410ea10f2b4dda3a0bf158188a8b1b7363ed77ad8cf95936744e984abb34b793

Resubmissions

29/05/2024, 14:11

240529-rhr9hahg35 1

29/05/2024, 14:07

240529-rfaxfahf38 1

Analysis

max time kernel
93s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 14:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

URLs_to_sandbox.txt
Size

1KB
MD5

8414309ff17f162a4c0f79ece439a859
SHA1

b29e3e3192923a01cc57693f8095711ec24f1cbf
SHA256

410ea10f2b4dda3a0bf158188a8b1b7363ed77ad8cf95936744e984abb34b793
SHA512

23f4d46455a859d6f4a464e40f1a075aea51f4ca6aa14dcdea03dc5b8e1241ebb0cd87a1cb9887fd5fcbbbff820f22c421344cb3c912d693934b801e659027db

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614655558717172"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
368	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: 33	4684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4684	AUDIODG.EXE
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 3124	3436	chrome.exe	94
PID 3436 wrote to memory of 3124	3436	chrome.exe	94
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 640	3436	chrome.exe	95
PID 3436 wrote to memory of 868	3436	chrome.exe	96
PID 3436 wrote to memory of 868	3436	chrome.exe	96
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97
PID 3436 wrote to memory of 3092	3436	chrome.exe	97

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\URLs_to_sandbox.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbff3ab58,0x7ffcbff3ab68,0x7ffcbff3ab78
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:2
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3828 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3820 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4940 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4708 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4400 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1916,i,13516180514771723919,10884872083267828308,131072 /prefetch:8
  2⤵
  PID:1716

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3452

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e00b9b48e64c7af5aec4e25e00617ade

SHA1
970bebd76c869f00ca0b656014f8c1281f56753d

SHA256
13bfda73af21879fd224cfe149787fe75f3daa8917d451382855bb9715c1da68

SHA512
091149df48e61b5ce36d0cc8bdee9d114721d91fddb1f9ed393b4216be4242ca68fb18cdc1580b353c3de9f4fdf94e6ac3bfda8d74d3c3a929abaa5a49a9b2a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ceea42f3f1c750583a667857af231b45

SHA1
99528884ab720fe0ee72ae54530f1f27dc7e0745

SHA256
83f3a58c5255c7377b54f0e88e1bd2e624fffb5d6f65a2eaac13e5ecb460847f

SHA512
8c35a2df3317f76c781b33fc2388030d4a0a794e116372530005735f5b584c1ebb6c306bba0838d96d3fda9b55bf5fe88dbfaa813de5d61f4dde96aa7806c910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
561fbf5587cdb9a5fe7e658ac417342b

SHA1
24a3d440bfa07cbd59e6e2f99b6c60fff3e2f378

SHA256
602f4ae6886baa9fa51805e7204def8f6c68f669892b74263795cc4d00ee2aee

SHA512
eec6b4ea7f8e38a88a80697371af7432ade3bf042a2b09d700aa302734c1ca38f876d1b9b79b29494e264bb2d819baeb7dd1bf230fa92213802be98dc08385f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
5971dfac1871f173f6574061415787e2

SHA1
69d01f4da1486fb75155f8de15da8040effa602a

SHA256
a75e2176068f9ac14843a7ca3f48df52ca0d3a732db284402d36ffca81ea660f

SHA512
a35f10dfc40a1c382ce964df77c021aec4761cca695b8aee3765ae42c1bf1a79c4de42b5376f8b0f2a053c56d583887a159c9c30142926380cba7788068955cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13a4e3461d3308d259f375e7e7f2c296

SHA1
3c38ae0afbd64b5a5b7b475b238dbe797847ca6d

SHA256
c53d417b4f8e12909c52a61df8941f13fa3098375348b0138e02335ecae4f791

SHA512
26192c302e465eebaebdcedaaf891dc0d260d2fd86f30cd39f1c87e5e9660965a2664ce12a016b525764b3091ac2769886ca96c2c49db208d248b5a750dd329d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a2b59c226a801a14484cb243a352980

SHA1
5d33c6e719e57d2ea82a132d937c90a65949eda4

SHA256
bb405dbe5091fe766656a1566364aa98b5c331a17c2dac6db9c431c3db5a7899

SHA512
120636083b2783f21af6ccb3552f567ee37bbff87bd4615da366b765168c8ad17a59fce71ec7a7c1e141ca71261627c06970e5f58363e0cc9237f6a0f735ffe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b045f025e90603e7ea343e75f0d47daf

SHA1
d43e324318a26168de7b91c57a6e5c47c8b8f8cc

SHA256
18e6d67b66b3af72063b3c4381ffe57e91a9138213fb7428ec5beb7f4d1088ed

SHA512
1e22531f19dcee9cd03962b60a0e1ed416aec07dbf4adf7e0062e903b68626dbeee662d01c438ae767f33045fab50d1d208d5932422907bb923006ff082ddd25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
30e6de5942aa5c2187c641f94f4f1c61

SHA1
91828c3c571c95f3cff09f02096c73edd605e6a8

SHA256
b27122455724a9cd4fbc85080c71a46b1c050d0e8ae46a78f0517efe4d2c5454

SHA512
a5229684f85b341ab94d66d20cf1967571be866f0d688719494c789da68b06f861109c90012814bd4a3e7b63709a1880026a1bfd0bdb6903958fa1ce0007be90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c976a8defa43ac1b82461b05d875678f

SHA1
9c6024ed158d73c522654d793985e04129c666fa

SHA256
641aec69c6382233ab78f15b278eed50eeb1a90cb79b60128c0984576748a78c

SHA512
b8350b6fe31812644e95ca8a0c83fe3e2503d61489da83f50839604338243f7c758a4e068c6f4f97ae3df8087a98ab14475b13e5d309b42a2748388cccb8ab56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
c0d0770c488b2bf93c00320b995c7fdd

SHA1
0550043a719e626aba2aaba1ccbdd1f5a8a07a3a

SHA256
493445148d11206d82ff6754962ac835d75ced6548ea9f85fcda5649009ef66b

SHA512
c781e5b8348c81b0f71f06093f530b2c861bd80a2fc80f6c3e7fd2aed5a710c62b32f6e5177e09668753b63c2b8734b168420bcd317b7fc03dbde97241001621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
32111cde04b831d5cf5c9212175137a2

SHA1
8a1d039850b2bc65513241cb7c8b2d73d48ab8ca

SHA256
b01078664f7915d17da73f3d198153e24ca36098cc054d55ba113ac6147f1009

SHA512
2ed62be845b8a8cc6ef68c8f4556776614f1d0ba43b740f328081dbb3397a8eac6d811f464e172a3e6d1c74b5f1a76e8ff77ce8e4387a3c4954f290704ebf651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f184.TMP

Filesize
88KB

MD5
819a9137ff3b29bb8b930a2230378177

SHA1
8c8567ee210332c6a0d019e8fb00975df092d001

SHA256
2721c7e296abbf1c65c514dfa82f9a40f4459eb8d7d373d269add12db1c55089

SHA512
e1d7d6beb72709183538e21ee330b8d4094bb4d9a7c3913a743a3e1a8700620825ab639af3aca9e5ecb68aa02a158210f86866c434dda34d18f43da9ae2391b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c9f9e58d-1844-4c9d-a7a2-4992e812ee20.tmp

Filesize
260KB

MD5
7faceea5ff039d5fab1bfd3141ee7a14

SHA1
17d9eccc4140d384df73933ad0e7463fa3789de6

SHA256
38c4ff99bc9c43a6ec7e35f32cf10be915f03252355125d64e36ab26aee7084d

SHA512
36fc63fbc68308d37de9674786912a0ceac83515637795bf952cb72a99df119e87e4b3f9e62aeb4786f56f33791ff26f7200a99a455d845bffe6340f3b7117cb

Download Submit