76fc4baca3705e2a4f3d0d76359f8e0514838a4e7db8519f0b36f96e384c8a72

Analysis

max time kernel
381s
max time network
387s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

License.txt
Size

418B
MD5

33926885bc28b71b6bf190790ea27967
SHA1

8d46afc3200d3190a84725cc47906dc530126cb3
SHA256

f3c95f3e76e510a7a8abb619bf8f127447e662a77eb375f2764cbdc5b5516c7a
SHA512

57d2c47bfa68b21368dbdf5bfc8d2b0f8e6c718626f21ee4d4ef89aa2b3d753e4b528688a2932d62b8cea5df218403b80a754bcf61d6c2f7726d20ce4b614197

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533391463467264"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
768	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3828	chrome.exe
3828	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 4952	3872	chrome.exe	92
PID 3872 wrote to memory of 4952	3872	chrome.exe	92
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4476	3872	chrome.exe	94
PID 3872 wrote to memory of 4468	3872	chrome.exe	95
PID 3872 wrote to memory of 4468	3872	chrome.exe	95
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96
PID 3872 wrote to memory of 1676	3872	chrome.exe	96

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\License.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbec379758,0x7ffbec379768,0x7ffbec379778
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3248 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3268 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:1
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4072 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5348 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1732 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1744 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=244 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5420 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3384 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1192 --field-trial-handle=1912,i,14650287998138180147,206539785654924311,131072 /prefetch:1
  2⤵
  PID:4840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2313ee6b4fc6d270749d47ae673f3275

SHA1
6c2620179f90893298100a536ac27b34d6f18383

SHA256
c7e5f1b57a527f1915e7e5e35e1109848f08d8455cf337f1d1591c7e77157be9

SHA512
33debd4329bf3ff79554334cca4eaa41625386f6319ea6800f42995f1dd2c1454f54e73c99437d3573201a8b3694276e0cc02fc69caefd4e02fca29e462c3722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f847f0c6072d43ebb82ea0d3df2c95e2

SHA1
97fd3af15fbd91451506719cd7eee6daf195f0f3

SHA256
7612d362e6211577b1dfe958c2418a075d73dccc72111dc0f96e09b70f88e7d4

SHA512
5fe6c18ea5805d8131f968d99a06bcc047866e798a2fb740e4ea4297c97e77a98699280d70be7e99988650e1364a5f5d44bfd2fd318cbf0336da0960a8f35d62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
03ebcb5290d6c5c565147199254d94b8

SHA1
fa176f1f20662dc8f87161b1299ad5c8ce582bfd

SHA256
48ee207acc1086e74afceaf639bff5525cd77f8a538945bb3e98e1d2deaea279

SHA512
1808e7245a3e27aa0766de30c7334ee98ef397da9ba3d848cbeae7b5f6f6bfb50a41038feaee0bd42a8e9070482b8742913fc613b963718bd4188c9a29aebfac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
06b356af4ad3e20ed7609ad9d7775f24

SHA1
ddc85108540fa7167bdd1c89214cddb5c2249e86

SHA256
e6f160b1b6b1832f62f8d464d94675b93cea444e20f6fc8c4ae764d92e43df5a

SHA512
8212a781338f5abeffc88d9de300e993d28d33d9f69e46ac15319af2be5e8917ce388e1a9995556d9d48971d9b28a478ef484b4392d5837495aab59a2ed378e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d31e4c086ae6a6619d67c064133bd8d6

SHA1
c95180334032c9fa8687e49a1ffd26f7e4582d80

SHA256
eb4a279832c2ba7574429beff7190eae59d261291f5aa2d2c1838d2498ffdea3

SHA512
29b53da9d230615d75e1a2643ceaca13538065a559e96532667a58198bc58704d1f77a166594c6755948b9e4fbe40bf2809d503ce1b59c251f634cc146ce0ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
204B

MD5
93a11812c67cb10bbfc6a73e902b4986

SHA1
a7e8aca9a109ca8d1bee48978fbd1da2eb581927

SHA256
95f5e14deda002cd479c45143cedece29b97fb0f40ca4b6e373b21df31afd536

SHA512
576c41a2948c637cc60c2e803261123ebd36389ab920713f5e0cf1d55be08288f1a4a57e7694f9548be3d03d78454c00ffe7509a155d99c82d2494642556278e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
204B

MD5
7189fbd9bf870f8b7ec5e3cb9610ab93

SHA1
b6cb47416b6f1770153b702040b9b368acd35a9a

SHA256
3aaf4e6188eeee08bdc736e9ce28148fa8458b55b3f1dcede85eaa0eb54f9b16

SHA512
c808d7d0639b8276181491e6bee703fe248afe35a7d1763562211bf835e557114ea7f3e09e56ebf1b83fdc8c4a3d4dbadae9c5e4375dfd089ca4f2a1a542a1f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
204B

MD5
9aa21c47d837f74195126ceebc237f3c

SHA1
d62425c548bbb0f1a3bf3624ec498cc83037c475

SHA256
7ac4f217c6bcab158f673a96870cab51dfdcf5ac1d3e37c5c65d7cf88cfeb4f3

SHA512
6dfcc8b620b632a4b9525f025b14a51369c7a19428c86ca4fe775529299a71be32c2d9b9341965187a8726ae7fb2c08f5f5fbeef3813e174348b8ed54ac53df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
38db68f17f9d5d22c638ee1ec5cd8d7d

SHA1
5bcb20466ddcc9b1d188f84a621f0a7db10a810a

SHA256
2f4e6d16d9ac7b2b9203422c46c25e0ba3f8f2b6ba0d13450b88199a02f0cd55

SHA512
c1c95bcb0bc85b1998d2562f703046094e84a37a21adb49546bac30fafacef72759944d2bcaccf4223e67ad7ffc3543a259fd959b03afa1aefdcfc079bb3181f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1c28573771632bad08674d8b33e52739

SHA1
b1808124b5c1cb7593dd0f83f69ad53f82303692

SHA256
d7a4bb6ffe681b7aa010e50e7df82f1b248f8ca293df19b6c64ec0646834712c

SHA512
1d5c92bade0dd4b09686273022c3e61695e19fda0aa895e7cda002f5b3e61d7e713bca6156b12d9ec52e539187e08b184e59d435e55cd3fda6d157f53c411506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bca3cb8f47c7186b1a3e87d12b22ac2b

SHA1
ded4759407120fa7fb7b8a1ee395b4bdd4a6bbcc

SHA256
01db19b085b9b731e726e81b11952f8e84c4151eb6f61de9475c5290a1d35980

SHA512
a432f3c13ef15b27bfd68b4b77e8d6f718ddd9b99ca4bae6d81eea5756068ded300addb5165eb75458f1328e535871575f7ff5cb3df694322d059753df684755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6bbc3a7b4e4cb12e6004f9604e8bed43

SHA1
2b8821438707e32b373ac621c710f7dc86a4f520

SHA256
76d7efb1e7a6e60ebac05c90a52fd5d10b613fbb5a08af2df5fbb734df249ecc

SHA512
ce3963221508aa9b98adedaf9054aaebb2d593c2afa89e7a8927b601c63b8a474e864bf4379adc5454f704c16688c50f40122552c22db2d7e9f15d1a81ce9187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
090a88c910b15e2d841c80a9511bac56

SHA1
2c4ce3d15e37f027c5ad322245d873548826f0c6

SHA256
afb7c9a63e5b83983143bf2673d6a0ab17b5da0c5931560c4f3b52560e5cb7c0

SHA512
12c4a79855e3a76d6515ee96159fb7ae42e95968d613365fee6f83d907c80cad4f0891707fa27041574f8f1b35f3cc6d58a3cc908b4be2c65b2a9e20fdbaae1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dd6579094e1d7d0b2990d26435312be4

SHA1
5b6ecbd34d078d71bd0595c69837dac95a826fc9

SHA256
c741fbcfd1461d3e42098da27323616bec121ac6baf14258b88bcd2db4926241

SHA512
b52f6f80ec5ec04077b72bf1949b454184f68e3345ecbab6e701d45b1268b89df90f30af7552123fac712359d312f8a865e6b1c87decaac91aa804e5b3796bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f2818417d2ec8375bd486afd842111f7

SHA1
80d652c06648b3ac75ec321e53621a08e131c8c0

SHA256
feb7274dd528ed1665c7cf2fdaa7c7b7eb02e9a6807f4b7efa086f005b74ef18

SHA512
d1a29de83f635ec6595560a983c8a9ed3164924874922a681ff25e017b876033b4155eb0b8ea30cb17467156e2ecbbff591353002b790800af70432067f36c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
b75c1d17722e4d578c7000a5eb8e89b5

SHA1
b888b87b1c7c89c519c0e6cb1b6f1ad780434fdf

SHA256
ceda23938c4127149d4e44664ac9521e0213849f4ffb8b721d90ac232194437e

SHA512
0746788f4819b31bf0c57aed1b3d103feaf78fb448697787eb57697e997f93481771146035dced8d352192c2c658e0d53b2bfbc9595e561377a1f84897b55f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
912ee9cfcb63ba34261cee86cb1f857f

SHA1
c9bbea29d37c35ab095b5fe8babf0ad45436fac6

SHA256
ab2daace01bc0170e667fcef71553ca4a19d06dddcf4bad1c3f528b72272704f

SHA512
6552ee746f9d9aa33f939ddf451b04801ea7a0fa91d38ce7f68f9624ce87f3d6a217ac6e7a02fabbf0c1b226689f9d218c6053ba02b0fab207ead4bccf970678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
3d46826f17636806c3c379dc1925ee35

SHA1
a33e563ccbd6477c43f631deffc8f25bc99b4543

SHA256
a1e4a2db53b11139bc6332b03d4c573d21138bf93bca3716b5b5f5aa66d2bcf5

SHA512
23abdff4861537af5cabf63b1ffc6d7a88effe6bee7ce45301dbcd7b0f923c550cdd25affbaa850f2c8c8153cc18ba623179ddc4379e6956917b7d56810b2871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
30cb795e8f5d86a8ecbf37bfae597317

SHA1
8db4554738d33c34ff493c920ba321a092ac3c83

SHA256
8ea6743ea8c32396ac3ffa3f63b06de521703e9cda4143149cdc311ef485ed1b

SHA512
127884c0215eff64659e77e156f056f07b62e96aa9d5be80d7734c86c0c19f7edb23270a9b77e34b734d4b047e49926c6231c94cc555d54710e2089363825bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c4a4f.TMP

Filesize
97KB

MD5
88ae1a8e7536c50f8092272ec3598288

SHA1
4fb524922127e0a38fd3f3c3769709f99ce6e1e4

SHA256
12a31aa4fd29aef769944857e989b77f5284ec24da50a2b8ebc9f61b1f5db054

SHA512
9525bb07c25a0d6f0b5264626edf51cdecfb3cdc7da6051be4aff2c1f4332bf98601188dce6a416c9935d65c5c76667341f4b55c4dbeedbb76500c974618c5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit