hxxps://www[.]dropbox[.]com/scl/fo/pjtgmktr3650y78x592no/AFY-84QUEHD7S3yVm5l4_sc?rlkey=98wft4jve4izhf499s1nx5mx4&st=blo4cxlv&dl=0

Analysis

max time kernel
258s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fo/pjtgmktr3650y78x592no/AFY-84QUEHD7S3yVm5l4_sc?rlkey=98wft4jve4izhf499s1nx5mx4&st=blo4cxlv&dl=0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607082310796991"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{66786BA5-D181-4A06-8DA5-2F9404CCE31B}	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2376	Notepad.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 2020	1524	chrome.exe	85
PID 1524 wrote to memory of 2020	1524	chrome.exe	85
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 2728	1524	chrome.exe	86
PID 1524 wrote to memory of 3372	1524	chrome.exe	87
PID 1524 wrote to memory of 3372	1524	chrome.exe	87
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88
PID 1524 wrote to memory of 4024	1524	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fo/pjtgmktr3650y78x592no/AFY-84QUEHD7S3yVm5l4_sc?rlkey=98wft4jve4izhf499s1nx5mx4&st=blo4cxlv&dl=0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6d7dab58,0x7ffd6d7dab68,0x7ffd6d7dab78
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:2
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4396 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4876 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3100 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1568 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5212 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=1892,i,12280506050246361153,8643912920050212808,131072 /prefetch:8
  2⤵
  PID:2536

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3752

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\Desktop\ds\src\mines.js
1⤵
- Opens file in notepad (likely ransom note)
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
690d1f0cd76c360e5ae638bc9b756a18

SHA1
b4155890267991be98aed00f9c5c3dc584ac4bca

SHA256
6a2231e8bfa21e5bb28069a518ea43cbb92f22902769b45d52094a84463e8c19

SHA512
269882ed9a6df6d06d9d8e814d0c0837674545e3002b5f76959556c750344076d3f3134dbc2fe623bc9b0e8a847092076a79f090a9ace46bd8b1c5af609d1398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
475076f3ca52651f026c9973c2886228

SHA1
7cbe77b730627e278f82adc56c1b640a0a1d3618

SHA256
75ac1b433ed036926dc766da8195e1b25b1d448f401f079b4b1ed3b08afb8a5e

SHA512
c9f09dedb952b892bb5e4911fdb70754d56be43a0332c76576cfc28bcce299cc8f6ca2daccb03bf67e48d495d256f488e34e4a369e5b787194446dc31992eec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2052c533d9643975a4dbee4c9416eaf9

SHA1
78aee47bbf468d7a4c54fc4eeff2e74630497f95

SHA256
de2a58d8031f00597bed739a41e8d31b1af495cc3eaf87c31bf84222b6b7b654

SHA512
fea0850ab6c74b43e255578871d084ad4cfa3390b14620927d94866b26f3fd08a43aa050eb2376cd84c2c15b82c1ed0c33d9a3be3066954e7b616adb38b8a416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
12351d158a247e5e4b3d3a2afec1e607

SHA1
b05b73299dd4ebb8dca9f3e235031cd66059b661

SHA256
e8147008d10d6d4ce14eeae7cbcfa11a0272a6fa1b78edd956fb0eb4f5e34926

SHA512
7512543dfca7a2d8f68d0716d5986ea2f1d97bbab12c46ea5a5f3d5a23c1cb05ea83747fe7f16642108bcf1e39b6ee3ec9fac80653841b3fdc4b2c160b92a931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
9a6a25d213401b6d98fb4b4fde35117e

SHA1
a59c4b21b90372fafc7f0c6e6c58244495eaeef8

SHA256
60e261b6a766f9cdc198c21fdce69b29edf6141d7ea6549b88aff79416224a82

SHA512
fdfa392f5ac5c871ea1a86229f449c24bc99f8f7006d644ebf1567e945b3cc4c4b6b0c86bf15fa19ee148f4795265521e5fc239fb5fcac940d01b1b629940cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
500052abe2b18cdc8b0dea54f05c3aa6

SHA1
08032dc7346acc214368dde973c77eeded913631

SHA256
44ac919c19e54139927e695cab93b8e7de7cd7868ecd4d529632769d05e06053

SHA512
1edf0c827b2336bde5983f0b5e66df56018e60fdb0d81a78137c267f40fb91d4c1110c455a5f4a63aa80963c23950ba6e01080b2877eca3313ca7b495a416cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
d2a41eedc7947de9532ca908abb16bc9

SHA1
4b42ff8b0fbad81bc96d22075b5cb9e98cc98bed

SHA256
222e1570cb32206421dd45afa13da308a3d30985375229872f65af3b9641a24e

SHA512
3408ff6a547624ef65cfedcef57fba032a6b0990954fb0182ae00f00af71f95a82ae1b07ed586e7085536cad214e8cfda7fa85d0c07dff7b0e92e746f0670ba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
bd90fcb27af011e5c465dc2b1e86534f

SHA1
21fbd5fffc3060c372dda59c26f741c157ed2908

SHA256
ecda6f26c5ca9f0394238c98130313dc1b8365f012aebb30c8e661d3fb52a468

SHA512
a61e91b4c6f6c384921ec092538ac19e35cc48cbf9f2dbc605ac4f4b625cdc5e1cc741c0515012866622877e0e207dd271e7f1f1f956a03616039367627317d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
9a4fa2f9da03ea5671b42ac55d402664

SHA1
5171a38633e2183272351fdc5f8ef2f3c856abfe

SHA256
441cf8b978242cf14e7499d0654787443ae3dcf674e73d56e708b862a84acc89

SHA512
d0d254bdbb536592f3f03167d5ecbee0f3e449ae4a5319236fd283da5540aa6da2b282ab1f38e04cbaedbf1c8fca6b3da4c4a406b5739ab8c1afeefeb3fd371d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
de4d21467897c832d023bd6d11742643

SHA1
29f53fd9ee6fa670066375751f1f4e295072a52d

SHA256
405bbd799745fb024a42dfda586847e4d93a527508ca4a1ec13f26473ab0d56a

SHA512
46a18d917b489eb90b85edc30fd954395f5382b9e04ce56e1bfeeb02a484fe829ef363ed0a04141293978b20630b77b7f39c86832e65da9f4d12fb4c3a808247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
263e6539da2bfdbbe0a4805fd427f959

SHA1
d8e8cd6483f902f5f567e071c32590292227299a

SHA256
258aadeaf2b8d0e70e8ecad179c755c377c32bacfe0233be26fd5351fac82ac1

SHA512
86705911a7ff9591a4aa41e88bb6c6cc8f94cab435860fe8af570a687337d8cb004ce42732d3f33de1a8820c91119722efa2b31721248f36052dae92959b923f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
891e3420df812631c63acc8941e7593b

SHA1
58ac14de110fdb5b095507794bca776bcea0e1af

SHA256
4e6ac156547f436f2f985d54745964933023328527792a523f1ecb22f2d5e1f8

SHA512
d119766de900118aecc63614b9a0baf56ae91ccdde57510d6a6b4f9ff722da0911f97fd78f3b0f86a8e9be9d3c590e27bfd79bf3c8ac881e3502ab1a25485538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
71f6833d57d01762f4752fe349bf5392

SHA1
a193ddec276c01b442cbaf4021dcc55f8b97aaac

SHA256
01975d97f357b35ef9f0e17ce69393eacc9a4d6c387bbfcbe2d8664d786d817b

SHA512
d4d745f08fd3bfebcdc2832061f3248b9168f72145df891bfd790bf35c93b2a9a6edba98d15543a9197c7960a4d60843a639601436f0bfe561c080d1d71bf7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
a3bdef9fb6188606bb12109f20f00a4d

SHA1
9f2bdfefda5e480fbf842e7fae2c5193abf83e46

SHA256
70121d1bab917158b564bd19971696dfb8a79f365449d6bcbb0aa48cf19cf215

SHA512
f029aa4fdf245212608215c3de4a57c66aae9aed92c0de483be390d52dcd9e7bc12b5b1fe133de2a394c9611501aa73faee92e5bb8a2f714a7858a9e7a2610c9

Download Submit