c012d302b6065544f8e42bdfffc3d3ed23f07baf9a5461e97003f70eb1a238b8

Analysis

max time kernel
357s
max time network
359s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 03:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MakeUP.txt
Size

3KB
MD5

3793e58bae9c71386dbe889029695ba8
SHA1

713528c25a14b28c4d6330b45e05277fcd1a3c48
SHA256

c012d302b6065544f8e42bdfffc3d3ed23f07baf9a5461e97003f70eb1a238b8
SHA512

33e76768066bf3c9ecc6935e99b674cf27fcdcce7b204d2ab25dcfbd4e01654c46c64a2736b143219854b5e6089916b1e63cd61771e91035ec785aae870c8677

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2404	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2348	2104	chrome.exe	32
PID 2104 wrote to memory of 2348	2104	chrome.exe	32
PID 2104 wrote to memory of 2348	2104	chrome.exe	32
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 3020	2104	chrome.exe	34
PID 2104 wrote to memory of 2012	2104	chrome.exe	35
PID 2104 wrote to memory of 2012	2104	chrome.exe	35
PID 2104 wrote to memory of 2012	2104	chrome.exe	35
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36
PID 2104 wrote to memory of 2764	2104	chrome.exe	36

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\MakeUP.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7169758,0x7fef7169768,0x7fef7169778
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:2
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=852 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1488 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:1
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3720 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3200 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3388 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1244,i,9777904049949836333,18346172433290094915,131072 /prefetch:8
  2⤵
  PID:1544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\51fe310b-825f-4b09-9cfd-697dc291aac4.tmp

Filesize
305KB

MD5
7cb6deaa5b952c4b8ab1f809fdccb348

SHA1
263ecd1ae34b0118fd5d74caf8fea95c0ff676db

SHA256
b29b276f3b86678df6fbed5fbdf9844be1cc507a7d0ce07137d48cadf689feee

SHA512
7605520cfe9641c16139be05a69d1f33598f4674dfe741809644143ee1fbd51e9e592e2e8211d85b81ef511e0d0e2b64e13c2fc7e3109d76d66e35447cbd31b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
29KB

MD5
3feb955cbbdbe5a3c809dbffab6ad111

SHA1
fefa25601855998fb7a4df05eadbb01a329cafde

SHA256
d371a700be1caa0639a4891181835e7d07389b58c5948eaf77213e24addc131a

SHA512
07e9d0dea0296889631f9ce82f2521b03b12d748ef9b89b393ee47d5766baf9d1b242fbf8b133874eb43f12d1114399fa9c32d361647b5773a05e0c5c56ea41a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
444KB

MD5
2df15e010e50e7ce494bab6175f6e4bb

SHA1
8c7a73cbd34e82e6081443d051f1a180d6273a67

SHA256
e24fb9117f9a1cad80a89d351c278f4d020cf4aea4f25a18ed43a101a718c03c

SHA512
6ebef1c8b234a415a6f2147665d3025b3e83a4e5438e51957bf50fc3ae8f4f8b0f0c207610048856fdff4cb78cc131aded0d8de80d4de8f819159beb5dd9b82c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
42KB

MD5
53189064db745af8869b5f2a4fb5ad09

SHA1
1d1a4e7e457fb689c9c2e1b2bc9137931cf50efa

SHA256
d23d860cee0d3a53562627a4e2d2d635ea48262e0db0b7280ceffab6191d0897

SHA512
b8573059bd13699f520ba2c814891675cd3ea14c9a463fa35b11d1184f6be1e0a3ce9e26c834b7e1e13ed78349cd6530a30c75e0971a98fd62edb7094a4d513b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
176KB

MD5
46807eaaab340a4928bfb10f5a5c540e

SHA1
43f10dfd265598a19e23fd3a487353aab486b6d8

SHA256
e81ff303adbdbd38e471d60ce94ccf5ef87c991b2841944d39e1cb2976300b8b

SHA512
1acca95c93e0305618b7aca2abb46f6c7da5e54a9c4b5efd49017c9bc0d4c00557e80d908e33c2ddb5d55cf07101192ed5ccca7018e1c3e1683cc9665e898699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xvideos.com_0.indexeddb.leveldb\CURRENT~RFf776f08.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
f0453b707f052089a420c4e8853c2eaa

SHA1
cf28fc76e9ed4c0d3cd0f901c4aaafc8b93157d8

SHA256
fa8f0a8bb390396da048f243d0bf1d6e79d8a92b6f843b772d92909e6783522f

SHA512
82e2dbe412eddcee6ef90019196356cacb7243d012182dea5e3e130c4d5aac8d630b798401dd40465cf540237296ba8d93e8fbdd0c7a7c67493ce8b9ab2451b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c4eaea427313dfd5900c9a067708ae67

SHA1
dda0846c3bdbbe8ed7ab9f5f382f159503cd0b29

SHA256
f97cc0ece9e6c507acb3719aab63cbb78769a1533afaa1e373597070645511cd

SHA512
e98c3aed55dfe7498a1aa393fc08be963286cc5e95dea03a0d56e38e01d1d3519cbc6bdaf00fb27f63b51452fb0d4efa08b90865b9ef638b64edbfb9d32f6807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e2a75746f078a9da104ca2dd51207c34

SHA1
a62ed20aef63d36291f190e207c676c275e5bb9b

SHA256
b09739886903feae3e47a70195fed1eddea9769b4d211a83e7c61c07c0637161

SHA512
32ab3eed4176f36f297dfb0c991b12ec33358e32fac00f002c2f546bed44fe49b39467fda0e5b47fbdd684a4bc5b4473d5b10741b95619a2850fa9807d0358ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e85808ee38a5fa465d9cdc5155ccc60

SHA1
1c6e7e34f28c196b92985e065062c5aa51972bcf

SHA256
1e916ed436bf0bce6378d80a6792ab11ab0794575e5ed55a741a54715758e291

SHA512
686dc609882d2d41848354c3a09f08bd00bd034591c9eee23f6dd2da8a28e9ab76381111e22b65b141b31b7f7a9bbff99b4dd0ccc0acd8e48f2e98b5dd99a9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a48f9addb11eb03f4033acac068180f

SHA1
f222b2d168c635dd51eae2ba9010f9cfc7f25461

SHA256
1e8eba68d3ac903aeba7c466e0e2dc1cc8b9855cc37ffb90419a902024e2c90e

SHA512
e48f59037f0ce05b63cb7c3bb91578f153da6c5396575ce0cfbefe679af817d4dee96d88549aabf783666efc9d15df3e594d6688a80e54d41b2ae87c649fbbef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
305KB

MD5
269cf0d875dc29b4e17ff08d74c00bb9

SHA1
cb78bc79c89d659b5dab726779ba1b63520efc9e

SHA256
f79d39a48648953bfb619fe5dec5c7aafb5ef847169d8d3440fb09c7daeb0a87

SHA512
5d0244d5a2ce0b81a0b07f613898ea7fac053f0c1c305d905039524d70cfe87d42c1a94463a1c9ead8d117cd2441b6a167e0b03a55ffc41e46d3c06cbf15b257

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab68D3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit