7cc6f3940549136de680ffb4c83c50520cea19713071c8b7ae5314f2d234e8f9

Analysis

max time kernel
36s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ass.vbs
Size

1KB
MD5

217ddcbd5c105d8332d4e79d389dde6c
SHA1

e031e81f2ea2b4caafb3e112faf5e4213917b54e
SHA256

7cc6f3940549136de680ffb4c83c50520cea19713071c8b7ae5314f2d234e8f9
SHA512

d5acbe4c5d0aac9bba4182e56aac440a1bc5dff4d294372ed5478c02b77b02f6913091ac3773fd77c934fb630db46a12bf60b8787e7b56c42ab631c7c8990502

Score

8^/10

evasion

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

Processes:

reg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	reg.exe

Disables Task Manager via registry modification
evasion

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WScript.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

1572 taskkill.exe

pid	process
1572	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585210626716536"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{252D5D29-9C47-4EC1-8F8D-A9A927A6CB4F}	chrome.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exe

pid process

4104 reg.exe
1464 reg.exe
Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

notepad.exe

pid process

6000 notepad.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4924 chrome.exe
4924 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4924 chrome.exe
4924 chrome.exe
4924 chrome.exe
4924 chrome.exe

pid	process
4104	reg.exe
1464	reg.exe

pid	process
6000	notepad.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: 33	4848	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4848	AUDIODG.EXE
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

WScript.exechrome.exe

description	pid	process	target process
PID 1804 wrote to memory of 1464	1804	WScript.exe	reg.exe
PID 1804 wrote to memory of 1464	1804	WScript.exe	reg.exe
PID 1804 wrote to memory of 4104	1804	WScript.exe	reg.exe
PID 1804 wrote to memory of 4104	1804	WScript.exe	reg.exe
PID 1804 wrote to memory of 4924	1804	WScript.exe	chrome.exe
PID 1804 wrote to memory of 4924	1804	WScript.exe	chrome.exe
PID 4924 wrote to memory of 1972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 1972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2872	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 400	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 400	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2556	4924	chrome.exe	chrome.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ass.vbs"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1804

C:\Windows\System32\reg.exe
"C:\Windows\System32\reg.exe" add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
2⤵
- Modifies registry key
PID:1464

C:\Windows\System32\reg.exe
"C:\Windows\System32\reg.exe" add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
2⤵
- Disables RegEdit via registry modification
- Modifies registry key
PID:4104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/watch?v=BbeeuzU5Qc8&ab_channel=MetroGirlzStation
2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8b6b9758,0x7ffe8b6b9768,0x7ffe8b6b9778
3⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1880,i,10670794539359579473,17019372161081543695,131072 /prefetch:2
3⤵
PID:2872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1880,i,10670794539359579473,17019372161081543695,131072 /prefetch:8
3⤵
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1880,i,10670794539359579473,17019372161081543695,131072 /prefetch:8
3⤵
PID:2556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1880,i,10670794539359579473,17019372161081543695,131072 /prefetch:1
3⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1880,i,10670794539359579473,17019372161081543695,131072 /prefetch:1
3⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3988 --field-trial-handle=1880,i,10670794539359579473,17019372161081543695,131072 /prefetch:1
3⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3216 --field-trial-handle=1880,i,10670794539359579473,17019372161081543695,131072 /prefetch:1
3⤵
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4804 --field-trial-handle=1880,i,10670794539359579473,17019372161081543695,131072 /prefetch:8
3⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 --field-trial-handle=1880,i,10670794539359579473,17019372161081543695,131072 /prefetch:8
3⤵
- Modifies registry class
PID:4392

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" C:\Users\Admin\AppData\Local\Temp\example.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:6000

C:\Windows\System32\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im svchost.exe
2⤵
- Kills process with taskkill
PID:1572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x444 0x454
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
46KB

MD5
fc61620b49e35cb359b1f0cf208f6a87

SHA1
54d6ad78961f356ae02cf52144e2baed96f97485

SHA256
65cf192b867dddedcb10ee782d29d0989c00395fc6ff6a0923e23756ab8e0eba

SHA512
17ae00dcb2a9293e33007c623ebb462ba4961e345255733b03b1dcd4bbecf34db280e77b57813e5b5c42467ec0a7c7af1b40fb038650fe526be380f4624dea17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
e738b6d5aa80dc56a6fc4f9a88859ac6

SHA1
ff012500a14f79e3ab1d39c7c7d8d5fe7fa443ad

SHA256
920077791da20a8bb696642f526804963d915989153c813d38593be93a87e320

SHA512
fa7e8222a966d5a79c5027cb1bc57cbd80fa97aaf624f14afb257c4bb9b708a168b4af3e29642fd36d232d04e6969834cbdf8b656d96bb60929ac2503f3ad541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
c4ee705296fd019d3a924d2218796a61

SHA1
dcc7b87a78ff9b05247f9b2136849b529b9dc6bc

SHA256
cb88a2e0036578ecfd3dcc3cd6fbb8a6ec308502f8a6f325a8acf2b592d3ec5c

SHA512
d51abb4c3404ccd2ad06bac4a5e7f87d758c5d27419f798453b58610bc319dcda946e5e08a0371564df54a8de3c831c0eade8b6e231393a90f67c6f93499b872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
32da849a0eae73737afa37240af8c6b9

SHA1
1420f59466c59b51385d9da23bd4dfb9968fda41

SHA256
f34b18792977227d50cada16bbbe3e2e6d9c98613b8d4fceee0e980d7e469d73

SHA512
8a30f0281bcd7b248add4b44b15764a7f8f428c857282ad0f63bec4d551bb00b6748ed00c31103f973b9e1d81b1cd35e953bc00997f4611159b8ec00aded7a82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
5495faf67fbe00307118712c773e1fa7

SHA1
57e2d337918bbff412d5419fdfd7d18a50132991

SHA256
8eab72d402a4f84e0990d7389bdfc36defd301876340949c414eeecbf1431609

SHA512
68d9394c99bf84318b445a97435e224f93fb83fa17a188c4a4f985c5314e250b649e65c20a116371d359682bbfd7d30d5b07fbcc42fafb2bc14f34179d23bd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
411dc26240d97ee93c098b1b5e0d863c

SHA1
46b2f4ae282c7725fbd21956a51aba2f301015d3

SHA256
1be3f18beaf20a68df908e4eb4dcab3e6671fe294f2307b71c1fdc96e986b795

SHA512
ed50f389b1ef4bb741ad2fbea140d3f8648c3dd8d6b912ff174800da5b86689319ed707ad69cfbee81707d1044012947412b9882304d86777be5e48764ebed2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
7ac4e3e77b10bd33f0ab2ec5cb0a6456

SHA1
cead5022f1aed274b29832c17a06c0cddb270154

SHA256
012b177bcc5c52876b24f8ae1e1148c171a4f45d7a71dac40f7c0c1cbe95f009

SHA512
53095adf1197dd3fed65b306ebfded930d833207f453e9bac5865939bc930d5f9f36a81e381685498ec2733dc50f86b8b7f1011acecc0535a0c7aa6e7fd28e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\09330621-3717-4c8c-ac1b-0d45b651c588\index-dir\the-real-index
Filesize
2KB

MD5
06989f03d079a84652fc113831d4c9c0

SHA1
47d3184f70e9d1fd6a3da14127697cc3cd46dbcc

SHA256
a98bffce773933dbe0deeca0afec84e412a78fa071996c6dbaa216a9ec562237

SHA512
76881c28331aa87c6e1c0ffb6934bc97be30c8f45bbd381f58480e4722cb8b70c73d1c47d11932cc8ef95c649c6173365ff01663b7ac93ab43525c2998d174f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\09330621-3717-4c8c-ac1b-0d45b651c588\index-dir\the-real-index~RFe584263.TMP
Filesize
48B

MD5
c732ccfdd52173d25ad5ade5f934bd54

SHA1
1f6aec31015a8fe9af38bb1a1dbdb34394ccc865

SHA256
3beeabd47b89313eb2d181daeaef42b79f24af0e1e8f2fb95c1ba93275f3d036

SHA512
5e9dedbe44f2167b645fbb4629c9a8276ea0bbacae29d19dea4facc1ac2dea8a337846230798287fa4515ddf53975c9bb05fd4464a1d34b819aad977eac9e57c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\80390e2a-1a56-4ce8-a4a4-f2cb471e2158\index-dir\the-real-index
Filesize
624B

MD5
4c77a8597b181a2f4399afc8eabb5f92

SHA1
2e5a6c8c00cb4127f57cca28206de882b0bc21ac

SHA256
4c3c0aa6b48fcdbc027b16557632a01c332c6963a6d136ed143b568304fdec5b

SHA512
057503b77efba9b5025704d629a4b5bd93cfe892ee1624e24ded6edb8f7c4f8d9f46e3b4776cc7dc1d564bbee4858ef67ffb8c34387a413bbcca14376299f962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\80390e2a-1a56-4ce8-a4a4-f2cb471e2158\index-dir\the-real-index~RFe584263.TMP
Filesize
48B

MD5
c084ab185bd35d33d62ffb5a8068aee9

SHA1
9082a1df6759ad7f1c466251c633bf2992ae348b

SHA256
9b5dba7f436715c7b28a1d49c1e137dcb114a0647de46c190570111beb192db7

SHA512
932813bea314aab7b6bf0875bffca27fe32f79ac3d94236cd4c02c094b78693296d40a4fde03344bccfbca58379ce8b246100ca8f6c088eb6dfd60f4d16ff0e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
176B

MD5
487916ad8d2f757546c9e44def1b16c1

SHA1
3592f31ec0e460394ae990df1a1e4c2596af0d60

SHA256
92f7446c96e03b471b91915a93af150cd1dc00c1be44929688a885eb19907acc

SHA512
486a54cfd4ecb7f9464e68e9056476d25644347b8eb085cdd3055ddceb87fd749fe84c0f2f0241a62f9f02613ecd81eb44c6c815ee96191538c222fab64d9050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
185B

MD5
ebf31aaf254ffa2c05a2f0c9ceba1196

SHA1
72a4a9bf116ded4bec5e146145807ded085b7499

SHA256
40d91e8851e2bc33394aff6dee2adbbd4a5699ac4cc678d80f67b9fe2f5ef559

SHA512
09e4163fe5279084f1fc05cc3b9829673acefa5720344f04c3c753c9c5c8bd11cafee81d54a703c7734b31668bc77daf44f8f808413d2efc18bc63c7152d1bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
183B

MD5
b253c5f9ee015044ef1563d4109eab43

SHA1
38d6c67777016299d3aa4607e0f11f756b4738c5

SHA256
e64c883467554d3b805069db4124b9bc521f69fdf21cfb6f8dae48ad69e2a7fc

SHA512
ee0a2cdc8f85454d12b955403d3893ded6da9f4365587159bc8fbc2dbee8dccf22a0dd1990030c8ac40023f7a4209eb490ed9cf9e99719dd06673ac70779c2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
112B

MD5
02e08ef70c4d415cca2ccb25a8067ec3

SHA1
40283022696561984b56553e9fdd2c95df136a30

SHA256
21a9c0210248ec66a6e4ee5e89063234863355d8525b9746e16df1e633396143

SHA512
0d8ff93e2eff5d67eb9dd5f6ea7d458d753552a179b4e1f112e3085862cd6ef853c3f47516963bf26a7585b7bf873614b026c1490828b4ae189f83571f608d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5812d7.TMP
Filesize
119B

MD5
dc47707051735e2c60e664051bc28483

SHA1
0874d53408e1c90eec1233c59c1d15fbc73ef706

SHA256
95bcb1f6f8324815aa7ea760fc0b97311a79e563599304d5d88144eaf8423325

SHA512
ec774e4ec9ad87cc9735b6fcdb2065b6f2ac54b5c9a4ee3238c7e38184f42bbefc1137a91119c07299d2344a798a2b7a4494fcf1fddaa27a7412bd4cb766186f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
eb5a4eee623e5627ff4aec90be64f68a

SHA1
c53d88af22f7c023b18dd184d62f2e624178e45f

SHA256
2356dbf0aa1eb7de50ec97b534d49d0a2f2405ae648f0c6e6623f90311e156b6

SHA512
3c2924af16a2a264adb1a620277f4585d712be37d6404a0496b65d609ad2fcb292ee0d9515d23fa373b38b499dd65462c5ab08ea473936b8dbaba36756902183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5841e6.TMP
Filesize
48B

MD5
02ed28cf0878c944026c56ac64659626

SHA1
5d0ddd4db39817a6930fb8d6b7e7dcb8b2bd7c9b

SHA256
9aa75ab59839261f796966dec0ede19099085cc7345dbc93d0191c41a0541394

SHA512
4d5a981d2020ef9b8ec2018c4e59ff49fbbb025b4f680e2e5639142ce8f2ff49715cbaad20f427c8bc8806b162f413ac530b099cd9bc4cdeb8c042a19d2127f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4924_110063061\Shortcuts Menu Icons\Monochrome\0\512.png
Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4924_110063061\Shortcuts Menu Icons\Monochrome\1\512.png
Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4924_1501365568\Icons Monochrome\16.png
Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
265KB

MD5
1454f1b105c85b002eea6c4e0446baab

SHA1
4d31ebb54622c584fa77801b22f5fa636e47e780

SHA256
b85c4c600683b0e541bca3d1c37edcc773290397484f5a91406a9a8dce5dab8c

SHA512
1ff6dc2609f22edab5bfb0a3cfddface916aaff100a5677f1644a61974899d3a882c5620ca6060bd7acacb70e0c5b1a465ab29765b860ce01ecc713a04d7bbce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
265KB

MD5
3d9f8b5e7b851908fc087896e7d86622

SHA1
aa8249700da11fe46af16ec3cbc1e97d23df879f

SHA256
8384aefe64fb922456ee8ba2d1c27e172b3db228d4c603a370ac6d8454a1d981

SHA512
9438dc5020ac877afdaa1fc9446641c03e3804fe954a3162a941259d2eb65ca23a953502d55f6d010277b438dc9a5ba29b0afc9c7f2f926e1553179a3399ad67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\example.txt
Filesize
142B

MD5
e4322e6cfb7c69f1d60849e720ceb360

SHA1
2f12e0241af2979fdf89613a2d5e67f048aa8649

SHA256
a80362297fe38c2249725a9f448352afb283248fb7231b31fb3c20e113346b44

SHA512
4330bfcef88fb7f3ff928613735b24a2ff7de934f25034751c53add95b0761d85f6c32c28da7f642b63128cdc383c692458719df712f2bf987c174b004dd5482

Download Submit
\??\pipe\crashpad_4924_HGWFGKZRUQFKXOSK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit