hxxps://streamergirls[.]org/s?dlfo

Analysis

max time kernel
1799s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
20-04-2024 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://streamergirls.org/s?dlfo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580988464697268"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1680 chrome.exe
1680 chrome.exe
1372 chrome.exe
1372 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

1680 chrome.exe
1680 chrome.exe
1680 chrome.exe
1680 chrome.exe
1680 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1680 wrote to memory of 1452	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1452	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 1176	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4108	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4108	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe
PID 1680 wrote to memory of 4844	1680	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://streamergirls.org/s?dlfo
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffac923ab58,0x7ffac923ab68,0x7ffac923ab78
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:2
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:8
2⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:8
2⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:1
2⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:1
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3944 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:1
2⤵
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:8
2⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4472 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:1
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:8
2⤵
PID:3128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1468 --field-trial-handle=1816,i,5561383190616959008,1191638516401953208,131072 /prefetch:1
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1612

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
b9c29811cdf327588a689b1cbb676943

SHA1
2afc50aeb2653410f0cea97cd7d6696a17de32d0

SHA256
2d0c6b80938d7b91493a54036305bdb309b5b50dc22c017731865badbc4073d6

SHA512
ff2d58fda69e4287d29dab26b3474fcf050bf9f6d8351441a73d55a4b686a038229681d3e882605488aa9517f8f80da1edea3c4a5c286c0006625ac268779302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
c6c3bd353f87f3feb11c065512cb457b

SHA1
5f3c862573aa158431288dce93b7c08d2a90dd71

SHA256
6f678da60016e7962c3c44c31987266c445a17ed33462eb33ac040e2478a63aa

SHA512
09783f5f4a943d7eebe30d583f24009dfb65c2e2f2b61ed20b2fbfeafc741790dda99bd4946c5e8c8a86ae0db202522bc18b689eab7aa46d3cd420ccf8ff16cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
fb848f505a791ffeb4c26dfca832e953

SHA1
d40cccd1dbc04ab65599798ad1d4ededfefcf955

SHA256
662aa437548920009800050dbd3eafa78412c469af35551e47f05c7b7c772a1c

SHA512
2c2e99b373cb6e3cb8b7851d4cedbbd2312bf784479c9fb052fbc52cc4533c2d3213a2cc2f625a1317c4001632e62394d1e9a45832d6426faa577e0ca08ee556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
108f524b2e1601406afa2b58d7f4a322

SHA1
04afb8dc61e21ceb82e499eb546b658f1b1e100f

SHA256
17f40dd646afa1da579e9199f8f974cd472c95be1c2826315f67887d61b02ea7

SHA512
4c36e157b64f7e71fa5d0ab49b8c50771a770308c7912d5e726eeda18410057dd024c2c60b184181e8ad5c92d8954c4b1a2818c9e21f49120d96dd7a3faf01d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
c07615a6e771561319d26178135a9ee0

SHA1
d7325873e4fe1119d175d496a12d7e4bd618939e

SHA256
7f336e563f10c2de9c75dda86dc20b078bfb2ec4e8431d08d725135de1cbec9c

SHA512
36ce61582a2915b2ee07deb53fe60c6e4f1e8bd70c497a066ab2e98fe30fc28074e8b2b8795bba419010a62d9aa14648bd46484d469c0f222c70c610cf4f4c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
73b00355d16412d2b32363b4a493d4b0

SHA1
6667d6051963b46fd7be6f325838d6ebad4925a9

SHA256
a1e8bfaa19d99004febebe521e419e9f4596a98ea2d970744d941bd49f52c8d9

SHA512
ebe69589e039ba51210d56231d9d0a49384d581abd294b148175c4b660b2865382dfbe2ce06fff14faf7a56dfd71a5328e0b8341cf6dbf37166c5c5cc30c9f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
686B

MD5
c5210b0d51f76ccd07de3ce98381d69c

SHA1
113eea4c85dbb979dcfa8e883e6b8debce7d488a

SHA256
559981f9a65ed11e46537ec7ae2dda28199a2ae221b76e5944292cd0ba209fad

SHA512
a961e9252315ae2ca37f38fc06546c64b71f019e857e57b2e35a804bc2902f3c8969f6cde02ef2fcc0b79bd8171e91a7679f443913d54f8f95ba09d666febdf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
896c7f61522a2213ddf0170039269f41

SHA1
a87a9dbe0dfe2a0023d08032e331e1675dcfe209

SHA256
35410bd456c1757776387a560b40251fddd3cdfb82fd79684df2b3f39a650126

SHA512
39e67528eeba81ff72375d24755eaddd914ce0d40201a8f5477aaedfe3717b6742b3b516ac975b5f6678d24b2d9eeba5773798dba2f6f85b6f60bb0fa7bf2bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
c774fce5528ec43dda3ba840114bb588

SHA1
a43bfc86813c2c3410dd3d1c1ef17a2e58f6f9b2

SHA256
75e8be2cf28e66a17b4cf2afcca1e6b49733eca4456aba587f8f6f8e1796bc50

SHA512
296277153704d9ce2b3d56a1c6b58a3d0a415872479277f7a22541a4835e7366158a446ec48b2887e46cf44c4260f4fee474fee9c62cce93f9976af537b99325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
c59827b5b297c1f5b4dab6fe8d69ec19

SHA1
d8f5494ac1baa27301d40365eb608d2403145112

SHA256
26c53e98bdccd8fdbb5276439dd6b0d6a2532de55e1235a1108451dd3d1de4bf

SHA512
004aedc79ea3e8ed72e474218471c23b22c833ed9084170cc8208c0f5ca05a75ee5ab6a50b8647e9aafec1a28458a8a7f77855de3959b83952a4f2c029920bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5dd091.TMP
Filesize
48B

MD5
944b65523b4d9f4c0e209a5e930826ea

SHA1
90effd57530038e6dc58949035d7b219a4ce513e

SHA256
887af8319045f2a37ff7c7858e34c42549ed4a7a955e0c5f72e7cd0648dbcff4

SHA512
b6672a2efcae21303862f0d1f2d37a70a632a98c2100c495dc7bdccff14e42feff34a73702209a2592ec9a788a1cbcdd94d30d95ef3f5a944f1a4abf6a6d44d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
127KB

MD5
32a6886e6a1f4f857600d2b3d742c651

SHA1
320fbb01c4cd192d38b853fccac931faa339da61

SHA256
ba6e478618f82f54cdc9e52e86e5aa39f25c539640eceda974cbdb247a4dfa65

SHA512
c9e8c36d4d8af04043b81bb684d25c8c61d577bd3fbd6bc577581c437858aa65c45509f08f3b376acfed71abd0f3f8f45d738cc4dea54895396291ea31d0303d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
127KB

MD5
be09efcec676c83fbee444c715bc0bfa

SHA1
7ee07c1b14bf9dcebe018b7271d152ac206ff106

SHA256
82066c89dfdb52dc16fa30697aaa3693aa7c7fb280a9394ec9a186a1c9dbfe76

SHA512
9325986a453438aa30c1f2b4ff474e541218394a91cda777dbde3ab55e5deb51504f6e70259aece7129fab13242bea111fa5165f1867f41ee1598a641c3b1470

Download Submit
\??\pipe\crashpad_1680_VNASXWQBBUHKXTCV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit