4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865

Analysis

max time kernel
1081s
max time network
1082s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
13-06-2024 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

999.txt
Size

2B
MD5

b026324c6904b2a9cb4b88d6d61c81d1
SHA1

e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA256

4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA512

3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627597718125176"	chrome.exe

Modifies registry class 1 IoCs

Processes:

cmd.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

Processes:

NOTEPAD.EXE

pid	Process
4276	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid	Process
2092	chrome.exe
2092	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exechrome.exe

description	pid	Process	procid_target
PID 412 wrote to memory of 4276	412	cmd.exe	78
PID 412 wrote to memory of 4276	412	cmd.exe	78
PID 2092 wrote to memory of 4052	2092	chrome.exe	84
PID 2092 wrote to memory of 4052	2092	chrome.exe	84
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 2188	2092	chrome.exe	85
PID 2092 wrote to memory of 348	2092	chrome.exe	86
PID 2092 wrote to memory of 348	2092	chrome.exe	86
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87
PID 2092 wrote to memory of 1472	2092	chrome.exe	87

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\999.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:412
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\999.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff8d8d0ab58,0x7ff8d8d0ab68,0x7ff8d8d0ab78
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4984 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3372 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4560 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4800 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3936 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 --field-trial-handle=1832,i,3602072980169736905,3975187921043536747,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1940

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D8
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\40863b8c-5de4-4714-aed9-8fec2ca47dab.tmp

Filesize
10KB

MD5
ac26a22be4aec4bdc397b5741cc7a30a

SHA1
d35d7e85a1c7187b049814701b0ab69cbbd85a73

SHA256
1aaacfeee5f7ffd69c92d5d0dbd1829aa891cd0200ca2e6c26c2a63c16818326

SHA512
1ca9314df9400cc3b774d83c5a17cd952e907571084786f0260e846fd410d6bb04cf8ae39ef3386febed92a3eeaa8fe55208a92b3cfb265d3ef72fe167c022d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
26KB

MD5
46488749b0387e39984b58bd1902d7e0

SHA1
4a92b60abcbea606d560c90167913b17029bf723

SHA256
e9a177f0957949b72dd20e227c53424a3dada256ed62a77dfd5dbd7f2fdcffcc

SHA512
e05b085b673765c6a886c5c9e20ba1a9220af389dbe28898c5f242d1dbc458bb6272991d4143f453a18622a5d1977ff6cafc3afa737260912fe8e122a411e85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
1024KB

MD5
f6dc87546d9605b14ead36f7c8d345f1

SHA1
234211aec6e80a887deb8fc5b0d854ad189d5bb9

SHA256
00e793280edf2ef69354af87459aebf06a3aa85e3bc0edc4043aa499a0877ff5

SHA512
079b7c6cbf4ea22c977e8b67d4a2815ef221a6b481bf4999f08c5ebd05513b2730dc2159ce5c51b6e05f73a7f49c9a87b4fca67329c0ded843e14565f43bc618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
1024KB

MD5
ec38a3b6be09d1e5ccaf8c8dfa577a81

SHA1
ac1706f0a3256506c61518875d862d451636eda3

SHA256
144662a9563ff7742756c4a7e5d12b2d61f39fbd7ee4d009ad13fe0ed41c0a89

SHA512
d3e818bd99f83d394cea719abec9777be0feb91ab3486e790f6e140b559234f2d64675475eb8307e43bee136902b68c187f4e8c40e8f9edd578eb1ae710a90ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
69KB

MD5
92f78138688f7f60da82384402296cdd

SHA1
9b722331030ca2c36eae50e6e92334707fc66258

SHA256
88479f617bd52d5cda829a74bdbdf2c839f352c3a8364004fdba9f3e27862ce4

SHA512
7f168b7ac2c75ca95b2f90fbc0d0e2744e17c54f189f931290aeae9444fa3779dc7ce582127571673e1966a4e5dbe79f7bc2557da0a7b1bf16c2a742e2563d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
101KB

MD5
3c5d596deceb7ff52d1d9f661e4688ec

SHA1
bb1729f396680b82000a789365d395cb22f60b09

SHA256
ff74bb468344d5b40357fae01ca3957dc3be478de933d87114e0005edea5c0d8

SHA512
830522b6f2d84eac8dd9c6b90368c25f2b1e6a4c91f3861ec93ce79f969ef856d6925ac765660a3bdbb98eac4581c1fafca3919901c9a7a1c7789e42b6036c5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
24KB

MD5
1fc15b901524b92722f9ff863f892a2b

SHA1
cfd0a92d2c92614684524739630a35750c0103ec

SHA256
da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4

SHA512
5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
207KB

MD5
8b7e877ff43fca50d7c3dbf285ead510

SHA1
46f3a44160b1762a295dc416c1ff74cb245656df

SHA256
b8f3cc5a084ac358184a403dafde83f3ae55adc07508e57e43fb25843e5f1a7a

SHA512
3a5b519a909ce1d0f3c0bd6a9dfe424d666c952074aa73f33bf4cbb75f3aa51785a6872eb1b0ecff9ca6f39308a124b8d8e95a5774391c3c2da4e552aefabfe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
14535817c06e918221ad57886dcd1110

SHA1
a30b8536e9d93b16c2445e8f59460569f8731163

SHA256
61318449ecbf95c248302db11cacce3cf32add496681486ed268b064acef492e

SHA512
1e1295176ac5fb23e25674347c2a6f4ec30499241b5f55c90b4db40f839adde16e8208c45a790fc38b126a8a114d53f5dc8c9bbc13ae09b88543503c28943b9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e7438a8a8735cf4a02a9efdc4cbf30e6

SHA1
0177fa7e5df8c8624e895f417c6decd8ff236106

SHA256
0d3a578b05db735fc5dc54aa1877589357ac5fbaf487bd724f3d988d70ac6538

SHA512
8f5ef06e88f63bd0af35ba175f8f497c7d05e4a08fe4a4ad0e99668ad8f1b977c4d8ba3cd73be43ea3fafe77fd9a1acf8026a3e13a7fb47f3d24af1f58dea497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
685B

MD5
5142d037656d535c8e2f8e0f8a1a814c

SHA1
3c6582ebba2a8ee1334985546af7eb4e27912c74

SHA256
d8bb2cc07cd75556ca623975e5ef19c859e0a52b8fa5b51ce8e87f31a3a8d17c

SHA512
65b26d30fbecc07e66e24f2fbabddb2f713b0f3f5ad1c4ada9ea99c27542a15699f9b8ff1e2a21db4aa3b977b8464622b7864083540edf29596888abda6b175e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
56b046e3bee1db03de73f532861a6036

SHA1
9915c9097b97d1f4a34c784fc875d08730a2b81a

SHA256
a67daf9fe1271bffac236c909414ba93974dfb35f7d7ec24d24d555d38065785

SHA512
13e045723d6194f26e747e325b641a759ef4e0c9e557e7cf57cb9705e8e2eb2a4bdead6c2ce867f23455c2efc30240f1843458e5cbee3049cdd529d92b6a800d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d7f8ef25647ac05938a6266a0bb17990

SHA1
2f71aaae989b0fae262a891b188d94059d8d1a93

SHA256
b23a419efb1f14662e726f2bd8e79ae3d237a3ef414d350b040d0e782eefcde3

SHA512
c307d5fea14d909ddf3be19bd36fbc510270757859b6bfe0c5f5f4cedf9823c061c476d703fc8548bd1d3f30d33a53acd4757765641655601f840d0a26d5b72c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8fcbc925f60f697e68cb9ee17ef60946

SHA1
4932c6511c457d61ddb862f27775fa3709e4bb5f

SHA256
ab43a1a7721e5cb4bc35bbd2af9161f7aa7d00230e36d077f589fd6d89b51a17

SHA512
057f7bfe30b9db373c0286d82458bf5f3dcb7a4345a7b36ae2dd2242b0b7f78aa8e874d2e3938f4a2f959de701612a0fc06cee7544e8346baa864f0217cd3b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2106db7010e00ae0ffb54e5e63354491

SHA1
9b19720197a870119dde9e8e6d27d7c72aedc09a

SHA256
d20a104be0c63dc6a0eb8dbd428c5277f9660f18efab783e79ecc0490159612d

SHA512
2c33b3fe53e1a9a214723fe6d0204292222ed3347d3826e0fef604e14ced9211eab37cca264f8a68eef731ded150d5771e355a68c050fac94424ddb48302761c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ffa040ee793671c587bc84bc727d7652

SHA1
3a788ede0b9123b789feb54de99561ad678b31c1

SHA256
0dd78a8927d01cb4f837b349c22ea72fd0f179a9c43d1908e577b9de8f5e2cae

SHA512
392003580a828a6504d4fc051678d3db8af4bf3e4f277f14925e24662fa09ff6c4aadfadd95abf14790891bd1bb8eef79dd9bb143569f5fada7f4647d49c3d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e8a7d5202ca70bdb35149df24f0e886b

SHA1
213bd0aea276309b95967c53b0e551470aae4018

SHA256
4cc6081402d1aee0b55556604742a9e225890290e418da8eef96fd215f77c2db

SHA512
fa6e0fcaa0f27b97c0179b04e3e31c117faf2ae5db50e16c9511a95dec0b95d0fcb7195402f89bc9a0d4f3dc91884cde8e8a43ff559a282d09ccf29aaa25fef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
274KB

MD5
eb46effee733cfc9d66359f32eb3f07d

SHA1
74dc849f5e2b6f2d2b7a7eda0f14cec2674fe39e

SHA256
980de093a8677d70dbc9945cb5660a7d44570bc90a71a3703109f865c2a6c4b5

SHA512
4dde397fa9218004f3d917cd9fd2588b8ae1971117bd222b911dc3c60a4b4a23676e6d8ed46e215a67d120d4388ccf57c5c16d6fd9ae9da086d7ca68f6b98b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
96bfc12e2f5cdfedaac5fed59917d598

SHA1
a215e57377d66d1bbd2771cfc708deeb44d91eb9

SHA256
092f0f651b9fb77cb050718c1aa3c88dbbcd014226bdc8c809d800cb3bb04759

SHA512
90800a972ccd3dc54a2dda2edbcdc5490148483dcd2e44468970afe069adda38899eca87da264b4de6c4b10266267ecdf07e2a2cc435ce9e5d6b4c1c425d590f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe66ab0c.TMP

Filesize
82KB

MD5
45e8742f8442a163327b746b538773c9

SHA1
8891922eab9acd4747360f839e4714109a5ca007

SHA256
6363e9e60c2a73b3a95833d5b80e3a326c64814d9deeafa859c2dfb374d99041

SHA512
adc018d48a6cb82987cd17dd030fca7f2ca25fa86fd0f2e6f339b2fbdba63b4bf1256b4d9214baf02a8234fe229be1db857b0baa263385f226b2fb5f83fcb213

Download Submit
\??\pipe\crashpad_2092_XBDGSZHMSJGKYUJX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit