2dbd1033a26118d27915184864ad2a0add89d5ee3153eca157fadaa62ad19af5

Analysis

max time kernel
213s
max time network
215s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
25/07/2024, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

text.txt
Size

168B
MD5

10a317ca10f0fd2af4bf2043ff8dd8fd
SHA1

c02bdb3aba83817ea599a004fcfbf09c419c326b
SHA256

2dbd1033a26118d27915184864ad2a0add89d5ee3153eca157fadaa62ad19af5
SHA512

192f635707607a716f2d12f191cbb12a42f65d1aa5446ea7a6fc6adfe8b1c88d3210488ceec2528d6e276593ed9603fac14939bb431b689702dd4f1829de44e0

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664049242167892"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 38 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\Registry\User\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\NotificationData	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1376880307-1734125928-2892936080-1000\{FEC6E1C8-8516-49DD-A850-4A9408F4C043}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1376880307-1734125928-2892936080-1000\{CD94336D-6A36-4952-8847-B21FCA9402D0}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MV5BMWJkMDlkODItYmNhOC00ZjczLTljNDMtYzc0YzA2NTIxYzlmXkEyXkFqcGdeQXVyNzY4ODI2Mzk@._V1_FMjpg_UX1000_.jpg:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2068	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1220	chrome.exe
1220	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2068	2700	cmd.exe	82
PID 2700 wrote to memory of 2068	2700	cmd.exe	82
PID 1220 wrote to memory of 1188	1220	chrome.exe	88
PID 1220 wrote to memory of 1188	1220	chrome.exe	88
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 3308	1220	chrome.exe	89
PID 1220 wrote to memory of 1184	1220	chrome.exe	90
PID 1220 wrote to memory of 1184	1220	chrome.exe	90
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91
PID 1220 wrote to memory of 3164	1220	chrome.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\text.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\text.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb908ccc40,0x7ffb908ccc4c,0x7ffb908ccc58
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3564,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4388,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1356
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7fa844698,0x7ff7fa8446a4,0x7ff7fa8446b0
    3⤵
    - Drops file in Windows directory
    PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4444,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4700,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4920,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4680,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=2244,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5144,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5308,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5032,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3432,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4512,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3672,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5624,i,15344722277540056124,421391102724199966,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2304

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3420

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004DC
1⤵
PID:1412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb908ccc40,0x7ffb908ccc4c,0x7ffb908ccc58
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,16081292609036058913,8108840296467148604,262144 --variations-seed-version=20240725-041529.923000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,16081292609036058913,8108840296467148604,262144 --variations-seed-version=20240725-041529.923000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,16081292609036058913,8108840296467148604,262144 --variations-seed-version=20240725-041529.923000 --mojo-platform-channel-handle=1724 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,16081292609036058913,8108840296467148604,262144 --variations-seed-version=20240725-041529.923000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,16081292609036058913,8108840296467148604,262144 --variations-seed-version=20240725-041529.923000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,16081292609036058913,8108840296467148604,262144 --variations-seed-version=20240725-041529.923000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,16081292609036058913,8108840296467148604,262144 --variations-seed-version=20240725-041529.923000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,16081292609036058913,8108840296467148604,262144 --variations-seed-version=20240725-041529.923000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:5920

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e21b0c0b94f90dfdf4f3279e6efc374c

SHA1
7f476959652014f62ad265497fe262cdbcc61e57

SHA256
5174ce509eb9087a2407c850d3d1cd9fce3f390b33443225f71576edeb5d30c1

SHA512
68064a5130ea06c60ccc14a869f74884e0492af5172e4da09f7d00d8b5bd27ded537ce7c0fe104fecbfadfbecdfe20fced1e6a8f7bb3ab8039c111c531e5befc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c162c3127b1377f98e7637f04926ee40

SHA1
c8a10c010aa5ba795c1882d3ee8525ddf9c9fb5a

SHA256
7a1fbbe91318eb36447b92dc03835b497587ce5065bc81d460bc6cb398fe245c

SHA512
32a83cad0701fd4198022d03ee95bd0013bce5e32b5b3dade1a0aba7f485347a7fa6f3b93f63060854231ae027ec6a1a6f7ea6d25de353513073191d7f6abbb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
181B

MD5
a4b84b555fd393db4a8e068c3ace9e21

SHA1
1fa957a80992663ecf6c6fa845da8caf5ee85bb8

SHA256
90146e2d42fe4408d80bbf0c4a676b7d33555e62089f68b999235a192159ed01

SHA512
3bfdf32a6994f8b4c8584ae1be050442dac8bb0bb4d8fd3c2a5c9efce11cbd72e13cfcc1cf37856f43d21a977a211908dbdd1c1a4b8ceb2cc245ec7770b85384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
5a3f7d729f46049077899eddfc75c251

SHA1
ff4362b9bfc2a284317d40cfe3b39f006fab19d4

SHA256
66907b0a05242402e5952e63ef520f450e69c1c664f79a1063294f6e5630e59b

SHA512
c4a2ce30d58da6fe695b11f374d448c13662ce3b1373b74b828ad27916f15131bca1d12477d050ace49de46d1760a46cbc64e037ced743253b9725d5d5d99d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
42KB

MD5
9536d3440ffc67b7a69bbcfe9666e198

SHA1
846574f6adeb107fa58ee53ba0813481488ecf76

SHA256
c24fe6d307d97ce3b19638d8418e43bdf6aa93ec9e0fdad56e69f4f3d71d7698

SHA512
5922b3645c4bb710a13a3087a5accab9b5cffc6e60e584571e452b57e52e366fe911824f648117ad767341c9525c4df05073bc72cd30deb666ba99493d5e867b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
ed01800fe6dc4aa2e28f25259b7a1f8d

SHA1
2bafe119d6002c823c90d386833eae3d2c4c82a9

SHA256
cd48f03188baa7d6078a8a71b6d6795b87c6588c57de5c602e82c611440d4b1f

SHA512
f000592f245597c9bee1a7241c572e3538b4236d6b4c1075aeebbba9c4e5788b21dc82442c01f0510dc927a21c561a6423b04162664864969792626998cd8d8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0ee7867fb3e80ba2af6efb6851d553fd

SHA1
0a87e526841bfb5f592fcfd621abe04e72ecd145

SHA256
054f9bde8d3f2a26c115031ee17b40e31a2d16431e0b377da7ef603b91a86c3c

SHA512
93e76e7b5d59fc2d671e55984f02e6f96d8214fd0c504a6efa82c56c839035c6e76744b402b5e2a125d72ff629eee1703cbbe1397ffeb628bed2a1953352f9a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
47e5c1577f1825fe40e3720e62d64056

SHA1
24a0a15e0eaf018c13f1d69bf837ea98c5002101

SHA256
9541878d58b37529f53aade5ec54d34a1ffafbbd3f3235d7559e5059946b1413

SHA512
2801c22ac3d076956418e5493b7c7e3750ce52d54f62a6352c5199d7d2f86f1e0abef4041cc568742984537f1c57352173f065305e937bafba9e4cc2094b3433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
147B

MD5
07e01a8130579ad90f971687f13ef8ae

SHA1
e91770dc2c50354002a65961205ed35f5b537705

SHA256
6ca8d5ab5f652ec31eb1aa896b4987c7d8f470e8231a8dc7b18894c1874d45f0

SHA512
bd3c84c4cc553a6eac0193b08717da0dc5d9b3bfea3a35b25bed98231a6a862db743175828d302f2f75230d00afa6f3211ad36d0a20c5ce118435358ae7b9994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb__tmp_for_rebuild\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
737B

MD5
ac7f40b842aeeca5bb461019d6a68e1f

SHA1
58b17987977ccd6730ed2eff00992b420444a966

SHA256
d4423b9e19172453ceb2c91bbc7cd40d4c18b69eb9dcfe19d0e390ad8ddbecf3

SHA512
5b197fc0bfcb74849a2f3cfaeca054f9c3e4383fb30733e6c138be535e442814bf85aa32fd87347fb2ab589ffe188e6d2d770309fed8821f039227a95c29353a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
84B

MD5
32b9dc9cc81d0682e78627c873fdd651

SHA1
46c486386d3e153c3e9b11d54cb52cf0064b71cf

SHA256
712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c

SHA512
f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
764B

MD5
7ef18c33207b8e583efefeadb6bd9089

SHA1
51e34c13a118f88d9d09c2ec32513710b07b51fd

SHA256
b9684c2ad7d76f5866d568c752d4648854bd09d4df28bbea6f9ae00cefce39dc

SHA512
51e3811491cafb0a6457aa39f43d1ba0280e98dc9cf860e2f5ff8fcf9a21b9a83dc7e20d891b01d9c5f1ba0ce8981c9acad7da5c1f4e7b6968d63e9a4daa9e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
76d4f95727dfe4a5d65a4e02b3c0511c

SHA1
8a6929d66d27be301629b89739ffa5f0b0eba11c

SHA256
3558c7ea42a88eae3212cd4b7f2704f016b456286d8041139144b06d09c8a451

SHA512
03ac9a7899684a9a311b4161df4c5732692f46cef5e6a80f8a5af9734483aeabf255b843ba087805a8a3c8fa8f704ffab437bc687e0243a8cd234098eed513fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ac4dd3f63c072fcbdb9983c6618aa991

SHA1
f1da77dd500827fdc83d3d0605a273b447e65bb2

SHA256
a642d18d94d3f8dadf10fcf8f4d546d508a86ffaf6f9749ffb720db5fe920f3d

SHA512
96914fae8400991a7d8afbf1db6930146d5e8f0b232d4faf50c572ed5bebb8a41f08ba865880ad4111bea98c394bf998a4a907da54b3f01bd82990a60b3e070b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
22B

MD5
3bb76ec23c5506830ead56540e06159f

SHA1
94695e47d907e559e91e677cec4eb763dc0c5ca9

SHA256
6b40f4ae548688a472be3ca0c1b08ecf520b31e706fec0f9793b4666134eba06

SHA512
307f9bd06ca5ee753acdc450cf1599dfc8ed080d9a1b19d752dd9b7950377a5b04e44d374f12ed76abd74961c2b1f8ad6c93e4663ea77f5d6e066570c1aa6bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
189B

MD5
dd00e41298d96d34382a73eb84ba0021

SHA1
5b00dfe0db6d99eefc7516a088244ccf8122ce21

SHA256
ab8cfed4686b86033195864e3bb5a7892c3363fca199264e3fcfb22666b2e611

SHA512
aa0835ab850f9b8911d9258c4cf81b61b22fb7a43199fd7554a9e939d1a137e22b4748b20cf12752dae14d388f32136f2d41dda9dedd6c17a444de85aa2e8cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
355ec92a84703593a0928fc7609f7a7e

SHA1
c676afa125906f23c213cfb8784f7651f15d487b

SHA256
dc57c7eea9594d4b419a5704f28e9e1535d72806da79668f66611535357324c4

SHA512
69adeb3b0a1c933cdd727296e4279bc7f54889a18d7198176997aa9226bdf2d673971f6800f8af5842b68b6f9da79e48e60ad292939660f15f20f2c3b15ceae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3de202d5673ba96f24a42e445786952c

SHA1
2ea7b1ef01db29bc748606017f1967e4f29ce507

SHA256
7b5acc3c82bb3555c85208383239da48be927f8d39aa79be7f152f2ffd068aef

SHA512
c9bf1bf5dcc9ab414df38302755b235bd8e53c6d23b63a75b0825ed864beff9860a25d8ea8676cf0d69fa8ffcb68956e11ffb578b8cefe2ab588da2c48283d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d7c43b510d3e82f9ecd3b17b6e42ff7

SHA1
011b4f9709ec8f53ee1a4298e048af31503c2611

SHA256
afba92b066b821c8f4d2b17c9cc3b623c47be1d4bd3f52e35b605cbac0d998cf

SHA512
5fb69a1024f39b14e7b83d64132b3863378ed18246ea2b2025721fb7074a23cc48f43599a31fc24111f66428068049a9783e961ef86a112b6fb2ab0f22ade689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dffbad06c10808f834801faa450df79c

SHA1
e0df9b0a85e191c7f0bb45d90c1b33741b04219d

SHA256
9af3c8f8d34a0fd47470017d67b93e42a20114f704bb99c4a3976af72192cb03

SHA512
e20922e9e508844ba39f04f8031a111f35a7f5bb35e504d90dd1c7466d1c0cb7514b6b7f8c8a05adfba949ba917c6698f25404ffddc7d09213c72c576984198b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e47a683a92999ac1dd6047c964f76b64

SHA1
d7504321a31f48d601ca6648d59b0f5a82af97b0

SHA256
039a1d9930d1b8cb76ed52c6d3570f63608a1ba4d19e792333bcfaec40305277

SHA512
9e37fb3648bc9e70805ef92d78814a6a9bfb5ce243631dbecf75c864decfe7b917748715b3595c755f0392ec796ff4082ee7721e08322d33b29c96ef648dc55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a05ecd0e049fe171942acc740e1c320

SHA1
cf636cf2e8e90120baca7c70ff3984c34aec731c

SHA256
1af535c52af6a3cdaad7e17085f00ce94b77b7cef145b56e45291420e0e2abdc

SHA512
903dbee778fd54bb9e7731d6179c73e9a19dc5ffde8352ce04982b980f976081a97e7d2552ea5e2053b4a730fb1c34864a2a09a01be21ac658a57722615feaab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eebcdfcca15bf7232f562b507fef88e1

SHA1
911d8fac160c6347bae71e65a3b8cb1923d3ecbe

SHA256
88559a0d3dad118c21140a279035778a222db7281e6cac0e066da840e96f5b92

SHA512
b1ba43b932c6e478055693fd03b32fe5dc2017bd50102385336304624ec0d3c850ee34613c23720fd189ed869c70302864e9216e01f236f29afb64d46a792751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e8580bec7d31853fcabdcdc45edf8da9

SHA1
8bb2334730e7fd3233aeb3baa9821528a2dce31c

SHA256
b95dfe3afa8276f42c470e98bf7990a233591788d7346e7cce6753fd236951c3

SHA512
0124d5c137b2207ba1a09b83c729be9912cf12b879eeb6e583ee74cf58de04c75174ca42da36c53f3f6df220b8feb688d6228577665c54214eb51128c6dba0ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
156950e57d9742d46e2bb15ec96d3565

SHA1
249a6728af11efa205f73ea39cea1f5aa1c238f0

SHA256
8919b2475f19217eece2042031befe864fd8a9fc3cfacc0b53a961cca75f8e35

SHA512
e5c283a1fdb1e41304926ff807337d3dd52a28dd8ad7d9ea1101d753f5527742ce0c5040eda932fa3a64c5897ff83e696871233807fafab9f7240a982a9a2906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2610cbcf63e7b3241d427ec325e3c831

SHA1
543b93512cc79bacc0324ce0de9e16257806deea

SHA256
72ea69c11d4e39b13569100e045f7ad61599b26f7f4a601c17227a444a256be7

SHA512
785b5ad2726f349ffd245c9d81438a75e859b6190382a8f56772a4994b96c7bd1b0da53b987b58499eba93e43ae402fa15f2fe3cc42ddb97cf9e9f3e677d6f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4880c021dc3448fbab039439c78c45ba

SHA1
8e1853b9ff26a0fb73e1b98eb622f0a1a023e143

SHA256
ec044b3e197d04342b771d5fcbdc6ea64d08f2db648189e6fcdf3c3c3a84c301

SHA512
deed543d0fd3da34604a898910ca16b6c720bc228bacc5390d32d3716504fee638faa105383d9fcaa4179920bf08fcf581752986015575915be1f1fd8c01e614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage__tmp_for_rebuild\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
48785748f56a7caf8daee190902e58dc

SHA1
829d73d7a914d7433e3ed71ce1305c7e72bc916b

SHA256
a88ec645777dd0fc6fbcc665543528f4a0306d49903eb8671e5ebf069969d99a

SHA512
ca331fdc8d1345a1b98983ecee16f7fce299d11f50c793f0c4f7184f7b8ff786c32a9dc992a8d73fe89f13251fc7ad85bc898225a3004dbc07768eb5f56a3584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
aaa1d3398c11429309df446cc70a4b24

SHA1
426037d880450cfe67c0db4e8836d8cf67c3af33

SHA256
d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31

SHA512
5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
5cc057eb2ae65cf03167d25758aa630b

SHA1
12183298b97fba4127d8529721a76d0e534deb91

SHA256
177867ffc94497c828729940c1b2e74e5e9b8822c609af7200dbd5957ca614cc

SHA512
9deee44c72b29c25d5bd3d1cfc9671d9689916b0f317c442698dc36214699f85d66831454b2be36d5a174f67e18373b2bf89b78f8302982c34a2478bd82faccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
51b70058d449d65575c55b452867ce1b

SHA1
d337f5fa2f12a07664730ced5bcb7e3c026e0f4d

SHA256
84f08d86e35f8c4c1f2f96ddb014b1b20bc393bb81bbee3600633a5e9c7b88fd

SHA512
8e11a95178857d6491748c30b3242f381f785c56f400bce99bd073b8ab9132842d6fa7970b601a0a2fc61f9a18bd23c359906aa6a1bd07e86afba37590785a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
d671fdbf78be79bbfc7c935672b5fd59

SHA1
5ce402e18391d2d18aa0d978bf7f108fecdd8d53

SHA256
34c3871e247f9c6c7036e378397c70c8cefc039468f6f0d307fa2cf9afbf06cf

SHA512
a4881ec5b8da4cb83b4f61869792070a2be5224e3b17acf932af963ee7659e86fa43c99abb9a7bf529a639baa621d3f5214b61e62fba661e77b509b6b893bd74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
002cd533d42c7066e269e5b9faec0d4f

SHA1
dc13191df5de88a9e466266792f9889ffeea80b7

SHA256
863bd2dfa252958ce898d15df4aef914022c45552b5e2c4e3f47c1c047f9a783

SHA512
af9502fea5198aa9a0b8368313c7cfa8715aa4b955f90b0162f6f1eea001d75ac299f2bdf210f7e63c2b879984d475f77667475b4122d5650564932ecf261d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c20eb599-e7f7-4c1d-8f1d-11435bf4d94c.tmp

Filesize
188KB

MD5
f38ceb4b04bdb2f48c9f0efcc8bebff4

SHA1
a90e34b176d9d6c717344346cd2740d1f39ef694

SHA256
f147ea222489d5bca22ba3105c9135588935518c1b34a2d41bf2009efd498189

SHA512
a856fe091ad40fb82517486af33cc4c7c9b6d78d283516bc8040974dbd73a8ce30f04c02a7b3244fab8bb130f7a6bc67b8e55820aa20e11a7ae8c839851fa5ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
4bb89acfa25cad25240062f67bae02b3

SHA1
59283c710a165c05fd9fee7cc67d47ea23e2c478

SHA256
8af14127ebe7920aca9c2d0c8ae6a06ec09adc10386a27f0f3586c8679627ec6

SHA512
3179f0652eddb79f9224a65224ea4bdfa1b6ddd2e64753d9a3f0bb12c5e3992592752f72f6d67a4499104f23019bed80f578070f01c49106ff3b2af9e1f99fcd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\AddBackup.rm

Filesize
239KB

MD5
d156ea0edee05e24003259804940d1d6

SHA1
b271fc8e4b073d7a5f7cb160872036d23b7037fb

SHA256
efc8c77f2a3c3bc5382902665dea01014d721955aa880135589c7e2383fdacb4

SHA512
ce49bae1e790da5cd27ebda05d65f166fee462cbefa9742bf1be2ab987b2c27b57301310e1bd006cc392f954cc19d30cf8d33ea607b48b2acf0f2775442f0b1a

Download Submit
C:\Users\Admin\Desktop\AddConfirm.mpeg3

Filesize
106KB

MD5
2dbcd61624626f27971f530eb7dfb2d9

SHA1
9190fe93b02e615bcf473062982b80dd389c4186

SHA256
6ce7fdef61e3136074f6409786d80896aedcca7a8dabe5229e5c19a88e7b14da

SHA512
9cb434810ef0819c159e613ef215bd0d1a5a2489eed69cb5b08659fc326dcf6ef7f08f47f8e999097dbef120da554d04794d73bd1fd88770bce1a7c3f1a36514

Download Submit
C:\Users\Admin\Desktop\AddOpen.mp4

Filesize
257KB

MD5
77cd4dc0994b098625b649efaf9b775a

SHA1
230d4e48fa2a4567444c67aa7f89e57b46dba8c7

SHA256
fde65af139aae14f3e8a95fe58d39e1d46c597b23435fb034ebea49b988c5a60

SHA512
1fa0f18acf868de9817f25c0e33505e1a2bb1b1c0c85f764d952b1b151a3ab3d71d66c34606039b2c6234214fb1e58ec1598266c4593e08d9bc229df63b5844c

Download Submit
C:\Users\Admin\Desktop\AssertClose.wma

Filesize
231KB

MD5
6ad8004a99ceaa9933572a9493e21ffc

SHA1
a0cafb48e4e102a7c417aee0cd52abdcd108c321

SHA256
375903a3e73e7224ed1fab24e2dd8bafc2040f59d30a8c64a8459425252cf94a

SHA512
28e03e0d1772bdf7a438ad5e419cc468ec23e89c596dd47850047870d41941ddb43ed32e631dbcb749ac5d89442adb610bc7f2ee2cbf774a6d1d3ceda8c1c10b

Download Submit
C:\Users\Admin\Desktop\CompleteRename.vsx

Filesize
302KB

MD5
3055a733b9aa1c7fb07d620645128360

SHA1
163e407e5eae4bd5890b3fd20691b4f903e00079

SHA256
4bdc6822ca8a391187715864c71cda9e972f9acbeb1257b70a08ab22cbe71886

SHA512
a4469204dae3215819e38f34daa3036b04632f005dea5691cf08ca52d49d005e863e8db083b3502cda7baf9e1bda7ea9df04614a8b66ed5c466e71d70807ccf8

Download Submit
C:\Users\Admin\Desktop\ConvertExit.vssx

Filesize
275KB

MD5
d632e8b17a59237bbc0e4409b3ef7d10

SHA1
ec3e55849a998f51fc64defc57b3f7d1ed16dd75

SHA256
843ad7e75c8e9f1b9afa844893cf9b9c5e70c3b6e570b036dc06a1361780a973

SHA512
7c1c774712c85c3a1fd1f03dd56812d1c1c5e4dbbbab9fd59d5ea1921845661abb57c0f6c31b21f9f9e5b6726824ae9e511d02263eee5595c88a29d6c5adcc48

Download Submit
C:\Users\Admin\Desktop\DisconnectCopy.mp4v

Filesize
151KB

MD5
06655a7c9d62088ed0977c332fd5bac8

SHA1
cef3e104db708e2b01ebd15e39d160ea13f19206

SHA256
c8e5fdf955de4ffbffd3ed1c44cdd7f40188c6d682759a13998be98621958d88

SHA512
5fabb0ccb4c94003746d4a2c8faf1d9d8f9b28648749c5b85e440069f13cf0991cd0276c8365a8f6fdd605a92a37029665ec6da67c53be2f4971ec0c763c4a55

Download Submit
C:\Users\Admin\Desktop\DismountImport.docx

Filesize
13KB

MD5
aa780950f4439e6319d8ec82303ea9ae

SHA1
24df27b840330ef75b75aff775f91f1d6a542d99

SHA256
eb5f8417a7aa5874197e293461e1d390211d4fc07b5f3eba7335dff475983b63

SHA512
009d080aeedb7ab65ac1d3cc203574d7ac71d886fa0cfe692ddb792fa8f4892f0ed6c7f6f2274d51611860c8e3e52cd01a0b2c993fc818fded72c85767b05313

Download Submit
C:\Users\Admin\Desktop\EnterCompare.docx

Filesize
17KB

MD5
56aaaddaeef20929cdefe10a61451a9d

SHA1
b199c5e37621ccd51d21b9d7c8eb6ffc3a6ca20e

SHA256
a4e8e7acf14c7825a39ee92b7d32775cfabc8ee0f230c5f3ed18786eb7360b88

SHA512
14e1f441ed8de85c7d2a9a428963091909ce9161fd2d460339a8e7ef57b7df14af15a4142766ad1c4616d2f0473b2571a83d9ff1287747880852afca6c4e5d4e

Download Submit
C:\Users\Admin\Desktop\GroupConvertFrom.reg

Filesize
417KB

MD5
f185ed658035a17ba28bb9f7dd675fb0

SHA1
9a5c3ef8eaa58e3720638bb44ed58d6d44ec5f0e

SHA256
8b4b4ad3ccc184529713a15b2b7eb31e788e1515095e32dd812bbf5d4439d444

SHA512
e6c9415fc67927b429be9b374a60bf23094c37f38fe19fbe8a52af7f7cd77486239b74497ebd6e3dbb7064ffd5a51703a3c2c0dcee056ecd35879838fe598440

Download Submit
C:\Users\Admin\Desktop\InvokeDisable.css

Filesize
124KB

MD5
e75c215877e5473c29cbd0e3a5f7ceb4

SHA1
0084239c01b82fbbbe2855dbde1e3411b393bef1

SHA256
a9392a4f178c11ea740cc472d133463fb2c6ee5560bd70ee609911e9a5f9393f

SHA512
1ad4586fc5c68fb3596f4e59ff79aeb77904ccfed5ca92b916b7336fbd960e50e457c50a34d3d9fee59eab44e20385a82d9372433dc295991d330052ccbdd4b7

Download Submit
C:\Users\Admin\Desktop\LockGroup.wm

Filesize
142KB

MD5
fe82a649f715cd7dffec2a7fdde2007a

SHA1
1ebe117f7bb51bb721cd3708dbfa3d9b9496b48b

SHA256
31e5ff15168034ace94ee7136fc5154f97a35b534f02ca4e66e49066eae49ec1

SHA512
8d62869ce148021f417c0b8720f0a898c9c3cadf17d15109e111384a495ea0e63c4428465dff8920e04c18ffcfac2d5c9c18d3dad9348b5a39e8d129406501ee

Download Submit
C:\Users\Admin\Desktop\MeasureDisable.docm

Filesize
248KB

MD5
b72a2c76dc8b6db4ff4a104e29e56cbd

SHA1
5401f9ba73b4beb4ece08175cf466f699a3cac11

SHA256
cca742adb07e1b8d52be83488cfe7abdb5a5897a7cd8c4a58a8dc09037584ec2

SHA512
2d0d26715479cf36f897b0d0c7dd00639b6e80309f13bfb5651019fc2ca83163ee70315d05c198396e4eb29adcd68130fbf98e6594c2ac6fecf9aaf1a7a3d518

Download Submit
C:\Users\Admin\Desktop\OptimizeLimit.rle

Filesize
222KB

MD5
2385bb870813bc7a7b381a0ad1a67ce5

SHA1
7c79753cdde6e41e9365b61366933ab49d6e28c6

SHA256
a6439a6d2a2a2c62009c3aa77a4897bd29875d45c87713678529b6ce21bc95ad

SHA512
f3abecc30b3a01def753c49624267c783919b5db8046a2af5da535e71240c41f9cfff875305c6cb276ce7b5e0e36379e10241f0293617cb1ff47d90676830d87

Download Submit
C:\Users\Admin\Desktop\RepairClose.html

Filesize
293KB

MD5
d25467a7594b7966af7ec5ceaadc9f2a

SHA1
2a32172ff29f3eec42f51b654ef295341c131cfa

SHA256
69e1181817f30fca763fbf2303839fcbf63f78a33e17b26eb037a7922823e224

SHA512
3ea91b305363d1187b72d52f11f4cd442c97a483853a9e19ee8ba17a05088b16f6274d84b3e4044b7817a68baa156ccd91f92402b1373089c495e4af1cf96478

Download Submit
C:\Users\Admin\Desktop\ResizeDisable.odp

Filesize
115KB

MD5
d30e3c91db48f43af90e39137fac3b52

SHA1
92aec755cbd0b848457ac7017437687955c52b7a

SHA256
a569cc81205cc1580d20e479d533d82b641da64f34ee296f96b8e49ef36b83a6

SHA512
2cd3faa604996c4711df68d52333182e950899b6f3a5dd3827b780397779c7e19b998c7821fd32e9c1ccdc17c9f2645b303945c7268c6f4d257d24aa8e50d83d

Download Submit
C:\Users\Admin\Desktop\RestartConvertFrom.pub

Filesize
168KB

MD5
ed8bcf8416d9fc90ff9d3226c6036779

SHA1
e1ff66fadf0e99e1c72970e1812fefe46279f8a1

SHA256
ca35bf37b594ab6b1ce125344d5b146a2ad9454f59509a2bdf224cdf0e64c64e

SHA512
b192589600c67760405dd4004687966f5210f6904348196bff427bf98b44343b141bd115766c156ba46b1c47d92963219db6a1f51578600a2fcc05ed11b837d1

Download Submit
C:\Users\Admin\Desktop\SearchClear.asx

Filesize
195KB

MD5
f2467f8adedcd8378eaeb45c3b7d44c0

SHA1
7403f69ff0729d83d1bb0478c6d1ef20fe0064d4

SHA256
778a3de62e23bd8e3080ee65e1ba291a5516eee24387500b4f4652e3c067babc

SHA512
95bea996b18956345f5a70bdbdcf81ece50ce49aa9536f7e0f9518a6e4bc04a3c6a64ad3560863a5c22dcdf51893cbe61f86f7a031ac46c81daaa49cdc67ce67

Download Submit
C:\Users\Admin\Desktop\SwitchSave.png

Filesize
177KB

MD5
3adf228afad686d0ce04ad41e1a582a2

SHA1
32dfbdd08c544619aa99dcc4cbcffd433487e33b

SHA256
155af70787ea4bf933027e6d1c303cae9382d76eedcd45f1fc647d497b747c5e

SHA512
2c837eb0b3585ad25a6bd3897c1f6bacdc9fb04b0de83f738bccb116cd06e590455c9516c2d9ebe90bc705cf481dfcfda0dc1025d5e5799481a1a7b31dc0f842

Download Submit
C:\Users\Admin\Desktop\TraceSearch.xlsx

Filesize
159KB

MD5
77e03fd06cfed97937c0e498f069d727

SHA1
723f3134995dead76688865f175e5ca29429dd70

SHA256
a46e1bdbe5c2e793bbe0d6aaab584ddbbe7eed55990f3be01467e7fcc37166b1

SHA512
2328c7a2da11a7320a9c2390cb0559e6adb53c0bff18a81a1cc16f356f644e8d62aaae76836fb138856a1dd8ec2187d5f505a9b325bf8f926d8c4eccd5e06e64

Download Submit
C:\Users\Admin\Desktop\UnblockConvertTo.rle

Filesize
133KB

MD5
2e28a9d99a97db19f481a7c09cd67e69

SHA1
3c8f1824fd42a1bbf3f87aad8f7303c1ffe137dc

SHA256
c6af89e194f8b37650c1fd9801073f32750af4e4cd3fd5dc9d195a05c5fa79a3

SHA512
3a482df601dd321b046ec1cc615b15d6bf098b0c9ade121fc0da057d72eb370818cabc890a34486405b25f083f7517c33a2fae66d35160cf76dc716b9b4d68f8

Download Submit
C:\Users\Admin\Desktop\UnblockOpen.rar

Filesize
186KB

MD5
ab3d2e32b68a59d921a3651156b0c7ac

SHA1
b00c9debb58d12b6808bb8bc4be2274c55b1f7a5

SHA256
b1a63b9358875d04ad680ff9c4782d468e32627fd51f225418e3a53d0596d144

SHA512
a1ca889a6472af758e33d15c7214b3cf7e17aa0c6c136583e7437558de973e04fa8981521b26d909de8f3cee1f8a11b609bdef2f250cc41457ed5a563a6511e6

Download Submit
C:\Users\Admin\Desktop\UnlockCheckpoint.docx

Filesize
18KB

MD5
bff4ec4d9ab4973abb3af50f601e1300

SHA1
93f3d11038abdbaee777a2d05b9a211a5145503a

SHA256
89465e444f385b47b02eafc1fc8f2e07708cdb01d46b14b067e616d04515a253

SHA512
6f42678cde3af4c8307d3e9d0d1f616cdc84e989880e5754014efb11e09ad2f4c2fab0d4032bd20358034b0a78edc2197cdc64422c1b32802d9fbeaf1bd5624c

Download Submit
C:\Users\Admin\Desktop\UnlockUnregister.wvx

Filesize
266KB

MD5
fabb6f9a34c7aabc48655f38ff29b999

SHA1
e6a031ca461956b61e7d88b6ba3a5061712154c1

SHA256
f098e5f37f802884e0aa53e7afe598ff54cf2a7c0459f51231d0a0d07c43fd9f

SHA512
688a9fc86389d141195f30dec9412c6413e7da2d4e1b6eef6c4710a62dddacc80bf818a057f8bb9ffd30c89cebfe7a7a23e1bb2f934c61e2b5276c6c2954f45a

Download Submit
C:\Users\Admin\Desktop\UnprotectHide.kix

Filesize
284KB

MD5
d0210b388806a286993db89dd95459de

SHA1
deca4b2810ed8689815dce6d724734479f3d5897

SHA256
240108c668830bed9c1cbda4f934145eefa1b802ce43bfbf36930ba2e12f6ead

SHA512
43e509c516d8e532db60cebe745ff6fa6a2484b4b1b5eae5e9a8710673d7ed8918a6da86daa098f32c3f559f212d166ffa0c1eadbddc58e13524daf872a0f955

Download Submit
C:\Users\Admin\Desktop\WaitResize.xlsm

Filesize
204KB

MD5
2ee3a985a90aec7b449bbe5119297179

SHA1
648eb16fa39e26b44e61d5874ebabd028ab8d43e

SHA256
8e1fc4cc471798aefb8c9158eae20f8bb6acbcc286a5b987efd662f725f5eab2

SHA512
21e7df0c110d43c4c0fb635782605eee37df02808e26ae8dd8882f3929acbb3409710a3b306c334ae49264127fa85ae3e9853e35094432a698c975334a228e73

Download Submit
C:\Users\Admin\Desktop\WriteGrant.mov

Filesize
213KB

MD5
0aebf8c570cf1172828c2207e81ad229

SHA1
8bf4544dda1a19018015d6aee7a96c7ba0acee43

SHA256
37d188ff2a00b6c3f77977305354e9fa6450e5b5a4c13ed7aef02e43ee6e459e

SHA512
59101c262dd74dad3621008cbf81294a42bba07619518270f7034278c27b8c9e1e29aa9f4f460edaaf5d8d9bf41ed09569b98dc797eaf76c245fa08a29362b1f

Download Submit
C:\Users\Admin\Downloads\MV5BMWJkMDlkODItYmNhOC00ZjczLTljNDMtYzc0YzA2NTIxYzlmXkEyXkFqcGdeQXVyNzY4ODI2Mzk@._V1_FMjpg_UX1000_.jpg:Zone.Identifier

Filesize
326B

MD5
14a6ffce44aedefa897b5b6842e4ecde

SHA1
0dcadf4daaa20c203703b8d6ec3086d92de2947e

SHA256
06411ed71cf3d92768fd877cdcb89f7b93fe7703695ba955152c03e75316a25b

SHA512
c5f48d0b3f2d87b6205c1b7a06f87a8b1053aa9796e571f519e15ca06c978c72dcf458a193e6d78268010c45859a0e6d7f6dc0d59770510da762ca61331a069b

Download Submit