a23d90531880973bba573b8736317d42ce10ce901a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3562e1d635b4052caf7e0129ca063e33

SHA1
63768155d38d2983678f8338716eee99e7d60ae7

SHA256
45c40e5d018cb606f4ddd7aac606c673c90d27d1c0a104ceb21e7de16fcb44e7

SHA512
f800fefc2526839d597d205682ab0c16da8b6625f7bef834fe4d4291b20cc51e23fd08805f8511a43e7325033c2a7cfc6d37fe85cf90d54f0f7e3d5aae156c45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
96efb60b7e97d20611152a3c82f2d6b9

SHA1
a601290cf956601a5da0b11ca829c40ff4a42c60

SHA256
31a16e21a0d05842e181fe6a0942e7eb5539de2a3fec01f53b3fdcae86c73f7f

SHA512
644483a4cac48cfb9cca0022ceab512fbf24864d3b8d71fc6dab0038451385446201360621f436d4d6d162318be52d172073c8206a402c2c3848d86cfcef76d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
9763533807bddbfb84d477107df778b8

SHA1
4983992be3ba88c22d44656b33e896acf3f228e6

SHA256
2c855bae69b6b30316edb9b98595f71cae2b71c9ebb8a31549bc61fb37536b0e

SHA512
f60d5c6f0b27e739505c1202bd6791bd5f5a9cb72e4cca65e377c9382556445e122dd0c056f265a0f94d14e5f14b9eaf031875c9d82ed9d1f1f4e7414772d07f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
64957b63440b7a3908589c5838528fbb

SHA1
bdb2ca81f977cc7a0a1b7f89f5e514e6d5f4b413

SHA256
aaf9b38787342e92e2c15bffe045eb23449b30d47ace546e08959001bf6b508f

SHA512
8e9e80e379bb88f6385974837c54c03c534fd366452c8a0e66b9d2c33fc9b3d67867fdaacd52aaa6ea3c69601e39f73d1b645b17d0474a9020a2c29ad769ba37

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD451.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD474.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit