hxxp://wiin-scp[.]net

Analysis

max time kernel
1799s
max time network
1752s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28/05/2024, 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wiin-scp.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613988336362114"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
4728	chrome.exe
4728	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: 33	2284	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2284	AUDIODG.EXE
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 4764	2912	chrome.exe	73
PID 2912 wrote to memory of 4764	2912	chrome.exe	73
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 4420	2912	chrome.exe	75
PID 2912 wrote to memory of 596	2912	chrome.exe	76
PID 2912 wrote to memory of 596	2912	chrome.exe	76
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77
PID 2912 wrote to memory of 292	2912	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://wiin-scp.net
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbe5449758,0x7ffbe5449768,0x7ffbe5449778
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:8
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:8
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2628 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2636 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3036 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4840 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3228 --field-trial-handle=1784,i,12366646251077356518,9212995138701088845,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1424

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
e4df2fcdd4a1817024aa43d71ac27804

SHA1
aa9cde0585947a6ae2408a2669709e89de862b61

SHA256
0b7aaa867b481b657fcdff4c9ab82abdbff1d35de53d2d1bd2cc9d4911082496

SHA512
60d21ddc603d8ef1e498f0ac295434e7755c11734272894ea9863e3bf969fb53c85f1df81b6fe9e512d21553da24ead9ccf6146b5650e8a0672d31fe1f9896f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
71df147a6472205bac4296ae3b1c75d0

SHA1
edd69b32fab9e292a1479fbdef521070161a4aa4

SHA256
e3e263736d8cf19fd9f38cc9ef059a35d080d20a11eb0309d8f1acdc9cd2755d

SHA512
cd43e9fd97c2e1e28904d6040b949dd9e7989cbc8b7f6d7adec899b6a9bbf3d66886221332d6efb32e2c534985c3872b7f13c36fc2ddcb33ac9e2ac86d4917ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a03066e66015ab32c22fce9e205da994

SHA1
5fd16d0fe0f2998313f500e9fd68ef4c889eae05

SHA256
a58971014093a930901e03200eb30163902601e1c43218137cff05f928bd8bac

SHA512
f9115a1a73efeb5c94fb42cba910b1edcd328db9bea439908c9143e06cea9a47809101918e28382f94f836d6813581c07700cda56b861bd783c14001d96afa82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7915cd8fc4fdfcbe91e823cf23670bb0

SHA1
18ab2853683a8cc60043e8a8eab5a062602c4a9c

SHA256
ac94dca90d7f3fcc27a7760fb63b137adac8356ce83faf7d117e22fc246df8f1

SHA512
589acb0dc86ecf8030763d855b9e7a499396fdb867988824c17908849f3dc338c52e55cd7fd3da7d8d8edf7bffc01cb0c6c2d4ade6c95fc0fab773a0e8278e43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d501eaac5894a46f85b4b3b4410e618c

SHA1
fd8edf1592a96579c18284ed1087e4b235483466

SHA256
233b620e3bfa44bd7504d4389df817a4b7caf60ded0f9fc33a988c83de8eb8c0

SHA512
78ab6265152225ac25a5c3754577faf0df7607b2776b6a7b7b3967303ff72a210f2bbeb08a9413071642169c28b746e961bdd94d2f357b9782e70fc0c5a5f4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
aa98bdbd6f20c2e804b367a613616cea

SHA1
b7bdb02c1849616328632ebee4e2f76d8e496cf8

SHA256
9d14eed24f1b150fabe54237d13d7d119e8c6d01fb2b63db0c214026b02d5c5e

SHA512
1866abb2869993528d6730988a511197ea20477c1a2b73437598654730edaa3e2ff00f1ce803dc2ff421893d2e9b5247f847c687764d80d7f4ff6eecebf721eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b18920d2a5e388f28526b4a242d0b9f4

SHA1
00ca0e71d3a0572530027aa6e872a1a671bac29a

SHA256
faa9489c35e483989f4d258762b878c949e82e86e9f94d37fa04651adec47664

SHA512
2ecf117b74aaea2cf4fcd1403f115c2aea2267952364a3db79215613138c9f59350154e08557d273294a2ca08126fb71056f94c1d887e0931e823941b6ba16e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
bc04fc5378934fc1609a1eadc88d36fd

SHA1
988719f1b4ede5092b6a23b46726df6bcd329995

SHA256
5f24ad0e54cb8033e7b84e3be71e921642fbad953fb194343dfad36b9c61a1e5

SHA512
081f487a8f96be9bf91a6bf2efe471189db54890be0319501d9e489a3bbfab1b85da2f61ea84fb648532e8a68779c9f6a1b55a2c386115719d1457b11d10238b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bfe5ab1c30c7c1808175d45e44a0e951

SHA1
98c899627261cb72adbf501c449562f88aee4856

SHA256
6c58a53cc7e3ae75f46243680788f0b088f59c1a120b2f9d5157410162efe954

SHA512
823d2ee42c572b8d285e40155dc9c70b38727a9f78e8687eced33355c523d756cf37efe9a7ea1ded87d1f3330b9f03d54d2c150c8a235b481cbdf3629c1c0b92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e2c2ced4b40f2226b5ad53ad7db2cc1

SHA1
15ffead4d2c1b45b12e77f31b7c42e60bded5dae

SHA256
32a246b77e26856e10f0c0aaf234f00608a7192f918df740a50254ff73945ff0

SHA512
9941805254ade8e9ed99c751f9868d478078cd0bd4ab54bef9553622df305b8b6b4d89e753ff08941ca691ecb3049fa424366f13fc0420b218000858f187f013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2e6a54252ee2ace73e8654f246801e18

SHA1
e8fe4d49c7f521641f458630bc1e593d7fefa36d

SHA256
655d5c827972ac388681d9336619d6f968b74cb3ca8b688a33b57cdc3b63af4a

SHA512
6bcd0074be71141e09ca3ce671f60af14bb9d69be1abcf6d1df7bdb7de1a79b2b4b9fecb269e83f5280d2769f9867e0394233f3e743256c2665e512c5655542d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f5eb79f3-b623-4bd5-9820-9ea5c7c1749a\index-dir\the-real-index

Filesize
2KB

MD5
c63dd1dd9be1267991ad4593ba768789

SHA1
cf8f0ab88e7ed469eeba96262e16744074a58b5d

SHA256
78ca81ba18bd083018e6e3193da935596d1ccd64c068c47e3ac9cb5c22be6f84

SHA512
905d7de90bcdfdeac2fd645a51060304687113c36b9bb19f9acd15aa3fce3e1b82ada1c6895012d2f1f0f07c0f5856ad55256b3804aee5616e90ad5413ac67ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f5eb79f3-b623-4bd5-9820-9ea5c7c1749a\index-dir\the-real-index~RFe57c796.TMP

Filesize
48B

MD5
0541bbcb9b17d0079a79c1ffecc9972a

SHA1
55737fe4105f3f0c09fff5963bcc036d42314e79

SHA256
65addd45ecc784c55046b02c23171266d861b003d4eb31a1de7674b3c0890a47

SHA512
248ef956e9d19d0d22cb5dd5609a10ab647817860fad2087585b287d1c814495ebf6168c84dcd490f97cdba17e57197fb34b2a956cd617409f0a23e4622f3fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
703d9d95410e749cb66e6f1363c25440

SHA1
f793307440f8cf2f8bc1df21717f4c399862584f

SHA256
ca47ee21c6109db9a7e0e0b5abd8edf6c1e087f8c1d3deaf56142f14b83319f3

SHA512
918d8b9fe451b889e749d1031a201141794fc2fa5f4d32970fca6b642349877146214313a7d4f18c727e133cd8c611f33ffa823d5b17ef929a8797772b7e07ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
d3f2bf4c38cdea4ef4b1b1c89766b28e

SHA1
bfb72536109d9bc0579458a5aa715b0d643f1555

SHA256
3c055c5ee29912af7b323aa935a8aae6e62fa35719d52a2ae8a95068ddf76cb5

SHA512
4a4ecec8b760fb4ac14620604209adfc13d3f014defc2a7c0fef87c92848fe2ce13e2c7b2ad97b4c39d52d4c5443841959008a5d0131df27026e224d10365071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
31043233ad6982cd2ef3d70549573c41

SHA1
d289437cc40a345993d25b67fb6727cfe4200432

SHA256
747d617f1c13ef4d8f5bf715b4ccb6e16df79bde3f85fc6d1dd805e357a86246

SHA512
4d61bb5edac3febdcc67dfe9dec0718c3c21ebf90fd4723053140e46a0e93ada7ae016addfb7682f8c7d244ad9945c045d612abe861167531e3e6832662df6b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5769a7.TMP

Filesize
119B

MD5
64544d2bd3517ca8ea48d4ad6354279c

SHA1
25ea4fb7afc36262014e527ce41293aafe57c306

SHA256
7484f76552130d6d21f6a90f095c5103a81cfc6caf6af508e871cb9c693fc3db

SHA512
f233421ebd82b39ad46ee95450b0db60ba161abdd233d2892fc69915e04c3047cb90c32a32c740fc4c6ac0fcf16c330292eb652b8009920f6b1543e00012e625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7b4c1bef703b3eb080b44e3c608d1026

SHA1
710065d71388e76f198886c35cbc58a46a22dbb1

SHA256
fe7a07967b42c819622f9f3433b6a5f36425c7843c7f37ab66f349ce88952e36

SHA512
f8f93a894a43e2a8c9ec524f3b18f3ccdaea5bbbc0fcfd512482534cca52eb33b799ac4afed0af553ebbb4c88f12d9c0e44cc732c7279b3c0eb4df4f861bf33b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b892.TMP

Filesize
48B

MD5
d53e254918a679168e574c4ba4eb7770

SHA1
590ec591df3e67afe24be12b8ac6edd05358948b

SHA256
531dc386a8738d6f9de0194b27e348891950ab3a64481db31f74b1d72ebf6744

SHA512
23d59758dfacffd5975b8b3f181d92b6d21ff774fdea81781686a16366d4304733e1007a27e5fbd39d403439a225506f1cb7f76ba5899d2be4288e0d8058f12d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2912_2010346272\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
df4e2030ce4ccb70daeb1f9207cb4aa4

SHA1
813860c208c7d5700b7615353de94d4c8b0b5922

SHA256
4e9346041b62b16176a2879cf08dc66ee4234b9fd1d340e747c43eb46d20335c

SHA512
c2424942a73f9b9f33ca2684a4905c05e960398f877ee064b0ea44754492bab42573bd7dd716996a72ae16f276feb0161407cbc463c5b5d3be392592d4df4475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit