c6392bea9c75d83d876ff39febeae79cac1750a23e307accc274f1d92419f655

Analysis

max time kernel
599s
max time network
576s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11111.txt
Size

39B
MD5

d9c00e0b63309eef99355c943f7d58f3
SHA1

fe5f685b95ea6190dd1b3e109f53ed844f79d7e1
SHA256

c6392bea9c75d83d876ff39febeae79cac1750a23e307accc274f1d92419f655
SHA512

ea79835f0cada5043491d986cd2146e7c0890476b9c683d26e0a628887383b63aee4374bf8eb8fa4727fe377a0bf666bd7767a270cef966ec5b52f63c42616a2

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685455443460773"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5060	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 2076	4604	chrome.exe	91
PID 4604 wrote to memory of 2076	4604	chrome.exe	91
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2052	4604	chrome.exe	92
PID 4604 wrote to memory of 2544	4604	chrome.exe	93
PID 4604 wrote to memory of 2544	4604	chrome.exe	93
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94
PID 4604 wrote to memory of 4104	4604	chrome.exe	94

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\11111.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff92fb1cc40,0x7ff92fb1cc4c,0x7ff92fb1cc58
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2000,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1968 /prefetch:3
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3424,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4416,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3352,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5168,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4052,i,2016603540264265313,12375887464095996207,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3724

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c01a47f5ae515669c0708a90aec1c73f

SHA1
4007bca2799be30a1f539252486d9b91601e172d

SHA256
fb5cd608f5c471125a852a39d3e2291413ab7f0a3f216885fe42d15dc08a88a5

SHA512
6291a38604851fc8f37ad8655cdf6ed02bde683ecac8aa6b19d0385bcd44ba7b994642f6d9d09d9a413a2bcf5170752913b0f3f6d79cf4f85e9ab075dd3ef029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
efd597078d5d83aa93067fe87237451b

SHA1
1776d60552474e48b5a79c70e5edd78fc28c1332

SHA256
a6efc62833f29d78596c43dee89ea652ca504baba5a2a05024100b53c74560fb

SHA512
e896974173bfbf5e8017e5e7f5660debcf3fe6d5bc5b2c3a8832e4fca869ae5b305755635382cce6cb5f4390961d17b1252eae7c353a83038273f3d8797d77fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0d2887c1-11dc-4431-89d5-203a61513eae.tmp

Filesize
689B

MD5
c2d3425daa9630181c66212f859f9dc6

SHA1
ab61d939584fa3e1e2e3cc03bcfbee1703f62af7

SHA256
8daf9fcba6102ccb982190a9a83dd5fbed95100f88e0b2f4b4c4a000d1caefaa

SHA512
382a4e5e4605847c4db6a09e51b20a01c39f8314cb5249ce6b2dac0fad3cf33f52c4ee82356b7039620597c1e19142d63c90fac8f8b6417e3db6b764986791e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7931b0e30bdd4a7895743bc9467fa1d0

SHA1
74429e107d134548daed3bea5633ee3d0aabeb3c

SHA256
66e9dab8854d8cfbb232939e2e49446f1ff847fa99e9e7587f39099041908594

SHA512
fc5fb25fcf07701b961fed9a97e4a1d3359763613cb964a69d830cdd2b010e7314fb3dfd91283a1a544ef8d9b7454cd00bdc6c4e3144d2fe684c6bf9479a0021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
69252ab5de3aa446c519016cfcd93b53

SHA1
b82a231e08f9afa1873e624cc1f69998e0c1bfdb

SHA256
3fd7c83f68dfc5ac2ee10946c708166dffc0f1faa01af8bfc441e2834c6df390

SHA512
626b4b673ba9e12ca7b2b4b1a10a0ffffddf90789ab3443fb67656ae23c7d297755c6f1a33c9b885e300be3ed8515a46956090db49a058c06364ec3bd09fe4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f20d60c1a63dc491ea21c46ac68d7a23

SHA1
d4c237bc8c62155b18b1d6fa3564d9bcb7ff0f02

SHA256
f2780cca67c422e0bd34af04297090e846478797888f7b5db5ea7f02701f4c77

SHA512
adb9b6afdd7b4cb879ab850e7191c77235e632ae04f61390f1479768226ab57772d1d004086689263ca5649c8c4619a47cb22e35d0b7a2ee860ff0d7e593dc74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3181f5753df6ef799199a090d7e697e3

SHA1
5ab19c0b270f7e37e2434cc0d0fb549734692802

SHA256
8376b9d7937fa7b30e012279827898504bf526c365e040c940ec23faf34bb1bf

SHA512
fa7773335462884741678db41312f85f8fd9673b0d94b09a8283ddc44a1c40496e06119f3e493ec30ba87d8f7f01f715bd2e99a43940a04a8f83e2c4e57096b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
96e8d0ddb23b8e963468bb1355f2ba13

SHA1
2ffcc593263cb73904276163086e1db8c5f90e41

SHA256
d8d5646fef36344a79355397ee86f528c4b32014a0e5919154a0c7723d2f142a

SHA512
14f73fd81046d7184d551e1901330bc810a64d4ba6d40de33bed14effddc82926185e54e68005b66155ae67323189bbf4f47f3c3fa8af62789f6f560a2dfa21b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
230324f1e5e8d9358165dea26f53ea2e

SHA1
aa3cf14811fabe1083708adfd51d0be1cb947b88

SHA256
df1600a08431206a5876963e3df771bb96d26abf8aabb610319b1c3e66966968

SHA512
a37422221e5b8704a888796cad917a3a2e374f9beeaa147196e586dc6f042ee7cc27f752580b9139b5bf4ee665bf638e1cc89a4ab5d69efb3c95625000afacb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
68e0a6970a9b2fb1673eb232c112a21c

SHA1
51b6fcf14f032ba45a20274a3786201932ca45b5

SHA256
a62275d21483b8708b29924e80cd9f323aa78b3d73a794cea236330a63913a40

SHA512
ff0f0b183c5ca43c31f3865af510f6fa18f687ac939ec5a08286e6610d6adb87757f77ee96dc38b7909a7dd29857a1aa2c9fcc2b5a9c0acd8bb698bdc085df43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
8be7e2cc22385e8e5b7406b062be2f7e

SHA1
7cb312a04c135f8231c49f237a9edc9f31da87d3

SHA256
ffaf5f8380dbcf6d4c1ef6062d2f241404aa00167dd72a405382c2b70751a747

SHA512
da94b87838d13bb29172203bf03ff85c19b28260de4f50aa6c344224d2764d5c6c380e74ef12d5819c8e34e17042f5ea4c1197b1d30d699f66ef36051703bb86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
bd002f1d25c6ec973c976b5425905f94

SHA1
ce301bdd5b7300672224d2c82dbbab36d82096fe

SHA256
916247074389d12ba4a313cff86efd8829895ade9dc3a79e430dba3c22197bdd

SHA512
63c7b1df2e44a464f668ad79607d2ca828af0271995561c3cfb2675c37b9b2896b70eb56f1c12ffd228937bd37a4e378089abfeb4a6e121802bccabf7cc994be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
879ab08132e436d0878a1e79a3c2197f

SHA1
4519750dadb434c1b3c98f4f17375a27ea99271a

SHA256
781fbaa5a8cf46a6bd08bfd11b2eb38ba88cf3a31ca1f6affc8f66e0d8880694

SHA512
92e65e55f4b8bef3e946d072f3fd9f297f7aa5f44b0b14bdfa12cd0dadbfb8d614990b2f7b1a5cb21caf3cdd7cebf6f31bebecf18b9d50fe1c01c1068087504a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
2aeb89d886abccd427ce1cbaec6e1940

SHA1
e2bf1a439e875be3be74f02c16bf82251c25b1cb

SHA256
bbb079e30a7dbcf4052f6538e0c8854133b6814f8180037d90de42677c1f845d

SHA512
a6d7cca1f8fd02b9856385e17853c7a4af763b84c57f90c6745383f7c348300187453dfb1b1db9078642fa2e2200829ae55fe147d3fa3273bdb35ed892357f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
d4bed6bc08fecb46e76c18b72bee7da9

SHA1
b0d6d7f042fc651c1310dd346fe94bb623501dc2

SHA256
0346264942bc75949073db354b2d743c7343421e2428bb0d1b317987c6a274f8

SHA512
2c887d4b265262a835cae85440fc8b01ccff57a7ae61820fd8c39c9a63989bf8613ca7f29ec10359637cba3c9206878e4ca4812f6f031c3aa7aaffe4c36ac5ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
5011fc51ec311920883708afb2c23242

SHA1
f49df23f5de6954ac849652a82313f3075f7a711

SHA256
3957249b36f78e1c3d85401a9115b82770c20bcbdc56d957f88f3dc1135261a1

SHA512
3b559ebd728295460c5c819a1f5f20fa266e70ad518ad9a2940a488278912f6421a4b5482a3e30ef8e9aaba7713d8f0ae349d914b2a80abc84bf2e364acef047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
1c4282e9344223ecc3fd15140ae51b30

SHA1
f36c54246dfcdc5bc7c7ce4ec5026262b5b0acee

SHA256
46363c7b4af01d5b17aabe037c3ff90c0d214f2ec11b3e8f8469dc3c4766da66

SHA512
761f7112ee9824dec3dd16f53cafde15d1017df9e7b309da63bc466ce3d7792c0d5e63a53d9397e0b3ae62162be3186b1288897ea8f76d39ea222fad48187900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13148563bb2753ebacf593250af542c8

SHA1
380097602473c1818a669b9eec9ea3d5d7c378f2

SHA256
96e460a6a719569b570436aecbb32d2a6fea11c5ecdb899f1ed42801665bb11e

SHA512
c5a5f22dd85f540176e668184c3fae44b88cbda24def03f8f194422a5ad1a03c157e967ce3059bc22edefef239704221895bb2f94a6eadce1c362cceb6c8554d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
352ff3e5572ba555fcd1ed04a3d18f1d

SHA1
a040df68b8035e08ba18a8db11841144651c1a50

SHA256
104ea82ede6ae9c48e4bcb89be530486da7c95ffbf2ec055f0fdc4cbd6cb2771

SHA512
fd47ef919ee784571344bf43981a45b3fc23ff4763b6674f16c31edc22b7078940f1b40c280aee256b773f59c894b4da04004cf485c3f989bd566d84410f3324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c6c06964aaaa769e21041814afd83f4

SHA1
ef19732939f4650496c77f58c7e6c92cc54102c5

SHA256
735bc94a6fb1ade84fb5446b782e438f534cc9d5f600d9e680a39228f2cd3b24

SHA512
aad7c2624ddc41664a8edb14b0069cd79e4325cc94b8d6b2e332ddf7294aedba4e65057cae0d5a119edf7484c8040a6e863ceac6c354afa6b02baf82e6d0d75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1a3a5ea3f414d20225b2df8db9a7718

SHA1
d16b8a107fd4c346b873ef8c0eeee96e86e98162

SHA256
0235b76ad3b9169eca1fe31f537a1a3ecee525478a085ddd821c24c821d3e568

SHA512
18ce8111d4666edbd7fd0c47c95943b1e296976b31d3df2901bbb1e7a5981ce3f378873ededf7b8e09c9182c6e65662b21d43bd6bdece6c27d64f29670579b58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6cac0857695792c249f1832ea345ea14

SHA1
949b468d8329e9fb2aeb55bff9e1624a6aec9ab3

SHA256
9a2438cb7e6b7b2db053607127a41b417ec5ef734bc8943ea209f44b95f0d3d9

SHA512
b6cada9e297d67302c8ca0dacb1a89e7a7ed045720898fbc89944128ca10fa8a910163afdfe72c0e2fdbfb5aa4a7cd73c8bd775f8732f3cfcc4bebfda3a55305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f12fd4b62b4e15cfc7e38ea19254cb77

SHA1
723c1b6109d8d70dcccf173475afe1ffdb04d12b

SHA256
05b7dda2faa012d361e131144d6960da4a47227e939ef20522b4b5c51b3e5827

SHA512
9d63da2d437a60a7964be25f234d92a17b8d07160028c9de49a466483829159e6762bf133f152b4e5f90a2529766ce14c11cf9ee8c1e33d54ed85f3e1c7ceb26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e1f908493f2b2336334bc699c88807d

SHA1
67ad2d22c96d7f34401bb217f186faa6d3e21272

SHA256
64c5e6d707cef4f634fe244f34d9aa0b2a76854eafdbf74ec8c0db8f7f956cc2

SHA512
430ddeedef04f1ebe2d3d58da32fdbedc501984d3030021601eedd2b3aad0cd8d8f3c7ac44c631e0f6f3aab79804a50093d6d0db45599589b0af4d98f083075e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75a64ed46256c9eae91783c07068569d

SHA1
9ebece789dd694658be735d1f461601626886487

SHA256
196d76606c16c2391154d5f956693066fec949bb5187e0a0763ed97c9861f8af

SHA512
c71b4af6311143dde56bddd47d53eca8964208883ddf184b8611625b18c3a5d41475e48da67915b55ac613bbe48f7753699ceae223d6b3c098e4cd7e62be151d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
feae8c474c1d95c2a1321ffefecf3d93

SHA1
72776c477a08c5651f8bc7164211605a481e35b7

SHA256
c3dee20d06f9019f870ad6153c82931a3baf6f99fc4be8ed0c01d3316039a843

SHA512
b379dbbc352f2746187aa41bfa3ed6c1262aed773fb025ff91cbca976d29a522b4ca94b32ca4884f06f3660e6e03ed7ac797a4df6c256e807e87c70adf0c5b2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29e5a5e303915dd92e636af79f514c51

SHA1
dc1eaf6aa24ef5eac4acc69bd7ebe7568c8c1dd6

SHA256
38964814b43f3a68211e050d5bfa697ca2018e95db531ca4564aaff1786e7f55

SHA512
0a1acb0121be06c95eab1e98c7b598c87aa0af2bbeacc4ad7659028c86dd43224fa1db8b34c881fc67313fd051fa9e311322138e1434ff1f20ee0055e7e152ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1942d35dd3d1c9622b225ea2116fdef5

SHA1
8c00fa038161caf7ca82f2b2a2b7e310322771ef

SHA256
9dfad21cb4109985e427456650a0c4abd118fed5a9213cfd0e1c1b82ce72d8c3

SHA512
f90a91a172f2b1a2fd9c39506062e82e6d4dd16cb395992cf1d833efda7b8b79f89830c9e3373b5ca3dccb80bd74b1b6b184964fa71103dfe97c0a2b0506078f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f74bfb679e1b5c9b6d2e3a6d2c8858d7

SHA1
0ff1eae559406782e72fdca022d0157420757c2d

SHA256
edf6683cd2646bdab4ad7f2d85fe0ec983b3ce59a70efe01a9ff288d0afecb0b

SHA512
2c2d43666397736212b2e602dda2a3d483c4ea5d9c23e7113d5f17f406197620df70fc91ac1381f642c23521e1a3fc8821a406dc337af0301d3f56897f37804d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e1f0762f55b2e4a488b8fb4852200c1

SHA1
56e9dfddb5d93361671589d43dda32e5458542b0

SHA256
8be2117922e0b29619d491c5b21e4b4a0321f7569aa3990d73040dad5a7ea422

SHA512
f68c73b107f528083635f5227f9504af856fda3bdd99180755fe57d400240f30eb0b730d328f05b73c5dcd1681343b84294186e4b3b9e7529221a1f526e860da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f4ad556505bbccb7a9f39df9ed8774c

SHA1
31d96c2db322fcb530edacb1d00635aef0a60c9b

SHA256
66bee0920722e1a9a259f1561902eef31b1e67cea3d06b88c7b5f7b0ffd49ad1

SHA512
afd4264f7973aec6ef4e6985199a5f34c73f06d6de654b332601f3d52650f7d07a07b6e266d51bd636d5e5f3b81dfe0c87578304cfe1d035194f063b2ca7518f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3f45864dbaa1aaf8f4dec6184cc2cdbd

SHA1
74aadb0d14053235ec6f6e4c6fc55a4fcd55163b

SHA256
63036b015dec75313878fabf260d09fb4ba0694224e751d717b9b28cac4ce09c

SHA512
a2a74d196aa1c87379978c1575449bd4ebe646659067f2d6fc81864529bf783f5a5f5e9fee7a21f8bffa2592b659d8da6cbe69b5d6136bba55c3a44217fe1eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ea414a3a-53d3-4f6c-bf86-e649745e325e.tmp

Filesize
9KB

MD5
6e4f39b8610055d0a725a4fc5632526b

SHA1
b1c6787a4cfc6232623dcd25b6e69a29b8b1d174

SHA256
7da6df3014fe6a7d5506a6aa50af758a98fe6de2ca1d7c7d51bd31c9d3f548c3

SHA512
a29990d14b9059396cf6a253ae13d39b89d6b1a262a65543a8ca10d67861e612c9c22755e61babaa5e54584637e63b546e833f16f86d7302abf225df6c48e0b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
ce4b179da7ad6f5c8806f2627efbab33

SHA1
3f0f42ed1cd0a9a3273ad6bf79a9f05954a1bf9c

SHA256
fee392d9e210f120a0b293241eb49b8bc24f76f610179b0575af4c85edd2d167

SHA512
ac7c888ea7ec4b28fd2c220457c3c6ab02b4644575b3376377a1e6ee0f7daa356a6f058b4cd252bcce91db68e90baac85a9ee25a6c374250406a9536f1c70879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
54e29ce198b3b2f490d050fc542738c7

SHA1
5fa80863d617b76230e39ac668ba890ad0ee07f0

SHA256
2d916399f9fa512e26b28dd580c8df6068fff894f78d203a0f0692f10263390a

SHA512
2315d4d3209ec4e74b422765f8e7b64d104cf20ba7434adb6c1d45316b3b9a44e7b3849d25f82a389d2628119b82afffb9649741ee92f51566d96b9e1ac6f9fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
10d6f82fc8bdb8070e252a3343fc3c74

SHA1
334be81c08b800eba160a0e00a9d630288e87193

SHA256
11d9627e8192f599fe22144f940f404b605959c38dad9daf771aaf8cb5a5a5a3

SHA512
2449bcc9eb7175a82412a15bc3fa012325593c51596b1407e4d45e92f20b7ff56fa9b79d86da6b880ab25e96ab59a93c71e9798c80d4c02a1b4279ae1fc41db5

Download Submit