hxxps://skinboxs[.]com/ref/20973135

Resubmissions

21-03-2024 08:32

240321-kfhhysgh4y 10

20-03-2024 21:40

240320-1jkeqabh22 10

Analysis

max time kernel
87s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2024 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://skinboxs.com/ref/20973135

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133554835730517650"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3484 chrome.exe
3484 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

3484 chrome.exe
3484 chrome.exe
3484 chrome.exe
3484 chrome.exe
3484 chrome.exe
3484 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

Processes:

chrome.exe

pid	process
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

chrome.exe

pid	process
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3484 wrote to memory of 4984	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 4984	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 3244	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 2148	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 2148	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe
PID 3484 wrote to memory of 440	3484	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://skinboxs.com/ref/20973135
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc82ae9758,0x7ffc82ae9768,0x7ffc82ae9778
2⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:2
2⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:8
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:8
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2784 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2792 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:1
2⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:1
2⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:8
2⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:8
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:8
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5508 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:1
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1020 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:1
2⤵
PID:4092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:8
2⤵
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2460 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:1
2⤵
PID:752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1864,i,1602306557889916225,9581924668509258039,131072 /prefetch:8
2⤵
PID:1924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
6137910f237f9b1cdec876d6e105731a

SHA1
6fccebcd24329e67f22bafd438888be3cd31bed7

SHA256
4afca856d57fb7f34bab5ff59da9929b2b11408b2384a87c118773201951b189

SHA512
1c6e10b32536825958a2a321b306977fee8c1da25bc261c8547209ab445226e4473318e6cb670b1c91e798dc3c67f5e0d0991ca8bb0849ebd7f69d6f2ed3eaf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
8433a62f929338dd84a43d2fbfeed68e

SHA1
c520c880d098b21baad0a160565b26610c0282ac

SHA256
e23d6fcf81820d910485e15926d418ece5bd0d00fb3b991f2b70bba814a1923e

SHA512
87ae9602160fdb14f4920466a58dca6a46fbd2368a461ff7bf9165c1daaed0879f13d58d50ad01c068c63c5edb6d009271612164e61c9df327963c6bcb8f4e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
825452382483da5ac99b4c09904a858e

SHA1
ea3f0ea98cf90545fac22acc3c7003cd4b2ae6df

SHA256
75305a38ab7d7af292655f6acfec0a935cbd80c6329a30ea93e750f7885952a6

SHA512
cd85b74888cdfad1c8e21dbd391d8c37372b488c61f0b4cc32fe47f1aa95140034913bc9cf511dce193233bfd3e94e81c35c73dbfdf90076ca8ed2fb2c2b8470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
a7e9bdc4563dcef4ad89797818fe3866

SHA1
4dc17a9abad5533056d164fc6296240a32c32ef5

SHA256
35f94f85630dff4cb25f4e5f06e725e46da1cbb041b8d8096309f9a8fe9bc588

SHA512
e29c81d6abd388e4dafc0bc57e848308c1b00ab7cf1c95d76b6ca1e77289da663e3465d8b0ae489d4c0b8edee9519f556fd852e6abc77d1453b415112fbe1c3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
872B

MD5
8d1eb10e92f3687334e61a1f4468b1b6

SHA1
79e57e69ec12fdc5b9a65df1cfa5d34ab0c8961f

SHA256
1a4c0ce3b9dfc6ead8b9dcfeac97cd263ea56cef831b46c8e0ddb669f4a8779f

SHA512
7aa57993d80429d8494a32a27b339e74b487af2205c2c7fcaebb1f2aaed15973ab37b1dd1e282d0f3ad45e65acd745f27d55d8368464e87ae27e81027c76b7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
dbbe0c0e77ddcd0d6727fdafcda71c57

SHA1
c9ccb12abf51e2eb82d3c6629cd051d57f9ea464

SHA256
696da872a34b26c03493778e7ab0cdbb3a39d87a5b182803fab82065877c2947

SHA512
d78568b331689db0d892bf022d007aa9bc372e063a362378ccf44f76bd98209aa0e4e2d596b03fdaeaddb907cad4025fd9ee573dc9ce31d9ae5b398cfef0fad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
60bcaba43499ed8193a45cfd07c0a597

SHA1
a968700104cb246b7c9a011142a0802d369233c4

SHA256
fd5d4ba3bd25eebfd4279e34c7125962ad9489b691872ca8194c12e7653281e9

SHA512
3ea0f6e2984d9dd8cf9846cae7ba3d19bb91d23d259a677fa67913ad7087662959dec869f30dba49403671ebfe62dfb21429775a0f8ec510843c796c5f715dc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fd585637ae2b8cd93527ca84d8b99f17

SHA1
80a8282fae7795e9a3f18243fac8a2adcf5337c9

SHA256
ffc718108f9b3af40fa825f7314135ea90171c8756353a6774fe378fc89c3d69

SHA512
4b7eb4935b7859957b6fef04122ce5b55e81de23c0043928d99c43810ab0b2bff81227c8364280d06e190bf3e86dc87431a3667f904e2da60617407ba7f9a745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
aade7cee489872a7e1719729de3174f3

SHA1
545a73594b543136c47a44fd274056fa053fb03e

SHA256
cd421f8551ce74341ac32f90c047c011feb78412cc6265d9e4fcca2ce4454205

SHA512
cdef711d4da16bc84572df4da4a2dedd3861fe21251633f15032b44769da67c59471c03670734b251184f06cacec77e60416139e152fa928c106fbb103bd387c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
8a01d8ed577c97bdf0ec10f272a8560b

SHA1
c62695bd7fa0b40c9023b0ff2eada45721396d3f

SHA256
89962249911a0caa72f47b0d8318b1c8bb67ff12eba65e0944b943c7cb3803fd

SHA512
5038ef86967da2d852eb2f43e6fc0c88ef5221dcd20aeeccf1d5fd891ff5352f1532a429968018bd1a20a1d09d4c1aee4862ad55f013f4afda0050fbbb04e51f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
414ba966269e3ee964de2aada5d71997

SHA1
d63e080387b0ea62272811de22e9fd3f97683196

SHA256
ff5b161dea3be19042138c4ccfade4f9e2fd7b5730e83e5a0619b552d4c5464d

SHA512
426fe825029a82a4b7f53de2c6733800ed8a5c2b96f5b1a4823273dca3d2bc5424a0b89d8343b326917ca1c3df9f436318cb872b329d69cb7a2c939bddb2c8b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
a4334060278ff8285167acb411b98fb9

SHA1
7ac4403ac3f5d15414e16d5a12c5f6e3bec15b0b

SHA256
9372595c702b480caed47a00edbbfb9ebdbf93110c66266902f5d0312942c137

SHA512
a83133916c78040fd73a411ad7dcaef677938d1cb840a7accb556d5d09d67fe847490ee1e924fca8af74c7bb0ad4060b5ba96ef76417f3e9d977dcbb21d95c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
5908d2c0f6eebe25a42a607f0f5866f2

SHA1
e71f0541fadc2ba44d19af9b8ca987ee8341d417

SHA256
2f1694ae2c0e21a8138bd5fa53ca9aed7cdd65c8b614026341001bf2b29c90bf

SHA512
050ae0e72f8527b3cea788e0b757a887b197602e3acc95d7295868d6ee0ef0b6b109ef4af3718a1635f4b7ed6d49a14288f4db2bd20ee4955655264021ce7e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580d0b.TMP
Filesize
101KB

MD5
9a37217b0b159d5805c286df5f06d9ca

SHA1
7176e9fdc09ff13faba625c4a7f82da23dacc29a

SHA256
1a7a4fe349f10c3ef23d138a2f9a69aaa942b249de93822f05ee7fad0cbad932

SHA512
be9a81f5281d842946e22cd957ae16c9893e89ed49f846a0e1e66e4ff3d490b1457f9c83c7acb1d882802cb850f43d73b4576b38d84be5ca3445d6f5f3623b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_3484_NDGRRLILNEGYXPVL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit