aed8b57b66ecdac1d6874dd0266e392574f67c670330fcb44a52c4a3242a503c

Analysis

max time kernel
42s
max time network
161s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 12:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

GuavaClient.exe
Size

920KB
MD5

7f48d2980f100e73d5837d72a05045aa
SHA1

a8601ce0036b82f4b31c22ff212eac9a5ed4cf31
SHA256

aed8b57b66ecdac1d6874dd0266e392574f67c670330fcb44a52c4a3242a503c
SHA512

20313673fcde3a7a7e06213327cdfd46f2cde5fe5f7009311bb833ea94727e697b5e94964a52bb6e344f1ca6cbbcd6d4cb2c0ff74452eebb5eb72c0c23e03d4f
SSDEEP

24576:jJbcwxaeHfmFcyRQ3o60OegX7AoaM8x/xF+nHxj:dbcGJ+o0Ervgyn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2400	chrome.exe
2400	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2424	2400	chrome.exe	30
PID 2400 wrote to memory of 2424	2400	chrome.exe	30
PID 2400 wrote to memory of 2424	2400	chrome.exe	30
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2700	2400	chrome.exe	32
PID 2400 wrote to memory of 2712	2400	chrome.exe	33
PID 2400 wrote to memory of 2712	2400	chrome.exe	33
PID 2400 wrote to memory of 2712	2400	chrome.exe	33
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34
PID 2400 wrote to memory of 980	2400	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\GuavaClient.exe
"C:\Users\Admin\AppData\Local\Temp\GuavaClient.exe"
1⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6689758,0x7fef6689768,0x7fef6689778
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:2
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2336 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1320 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1380 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3560 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4072 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2632 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1332 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2628 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3976 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3940 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2036 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2144 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2072 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4192 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2160 --field-trial-handle=1304,i,7279534215395829193,13936590488735400295,131072 /prefetch:8
  2⤵
  PID:1144

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
249c7a57ff846e2e53a8700475b4a129

SHA1
6c7eff11c9657e87e7e4d9325ba974c5bb41f4c2

SHA256
cea352ef099de1b359f714fb5d55983c522cf1baa561194b98285a69f932090f

SHA512
1560a78e31bef15beaede65747b9143815b874fb9137639c07c13cc03f4b7e05f2b6c87cf8283e88db9b8284de22ae06081a05769c6d6c0688ed7fc629a7776a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74280a93c6361fe7c269b67dbaee8720

SHA1
8219c2386f67f3c37193deaf115a3a575a97dc9c

SHA256
c5b03319cb518c8c11cdd4711c687db8c8ad41d21ee23ca909a3d3056e39f503

SHA512
0d8a97c42770daf2a55a3fc009ddcde439152998ed105e03bbe98b735a840d94b49f406409941c60349f1f9d51b32b6d2b19ba74affa99c75fdabd40d2e59a5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e103247f64bbefa08b4171772fb613f9

SHA1
4bbb6f781380b1e8d7594e2401d8eb62a48510f4

SHA256
1f8f200557199b10bea0625b1e8e26cf7a3dc45324670b64621961475f7dbc43

SHA512
377f051dc256a51aabe82d7fde87447f25ca1fbf98974650edda4d40d9d2483a6d9bb3d62fe0bb10da50290f2311ec8ab55142b8dfc2ecf9aa41f3245be348bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfe0c61888f04299944dcf94619f439b

SHA1
bb7ccdbd3b246ae260bc0e43f05a52666e21acca

SHA256
23709a0ce384aee24b14dd785c74be6b14dc78dc1d93cc362d7613cae9372731

SHA512
72a9231206d8287f0ab7fc233fe904375b82a47517ab3a419f9fc258844ca10cb1a8c770fa5124e1745141c004697d3249c3a48c57bfed0d95c624653dca54fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
549ab87d8ff22b12f26e57f8d68cd0d0

SHA1
5f304b0c8775ba4d314c33751256f7f1fb451ac3

SHA256
1128363ef6e34255e878977a02bc8550c3a2580e081bc84edc5154dca62686c3

SHA512
7121840c6a7362db5622cd00c2953a16749c1dcfc624bfaf745590539db822e29d1576950e13370ec1ae80ba022ec1625f83614b78dcf939b6f46a32a4495c55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce06f097e584f42bba7b6ffd7a37e72e

SHA1
7709f63d5a224510d78bf23b44e1643aea24056b

SHA256
5035df46918e548eea31ae1454bdbd562e8b2bdb0cfc1ac158598b64e94b11ad

SHA512
dc10ae94ad6d2d6c5b6c843efab3f1a67d163bff9d52301fa53196af9c0ac3311eda96ae6f709e35e5abaa5e8b3333d240df91fc32c903cdd62b650afbdb3fb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93f44f8dc4a9bd755663eafb258b4127

SHA1
a42bfc2a335ae91ccebf55c1643ba541cba0720a

SHA256
f6c0f5bb378a926bfd8c7711f3f0b31c735c35129fa03486dc850aff1cf2ee45

SHA512
d49ea654d796bea590133ff01642729b11f59b459b8060b242cacdc61f8ab3284c1bc4197517e86a2a2557e02d5ae958fbee0ff2a3ac276d6552817afb970449

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48bbb30e94fe32314543a55ec6dcdd98

SHA1
cc21d3d529ced81188f4bd5a6f8a79db439907b1

SHA256
920e6ad8c210abf40212631a4e84a602e9beac1034476a16fded25869a982d8c

SHA512
e2f4094f7dc1f8914dd86a6251d378b7329f26916903cdc09f78d112d8a15a9d3ef9a24ed54c4502f1aa7931342dfb3f03a161d3bd84660486012bcf96633abd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54162594915a649fc13fe604fb74da9d

SHA1
016b72c580f08d572fdf89ec6e4badaa87ad7a13

SHA256
a6a59b879ffabe2c60fa213f29119e03bd40f377c863bad9f9b63f63063b280d

SHA512
93a3e8fc12d8ee5c7192d08db2ea44e2750110b87b6fa01d36e8848ad69ed8e6d254f1fb7f2887d61f0a2ef1c46418647bec53ce12168bf1e92ac85ace4bd403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
695500af5fb0b894ed6f7994f4496f6c

SHA1
6cdc10a3151b3726d51a795eb833d9f31cc956d5

SHA256
5298b4a0e659c6b0e24d14b376f1a78359c6db1e04b19cdac6c1cb0be4c1c186

SHA512
fe8b4f427612e23c275bea993fe35b735fad31d297a7cd6c92d1c19e33bd7503fec07b07b9d57f852e174673084194fe2eea770ea06e2ff42427aef98671e7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf772fb8.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
382acb317b34df5e9e795586821731d5

SHA1
506a4797b5bda0f8143b451721b3be9b6ee69c15

SHA256
1843afd47cba906fa67137a180cb1f1b69777a27ff0f788c50437f45836f3b67

SHA512
2a15eb0688818702e6434d6d4c1f297aaa1eaad996da430a7aac0d9a90f03555f4fc2b8af55f53bbff545678e93a3a98564c9ef1baa86edacb4e6af5fdefcc99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
4a7dae975c27dcbb3fb63022c85c2c53

SHA1
7041271d1dfc05d04a96c2da178540c494c14bd1

SHA256
1f662c007fd2ab1f1927adf396e0fcdff6acae9c00c28e990379515fdc339ee3

SHA512
b3528660dc8fa390717c663f3fd42caef5ce6ec6f9f9ed334fa2328d7bfc4f3b0ea1be68c897803ff078bb278ff2f89207843fa28ee461e05468f68363f45b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
dc5a2a2ab0148252c4e426fd068f9ca0

SHA1
1555fc8d4ac21b9f3fdce597c7d3cfa5d30b9a99

SHA256
eba880a979352eba26faaa1a7ce3aba627d491cb64fba00cee66cd44a0d2fae7

SHA512
52d5dbd09860cc139a386e1a0f4d5959eafc863f69b90c9db14099ef63d09274fd28702262915713da9dc358d71c03f052fb352e75494d85029d63e595100c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
4bac52e0f6a935d22f56bee7d483a94b

SHA1
8eabdc07e80e33bc277edc257be3cdac9843ab93

SHA256
8c50ac7c642898aba3c7a8c5d6639fcb31b20d58b2eebc862f74045e88d34bbc

SHA512
c3a6f10c9646ab282825e0daaf4e290d73d85f879d7a50c808f4488936cce1318c9af8e28ad5244d8c1f72d92d7aacaf2646cf0ed81b357308133a24028bc91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8708040c8a86c2589419f98bae9bd6e8

SHA1
c7ab0aad5fb74b934aa6cc26ea9aec85182982c1

SHA256
3b20da9239d3507140850779e882f459d761d4c2e0b3bab57cadd6fc93b770c8

SHA512
59710a7205635381107f9376bdd1faad25fc011e5520e35d4315d86633da4d41559f91a8b0ac6ec8004f119722059a73600cb7174a88d5ddff68a23fe77c7287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6e030dbf597fa66affc5532a02daab28

SHA1
74c90be36d0a9ce2123e8590bf2e823ee9074bfa

SHA256
ee0ead9922b99e0b6f64457ef490c3fe3523d4954e603312ec26061279b564a0

SHA512
6fbb4033ffff464e33bf13c5f54a2efdd6f22954b8b9a39d58990411f07be50261dc526e9417c4921af1db5b3cae67b1fb1a6e6469cb48760506936254cbca97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
498affff94c01786845f6387b6183e09

SHA1
1887f389fcfed87a5af7618bcf6579447b0db8b7

SHA256
d568f7f30fab0bedf6ffaff4eaa83a0e49463e11152ad2fe5f5d97b853ee8b7a

SHA512
c6bd447e9ce53b2073f79b1bb93a8ea765f210f7ffe011c0b45ea0d3629af0b117fa667fe9fe6ba0f04a2d2a1674ca89192f3f40cf7c655c99903274d01925d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
18399f2cbad39309a605b934a0681002

SHA1
dd7bdf84d3c5f48c77906e84c2db540fdc4b9f2c

SHA256
aff400cbf43665c917a0a8deea6ad77ad56b2a5b222e92274e7036794294603b

SHA512
d25e9c3aa9cff6ac1ef6b4bf00611539a1105e470fd4f0009e36e444a6c9cd8c113437feceeafe58da2fd26f684d38ff6a7efd379dd082e7be288573b9453133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a4bc5668-dffd-411c-93b1-ffd83f02c493.tmp

Filesize
5KB

MD5
018445c4a7b94fee66d59330e8eeb743

SHA1
1ca135251b0e136949ddc896382a7a4a53ce41a5

SHA256
426e7baba2db8b0daee12809c9978f74b0fc44e6acaaab51d3916865aea8e20d

SHA512
b47fc57399396fed3509c8571c67d398006dd692ac4f0b6a0c0b2fe19d5093cb7af5ecf23708e0e409f19f019d67202d339a017e7af1ff6ab6968115b77562bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
4ad0701983875e604e77fbf2aa6aabb0

SHA1
7cfc3f827f4797809dbfabb83ebeed27de195430

SHA256
13076a0035f0ffac9f6e89fca608739fef1d8d9553ca96511e2635abcb8b4fee

SHA512
18996f88629db21af5d91bf9fb737acf2dee738edf3c9e80bc09de497b799d68bdfde424bb1e490983fcdbf6ed3be5e281d058b99012d938ff259716aebd4204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
4daaa67874254dac70e172efda26f8ae

SHA1
d9326d210d4d08b7c3fa06a39b5501b346a8d458

SHA256
49ffd413e2075f34e65f20c1419574f38c74d34cefdd01d9e08f8f6de5898c5c

SHA512
5b7b5884565b7d5c480db8051fc272bb87a5a75e156cb8918563d6781fd08d827f519f4a9f332f7260e97c028f0792e07f5d518ffb4e2a4146faad5dd7ed8b3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar82AE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit