hxxp://www[.]mcgop[.]com/

Analysis

max time kernel
72s
max time network
186s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.mcgop.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2708	3036	chrome.exe	27
PID 3036 wrote to memory of 2708	3036	chrome.exe	27
PID 3036 wrote to memory of 2708	3036	chrome.exe	27
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2724	3036	chrome.exe	29
PID 3036 wrote to memory of 2012	3036	chrome.exe	30
PID 3036 wrote to memory of 2012	3036	chrome.exe	30
PID 3036 wrote to memory of 2012	3036	chrome.exe	30
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31
PID 3036 wrote to memory of 2580	3036	chrome.exe	31

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.mcgop.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6649758,0x7fef6649768,0x7fef6649778
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:2
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3264 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:2
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3244 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:2
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2720 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2168 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2084 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3976 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3724 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3800 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3752 --field-trial-handle=1280,i,5249873048914935462,8315709076976111437,131072 /prefetch:8
  2⤵
  PID:2156

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
574ece85711b9b1d7af6904f2edd9e17

SHA1
668f386701f40be761ffdc3ff882974d28651de7

SHA256
a4d3269f7324e2dfbc1b19ce7a2790be8dd736ff73f032e8210aed366df93be2

SHA512
4a093e151a4c5277f5e4ad3c02c822f0978d48e9785f2bda51576af2c5ec25d9e6e356a1b75b0033b21d551483d78520013425501e3a524b209a1bf0b64bf862

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33676eab3374b05b007b1acd56fb5dac

SHA1
5449fac143476fe69fe7ba8b717600262dc44003

SHA256
6100bfe9b882bc3288c7ea30b1b707aa3642bca41a374de4e23a6cdcf245b383

SHA512
111a5c7cf0a749952b5815fdbad6a0e7ea15ad90a2fb3f6c8e8fddc103f6d8aa050ed81ec80664c39bfca6b672685111a2b63b3280143d467795538ecfb9426e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e2b567712504303ae88ae25c61e191d

SHA1
450829d4e0208d7eb8bc5f9fddb2dfac234847c9

SHA256
72ab7368d583e41aca02741c7d1ccf3388cc7c692cdb7997cba907f0580f3e6f

SHA512
e9869adc6560dae3c15a4d99c5b772bde870fd494fb42d343700ca347ad0606cc5696d912ad123ca62674ad082ef5733b199f0f1705af7783b7de5b4313b2f68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64498e3c80085ff9789d8f9f4bdaba4b

SHA1
5885ac3f9c4f1d23f336ef8e2eb719170c91da48

SHA256
b54913fc08e082b543cc0f7bb14fe50a5abe257ecb5266485141e6c9f41846d3

SHA512
49b599399fb157ec5d0025d23db865d8dbcfee8a9a26daee785519938cc2bb4f6a26b598c152018d482e610b4eb2359dc91e47480cbc42f28973c63595a2147f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e41f2ca04d1333832833ac0abcf7b323

SHA1
438b9523c0020dfb644d71b487bf977706772b02

SHA256
ba620177a125298fde60951beffd7fa2dd42f2b81224c2d03f8f0e59ed89531b

SHA512
5bca1ace6ac98ee81f8c2cbcd6a6a91d2f84a6ab6b8760ff8fbe9673fb20060903a263213c72970833193bfdad0b06793d61b63d7ff3e163f836a42a9c9ff3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae67c4a9d4658fa096354799f370cb3f

SHA1
eea030bac34f1dbd550c574249a7de90d7564aec

SHA256
6f053757f3010b05d1bf78b1c7e9cbdaa91961cc3cb9f9885d14bd6876c9b1eb

SHA512
da7b7146ab78e61fad06700ae737330450cc252486cca693d2fb670143ed11d93db9d55e3253c9b691f978054528e616ac36a1ffca0761c57d397312c1647eb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96666e84edc234b8f60914c49ef7a166

SHA1
75d1c23e0d44345de6e504bdc2c523d3c512ac66

SHA256
005f88a00297b0bcce12f01bb14ac8f4ae5cb9c65131f674cdd3f319b85446a7

SHA512
0a1f4609931921d30e4ac3aed25b8018bd3d81f83bbb8f3aa5cd723c1590c52c248d2c608367224b3c096ed87056680de4346b626f030c63a4944e4fd44c6e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8f481941874c2a0df962ec1446aaf234

SHA1
aef5142c477b098ed9d77f41ff723bf59e7fba56

SHA256
2f257e044d28f216d089d5ab339715222debeb3b839d0c133165a22204e3e5b8

SHA512
cb63c6a2fc9049adfd826f696e44934b77d3d52d580e931ec8f4e3daee399e8fcbfc6e697f5fb70cd35c15360119a0966d63684d16fc96c25671efbd2b81dee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b1063e0ea0ef1be5789762c99ec81911

SHA1
79842fa90f42e7c848e5c90d8e7fcfe582ebe03a

SHA256
8b99ba66467b2eff8e15b0d4d1e2d0683cd2c4f32dd50a49b5eb4d47307fd37a

SHA512
c9c20f900f2dfec9cf03e66347af3458b0555503478245d584298271c85555282375179175a58f3fce8bfd6912940233d083cd404ea0903727696b3ce65888ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7f7963c8b3b6a17c597f1412f12222c0

SHA1
affc73ac55a5a7e049e22195fb13b51af1fd7f05

SHA256
5f882660aaf0a315585ac62e99e95baac2b2c1a11eb913f193afb2eb4e5662b1

SHA512
ed00ffa7490e23f41b08b9eaa1c630ff741becf82f5e8882228e2be8ecea628003445bc8daf8644957fb8d12d7483e15ebc958f849445b6f8bc6e09b3ba79050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bb2ef1ba7aaef81f5d42cde20c514b3e

SHA1
c77f75d4313728e005c2e986e96c59c21767430d

SHA256
a93ac86753ad0cd164660772407c69cb3cd5df5a3f1f9486b14a8f89569d03c0

SHA512
0b1fa9bea07391d224626f89cb0d5154529599e7119991e1b66b828713bb066324f560b5c337c9811b6bcfd256e49e1a2e79feb2b6965a29dc1a693a03008cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
84aa1d016e6c2aebd044f4e87c5a75b0

SHA1
07043872c77b594cd272a565ddb26e6a82fe0ca8

SHA256
f2e60a453f6e5330c34ed43387998201bd1c0e9ae0458a83ccd7e9ec62e3e7e5

SHA512
a0d40767c04ef71d45df187a8ac5a3d6808341bf0acb65209c62b73064a0b8204a37056f18eab93155995aae93be32ef298bef111d0b36be961a0267b9860ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD0D8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD129.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit