hxxps://lsrxg7ilgecy-1323053341[.]cos[.]na-siliconvalley[.]myqcloud[.]com/lsrxg7ilgecy[.]html

Analysis

max time kernel
643s
max time network
645s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lsrxg7ilgecy-1323053341.cos.na-siliconvalley.myqcloud.com/lsrxg7ilgecy.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133489282192282292"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4100 chrome.exe
4100 chrome.exe
3688 chrome.exe
3688 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

4100 chrome.exe
4100 chrome.exe
4100 chrome.exe
4100 chrome.exe
4100 chrome.exe
4100 chrome.exe
4100 chrome.exe
4100 chrome.exe
4100 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4100 wrote to memory of 3844	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3844	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3372	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3788	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 3788	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4644	4100	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://lsrxg7ilgecy-1323053341.cos.na-siliconvalley.myqcloud.com/lsrxg7ilgecy.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9128f9758,0x7ff9128f9768,0x7ff9128f9778
2⤵
PID:3844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:2
2⤵
PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:8
2⤵
PID:3788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:8
2⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:1
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:1
2⤵
PID:116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:8
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:8
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5492 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:1
2⤵
PID:3648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5472 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:1
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:8
2⤵
PID:1992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1468 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:1
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2788 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:1
2⤵
PID:3280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5432 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:8
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3104 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:1
2⤵
PID:772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5768 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:1
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1820 --field-trial-handle=1892,i,6601408611384339522,3647944716880014795,131072 /prefetch:1
2⤵
PID:2984

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2412

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
6d631c5034e2a56004ac6f9eb385c06f

SHA1
9e01da3667b7dc78d52c886cef060813a7fd09ed

SHA256
695c2e0c0bc11bc990ee776d92903fd4a03429a994fa4e25b8f068e8695cf25e

SHA512
98933aa867522ac588e0b11002f3a11ebad3a6283262de0b1cd1e34209a650f31141117a776256568f055e0b0cb737ca15fdad286063f7265d7f6944155d131a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
335caf3d34f8ef7ca853d5fc879b66f2

SHA1
da32e5801ab5efa178b6fa6a3187d44c05125d10

SHA256
396b5d3b3cb21d0fc440692330b2c59c927114d75f9ea0f7f36756b97b3e8d02

SHA512
4dba25824d030070cfad082b0085b36091bdbd9a68ab836d2a4a2dff6eb365204e92e26b29f2a58f608bd09ec469aa886266ac0e2e806c2b25e47b6af7680d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
0fd5f616fc0c62322768f0082449793d

SHA1
2c7763179e0371557aa4de1fc4a736fbcc515918

SHA256
b89e597a1c31777beed042905a14449fe3b126927b1e9f548cad8451d424ded3

SHA512
7f484edd5fb86321a76e8f562f59e3c045ad740ed0213b78e476f71c7e8a62b943eb5269ee9bfcc8387d00e062786ce3bf3be3f2cf05c0a3e9c903b4759452ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
7f43f03d7952507e9abce8af701f83ca

SHA1
4e0c0b34614b987da40451b886f55482d13df6cc

SHA256
618f85828c09a17fc49d39f6d37daad1e4da844d36c550221c5fd324313d3658

SHA512
34c9661457ff76327241ff0dce2a34365078d2030d01059c1f4dfb2bcd0b0aed25f440e91d8a57a57586f8a32d17bc845a34adfd1ed6587150916e5920f6274e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
9d994a55220fcf1a351d3c67b8333159

SHA1
cdb7cbb3aa468c0b9430e9b5596954e49a2be0d7

SHA256
4b8b1cedc6224e433a1a9ca9dfb6b0aae2a3eb4cf3ca4bb02fc30dd7edeb871c

SHA512
37abb007c8856a90a3cad2d5cd76cd6195370ff2c61a06bf4fad82ae622cd1ded10c5077cbbdfc281c2c85657526ed7ba39f06914a6344389dec47722e2b853e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
5cc947f014632c8f15eb99b7982591c6

SHA1
05df0ba6d40d8b81121f6a1b765ee88ecc1d59d6

SHA256
056c2b5c4d5b89ba2944e287190953aaeb2239653beb65731830facf81601382

SHA512
29d07bab332dbfc190f6ea9f16f55d78419f87d690b948dc758cbb33acd40110ecf1159d83054076209645594ae1e8ed22696abc004e6a7d5ff8cfe89a8649bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
1fdc0430d60e17390078495f2d59f4ff

SHA1
97edd5b46b90828a522a426c3e6cf7d1a1e072eb

SHA256
3cb3879ce62d0ac533ebbcc1cfc5e7aee96d1e8d4d757705a229a35fc70ef913

SHA512
0433071d2d1224cf3ee62ba448d473ed74599992f61f0bebdf26477ee3ca116f5c40a8e8b9116c09913ab8321a198d982b6513b991118db2ce7e55dd28324ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
868B

MD5
ab545e858aefc83c7567ae4d70f19454

SHA1
103d99acf51db7f33d85719184aa93119c47c43e

SHA256
40eb68ab930b1273f39225b2c8493f63f921316fecc490d3757c15274677621d

SHA512
6464474b7131c563ba808b02afb981def9e33cf114480e87a2c4440736873f2f1eeb0303cb975e6c589fd50b519737210275293a46cb5f41d2a70c1df24b8fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
872B

MD5
abcec9740390ab2e0bbc0d89926abaed

SHA1
b4ce496edff3cbc205af95ff9d32f0be5e93c002

SHA256
54953228df82221d464aa048988216da0f333c5d87bbeb2938493fa45a193da2

SHA512
1a3473f3eaa2f77a7761fa69a69332d1eb8755b19a758ff96bfa1277bab469a82ec1b04a66c4f3562cbe632ab40a670e0fc2a9ff04d7ce57ec75170dc2da313e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
872B

MD5
5cdb8f8193c646f6b957c7d638e7fa73

SHA1
d5e4996647a29f3328b710ede5877596bcc4ec03

SHA256
024458e1208ac30131bbbd8890e06b7034d8e433f76fc095c7e687915703df96

SHA512
24d085ad91c87f26f1aec5525f388dda82129185d600f3daa275fc50adb0c12bb9ca39f9e5a6ca5ae55c877866e8a7cee91e6ae361c63a70d08328b6f1613d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
872B

MD5
be7623c3c80f578b4a4e4e1c3e0d71b9

SHA1
61a394846807562c42d4be4aed68082c0f17e304

SHA256
9917f80c50384e3035e0f732a29c805f4a311352bc42e7fe60198a558d9feaf2

SHA512
1217f69d1f1e302be766b0dc0fa7fa942af5df1b2fb5c777924a3a44d6f145f4ec15e8a80ae06cb54462b438525f602d90ff47fff7422d83bca241e36c9693f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
dcd57997874514f40e149cb3db7e7cce

SHA1
310a6cac739c73c8d75d49f946356987a1958214

SHA256
1651b74d8c745f9b6c5047a721d7f878a8d755ec4993dcac535dae8ff4345f7c

SHA512
a7b45f4a89c8a8d967523b828f9efc6dc87d31c1b3c574e184e961926668e62f25816eafea9c21bddd11878467d8ef50cae112761bfe86f239ea7db4c2016265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
60a5343fa4699be6b5d8cf28dfc613ec

SHA1
945b8f2b07a3c3d2e94569601a1bc1798131a9f4

SHA256
c924fcacea9dc424289cc6de55c09ef7036fc02be3a3420427fdf241df922313

SHA512
5dd4813a945977ffeb172f7e05f5e717bcfe7d01acadbd2154765233f19ea3f0ef099684df66fccb2b9df3bcf10bd1243546da1d9a9903cfe035c429f07f061c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
92ea7b1befc351857ce2b905773a2e55

SHA1
30e1d2b8ca2d68863dbd0760ab4d40950162c270

SHA256
afb93833a00ffe8a94ea6a49606222f14b0cf10b9486d21c5206b45dc7b6efee

SHA512
1db41ce44faefe110d274680b8ee9e40eace2eea79d2caa99ef481f309999348f0c2ad69f00ea64e2b510ace946dd761514778d47ee4e6ff9388ee9d4fe7aa7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f8b6869b45ccfc12bf40fa417107ca66

SHA1
381777e55db3664cfd295fbde6753d9a4a8f5c62

SHA256
43b486fd67017e5f05b351e7fe198f3015dc6bcfbc89e576909abaf707a8b57d

SHA512
5e47184e1514c585d4f3ce97f691820ccb1c2789987fb270997d62619dbd86b632455bf183f7f0dd6d9ab300090b5b767ef5b74b65974a64d97aa4d4584a68d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
fca8d2e8a26f328ffccf98d0948735bd

SHA1
c308e6084c7b4e0295c5d23043c5ece9b6caf352

SHA256
3c4481e7c259eebb2b75a8edafe7c53e2dfa80a7c71038875ca27b0fc51198b6

SHA512
80dbf3cd8c936bc346631a15bbb776f5c631a8d2acf1efe778f5777d4f4ff9b2757a8c47d566249a9341085b869a8ac1e41a2c28fda8987e7a1b9d9d39ba8873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
4a984066706423bc4a9ef7e63dc4202f

SHA1
040c7e2a965af6ed801b8cc53238cf592e8d30a9

SHA256
11340b4a493e0c8f0f7b9d008df4baef7ca2275b942b693f7986cb7cb04fb552

SHA512
07934ec0c22f84add391e1a8aa446b4b989868a24d1fdcd4aed08b9bf00ac22f087c56846c3cf8e52bc5e6b9442fe8539658c4e4c2a26cf396dfdf2ef24b1084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
bb800a9d1d57543b9af7ac9cd0b6059e

SHA1
13a613e55b5f08daaa58c5319f7fb4a9bc155025

SHA256
57fd8ecca7114461f47dfbb8a10e7abc5778f372e2a98f2c730825b39f174a63

SHA512
908bd00c78d015b070ecc3add25ec38bdf9fecc35f4208e14c1662a18db7911173dab0badb3fd4aee811b318578c50af4178d2efa8690f705d7203c7c40850a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
53KB

MD5
4902496134ffe02d70a592c13e73d7b8

SHA1
75da01b9431ae8f384ad36bd1df338c7d52eccc1

SHA256
6b6b38e260e3970a9775d90e705446de44658acd79bc00a9e4b30dbc590b27fd

SHA512
770d441b06e18a7465c0521d3f52b1e8e674bd5f9cf36c8a49531e45612a7875cdae52aa7a6f239cca6964d02acadf9af19842be89cc2dfd205dcf59317134ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
42ec5efd82f7b7cd6a23903874a986e6

SHA1
6905fd0d206b55793c7fcd99a54c8a120de468d0

SHA256
474ac68f9dd38fc318653508c91bf969dec95a253457e221adc1aea4438fbfdc

SHA512
bf73551868729ad7749e6adc71860989abe86205aae152abf43ad373ddfef6280ff9103f6872f8f736b8c58e94091a3d24a65382e6e55f672e775b3d481a7965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b1171.TMP
Filesize
101KB

MD5
4efd0b5d310386c6d9c0e7194a7d8cd7

SHA1
da821b1317da5fa8cab76e4e1a209a40ca9fc53e

SHA256
2fca2ddd292326bead4ae33ee52dd1896f24fe20f5c3dd7e6a0973a052e2c404

SHA512
1b3b21350403cc20782e9b608b9a70929ede82bf2883df61703378cadab270720794fc423cbb8bcd4655851c0ec05f2034a5d6c36285cf65983d07ec71b0bb9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4100_HIVILLREJWHJBMPL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit