0469fbb9d58e78bf07eb13655deaf954dc4dd053e7949796ab4f84bef20f79cf

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09/09/2024, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Text Document.bat
Size

833B
MD5

7a83a55bdb8876d017a2ab0d04133153
SHA1

fbe673b41b295df1936c02995a92f6f082ac910b
SHA256

0469fbb9d58e78bf07eb13655deaf954dc4dd053e7949796ab4f84bef20f79cf
SHA512

48aa66ff9658726b982e2329ff086c601c209a5b9e8cbfc1cd7f8822ee7b0fe91a546f49890d1622fbf510fa77fb6d20f03eec5c78893b86dd9874e2425e581d

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
1748	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4336	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703765031607345"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4336	taskkill.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 3832	4500	cmd.exe	81
PID 4500 wrote to memory of 3832	4500	cmd.exe	81
PID 4500 wrote to memory of 1748	4500	cmd.exe	82
PID 4500 wrote to memory of 1748	4500	cmd.exe	82
PID 4500 wrote to memory of 4336	4500	cmd.exe	84
PID 4500 wrote to memory of 4336	4500	cmd.exe	84
PID 4500 wrote to memory of 4952	4500	cmd.exe	86
PID 4500 wrote to memory of 4952	4500	cmd.exe	86
PID 4952 wrote to memory of 2076	4952	chrome.exe	89
PID 4952 wrote to memory of 2076	4952	chrome.exe	89
PID 4500 wrote to memory of 3560	4500	cmd.exe	90
PID 4500 wrote to memory of 3560	4500	cmd.exe	90
PID 3560 wrote to memory of 4976	3560	chrome.exe	91
PID 3560 wrote to memory of 4976	3560	chrome.exe	91
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 3684	4952	chrome.exe	92
PID 4952 wrote to memory of 720	4952	chrome.exe	93
PID 4952 wrote to memory of 720	4952	chrome.exe	93
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94
PID 4952 wrote to memory of 248	4952	chrome.exe	94

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\New Text Document.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Windows\system32\notepad.exe
  notepad gift_message.txt
  2⤵
  PID:3832
- C:\Windows\system32\timeout.exe
  timeout /t 9 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1748
- C:\Windows\system32\taskkill.exe
  taskkill /im notepad.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fscj.onelogin.com/login2/?return=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJicmFuZF9pZCI6Im1hc3RlciIsImZmX211bHRpcGxlX2JyYW5kcyI6dHJ1ZSwidXJpIjoiaHR0cHM6Ly9mc2NqLm9uZWxvZ2luLmNvbS90cnVzdC9zYW1sMi9odHRwLXBvc3Qvc3NvLzEwODQ2MjE_c2FtbF9yZXF1ZXN0X3BhcmFtc190b2tlbj1mOTdmYjY4MDQyLjYxMjkzNzExNzc2ZGJiNTg3OGMwNjYyNTA4NDg0ZTBjMDFlYjc2MGUuaHFSeXZLSG9EVnpHd0wyZEdtMmx6amwtOHVjSXhDaEVtZFoxdkk0Y0ltOCUzRCIsImlzcyI6Ik1PTk9SQUlMIiwiYXVkIjoiQUNDRVNTIiwiZXhwIjoxNzI1OTAyMjg5LCJwYXJhbXMiOnt9LCJtZXRob2QiOiJnZXQifQ.ZuFKOzT2r4JzPW87GcY-uw-4TGT0CqRIyaPf2hscpzM#app="
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdda42cc40,0x7ffdda42cc4c,0x7ffdda42cc58
    3⤵
    PID:2076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1756 /prefetch:2
    3⤵
    PID:3684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2108 /prefetch:3
    3⤵
    PID:720
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1676 /prefetch:8
    3⤵
    PID:248
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
    3⤵
    PID:724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
    3⤵
    PID:1924
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3788,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3808 /prefetch:1
    3⤵
    PID:4896
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:8
    3⤵
    PID:4676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:8
    3⤵
    PID:996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4784,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4748 /prefetch:1
    3⤵
    PID:4992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3792,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:1
    3⤵
    PID:868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5236,i,123111290640660845,9468293754855050265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mycourses.pearson.com/course-home#/tab/active"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdda42cc40,0x7ffdda42cc4c,0x7ffdda42cc58
    3⤵
    PID:4976

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
355a34426afd246dae98ee75b90b79c2

SHA1
3011156636ac09b2665b8521d662f391c906e912

SHA256
f073bb41e3fb1650fdaa5ab3a2fe7f3db91f53b9457d65d58eb29bcc853d58e0

SHA512
e848fd8ff071e49f584c9cf27c4c6b3bddc522e18ce636fce5802fcc1da8c36c90d331ae5097b60e795f0f967141b2c4293d39632e10334cba3fdc0f9cd1bc34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5c4c7a29d5dac25a943fa7f64269fc3b

SHA1
aa873e470cd1d6f7f5cb21407045490da2fa8dfd

SHA256
2dec5b8ceacfde54d7d1f2d01274e152689c0cb6ef79e798581c63a7dc5c090d

SHA512
9e4b42928525c0ede256e90e96b12d313fd0ef5d3a8fc2202267d6f4ec6c06c9cea81709f4a0bdb6934d8e3961f3d6ab2878b5caf9acc7597b2842442ef25a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
78e9d7a415e91244b5ffdaaf6b9a8228

SHA1
7f7935a7f62dacbc696c11186d755057f203cfb5

SHA256
114278ed2a63a83487b2aaf4ee9cb7a8b09533974dbbe81d0953a54f269284d2

SHA512
7f3230ec18622902745e1c2dde9a2f28764b7a5bdcb126b85809fa24c3034d4877c94125eb3cfbb8bd2310b6d18a50f57906a6aea057cef59282b68dd45c59bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
f2158966707c8b5d7bec9588a75f797f

SHA1
5d6d8987f5c80fbe1649327e492aad3394b02588

SHA256
f76bb937f9a593822f991e4f462b9749e24a06caccbe96d172b0e958c71bddb7

SHA512
4957633313b116a5766eb2f4d446c3bb3ed17d5b8b5111554d683e6572388abf7680cd6e3f53fc0cb46deec88f8883253faeddc94403aa6516610f417eaf975c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
95e41b39f33988ad170bff1059fb9d10

SHA1
1e7ab1bf0a13df181a450da685a9c9cbb434c0bc

SHA256
4f5a1cd257e50f32e6f1a0e215340c142af563e812eda52229c345112adef2ff

SHA512
31170d11b3daa3cdf52c462f5e4b9e5c4e350019128601e6b5b2dbe42852996d4999740cbce26f1e8e79f7e8cfb9e7948e001358f653197d2a81a346ac72e79f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cc286ceb09df137465d0e2cf5b76d2a4

SHA1
ac4fd594ede63d20a1406e82cf17281a6c18353d

SHA256
5bdc7ef592de95ef4b7b754ae91b2fbb59db1539ed102cbab148814d9af7fc36

SHA512
4b1c5444b68ec92fa2e1d55328513d7d6fc2fcd24b766553ab372247fde70eb88e8604bde06391749e446f3a08ccd9c747a62550e759a33699116396d7b4f1f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bae30b878100c0f82092d5edd989b39f

SHA1
a4fcd00009ceb4796623203dca2c134dd33d215a

SHA256
84ca496fe4ed0f9252d671389a99faf51895b1b83e95a760d62d0f9c3f4a3735

SHA512
6f83d524d2a5e51c9000611c8e78cdf6c105005a62a356c194c61103d188df88eee5225a7ceecc276328a0b16e6948ff7b04b6829295a745e5c0ef01c15b9be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cef8dd2077aa329c941eef1004facf6b

SHA1
69fc28470e176ca5d2461ddd1431dc239501764f

SHA256
45142f732989e8a9cf68fdba0bb921e75595b898f65a07a445e1081ec578b449

SHA512
e80acacd508ed6e3ec11d7fc7871f9a3d4c1b37ab11ca583e11238a11227e84cd361f12ed041dacb8618237d1c58a754b8f7c9af10c8850b6f8df0a16ad46c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
755c27db040719df46ecfe7809aa52f1

SHA1
32378393810567a2eb172b3eb1ae8e31b92e2c9f

SHA256
d3340c10a7e9e9ea47caec1e7342e9c17cf61560ace542e52d43d823ca9381c2

SHA512
f10f1b1ba44a2d0251567398586bd0adc9bec308c144b9431fe15d85bb63778a7f3938f2457e84a9533585a6adfb8aab9349fcf6c2f63b6d4b80ca06ea9cd7bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98f078987d053d1397501bedd87080d4

SHA1
08d334aabd26c8aa57cbd44cd15d01816679206b

SHA256
6b5a328aa9adac3f6dfc4bd692863b8a40ccc6525678f4ee9d70356bec60037b

SHA512
cdeda6a86028b41ced4f148f782d0e3a719564ba493b66fc4b9b6764ea9c6f7b58ef0a343c0ac8fc6698a906e3c55ceefa18c39bc8bbad2995131120b789bcfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd603ae774305b2336ad94a471c0e173

SHA1
a75fededd542a64b15e2c8ae942d3fbe51dbd4ce

SHA256
6c4d60e052afe2a8cf311f15929452f2dc1f522242a4cdd9f31c3c1d8d7da0a0

SHA512
0473297b1ab7c131d9c64e23c05300170139082b779d8690326c1b22856d1f8b8a5cc680ca36478b24dd9e99f0aa84d4c5e9a4d4d90c4c06890cc9e9d0773036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b166dc5d8cc5e31ee14e4afbc155d182

SHA1
b6dc06b049b5206f71497a31b45524d7a1b6e5c2

SHA256
2a377434c882774e5b6c86f1e054bcfadcb9ac19a6b3a2cfb9832b7237f3e4c8

SHA512
3f5b0aa70551b90152d15330d6e08989869d4028ef68ec1b2ce956fae6f5f95769538b1de791e0c0c171b3708e094b2bfd12cbeff8736f0bba5b1614e604a886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
104ef5043db3be28c6f495310583360a

SHA1
3cdb2261437807a6f2538726bb014e9b1a043161

SHA256
27bb95e229b791fc253e46322e80c5eb22986478c098a8507c246475a3565906

SHA512
2e765194c3b10639599f8e80b710b613d3ab0fdcf4d7ec7cc0cb5ab5e3982e7e77483a550f7f11640b924343c87783b834f70b0bd0c43e0c640b3fc2e84fd810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8908fbc82b7dcb072ad45ab6488b64e5

SHA1
2eecc93f7f2e6db132d011179562dc4e2b6ee4d3

SHA256
7e025fef61176323afeeef8ec5a0cdee28fdc15f34a5a4141a93b20aa072794a

SHA512
81f253a2050a54b3a01b2c7db1b1dec374e34acffee5fe78fee4248c7df4e0d24339b2186dc9524582c26fa96beebcee907cc630ef12711a4ce1d61898588bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
308b17d2fff0a45c12fb09a9dd522b16

SHA1
41137a6d9ce8baa901ae7f4af790612278b2683b

SHA256
c10c16cea908dff7735f6714c01350cbe1607ac051bfcc4e53725de94048ffc9

SHA512
2bfebdf24b47360f09b7b8cf88887664da3dde796bb9d9cfe97c3cd1fbe36a1783407169ad611732286b70bd37084d27b3177d4e67145d7c813606d33a93354c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6eea2c3af92cd84d7d62a3e0943a9f4

SHA1
a55cd98f2c2b4b92fe9884385677fc8627b5656a

SHA256
302bc9f1a559e4988cb0f46dfe4339f0ba91450f94418bf5785501f15e07f937

SHA512
f1132c5724afa1f93bb92053aaa6a3f31d6982e75f73e9ab297203b5fb1bb4f0c46d75fce42b3cd301463d6acd134fa3866e2de355c790a34f20f6fe35fa7153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7eb8118c9df30be44ed7012d828a8b82

SHA1
96db0158695a674a0d89f0111b6e3ae3eee9373b

SHA256
e7e8085980e7f9ae8eaf8cf32f68373d4121d52cb4b2d6dd779b3390924d6473

SHA512
7c98829bd14cb46f39eadde6a9a9555e942d341b3b6e52f2f360c783f14ad24cf8d870598f883339f000d7b31b3fccb97d74613ebd110b7e4db9c2ad0f07dd88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a70093c54d03895882b53aed0a0e166b

SHA1
5c664019dd4b82629046c76b554b9d9f1ac9fa7a

SHA256
cf850459079db27484916566b6c1cd674c206c6b7f7dd3a65f42f24a783ca16e

SHA512
8be60d8dc0fcad3b400f094032dd578922fe7b2113d762942b73e1137a0be7903a2eb6d99575ce4d7eafd3b84b0d51141d7ab8a042a4a82e1b4eb114afd59543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
37f451ab516259211e3dfd956239354d

SHA1
b9bf59253be6ff036c9c927b4081d9b2646d2fbf

SHA256
5b188775ad8115eb0ff253a80f6bb4608c93587641506305c43241c84220aef8

SHA512
8fd0c74839773d14049fc595c5bcbf0965eeaf3181cc0a72ebdc5b633b547a89a0e93cd0ca2b39bff7cb4435c4bdf456fd6e1c55a80d009a06b8f0261f347f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
d440ef8e2cc7ca94182d1b1bb9547d32

SHA1
316163d789d3d443eb753f94b699b9c8648e4c6f

SHA256
5cbc341145d1c9ecad72babe0af25932d2792305244430beef76f7fa1a3c81c1

SHA512
50fe64f5a4225a4eb55b47fdcf661173ffd7247d46da474d14a19a30b6fc9cdf34a86a21db6ca0871febdfd88666b17b84b97fabff2d29366bbfaa84ff9f4b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
f55da321919128074619344709302438

SHA1
878955f1038c82113145aed6c0cd6605e3397402

SHA256
aea827607ffc184854b392a3839108f7d7567e4a58986aa6c2d80e1f6b24aed7

SHA512
944b73e3bedd8fc296c9d20eb6214aa4f8877bf49119526a902465a8a8691b3fb3fa1df49a031aa442870ceac74d48a4b1e7fe7f7f2b90791b33dbe7b8dcab83

Download Submit
C:\Users\Admin\AppData\Local\Temp\gift_message.txt

Filesize
65B

MD5
a085d5fa0deda8ad0f4d34cc3c2912c2

SHA1
9b6083e25786f0dd2463288043b430ab9e7c5675

SHA256
8d31967d66662a193cd81892fd54f728ed352d0db089c30da67e22ce25ed1b2a

SHA512
9fc21491c3ae60ddf09dcfa3cadb62601ef1924606a699841cc216be0edfe620b8757619b55bf239fdf3cb293284494496394c9e021a72d6c565d4a253595264

Download Submit