97d802a078e0b28686b514135090b626648332e183b23481113b10f6d403b428

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19-09-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

s.txt
Size

39B
MD5

c2afa0f9d0f9e4e812f4ed42d90706a1
SHA1

0023accd5a866a1e63e0981a758c007b00544a53
SHA256

97d802a078e0b28686b514135090b626648332e183b23481113b10f6d403b428
SHA512

6ed6e9c97afd9cd88c7987eb5dcb800e332c7d022f42e9e691afb79f32d0cd39c8d4e9b0492ee4ff8e63a751bab76115029bf4bc09ea8c6d71997fa444479f20

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133712012518065944"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2084	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe
Token: SeShutdownPrivilege	2956	chrome.exe
Token: SeCreatePagefilePrivilege	2956	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe
2956	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2680	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 2084	5004	cmd.exe	80
PID 5004 wrote to memory of 2084	5004	cmd.exe	80
PID 2956 wrote to memory of 4212	2956	chrome.exe	85
PID 2956 wrote to memory of 4212	2956	chrome.exe	85
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3476	2956	chrome.exe	86
PID 2956 wrote to memory of 3176	2956	chrome.exe	87
PID 2956 wrote to memory of 3176	2956	chrome.exe	87
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88
PID 2956 wrote to memory of 420	2956	chrome.exe	88

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\s.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\s.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2084

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff9b8acc40,0x7fff9b8acc4c,0x7fff9b8acc58
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,7000570880984297009,3821416798082077083,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,7000570880984297009,3821416798082077083,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,7000570880984297009,3821416798082077083,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,7000570880984297009,3821416798082077083,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,7000570880984297009,3821416798082077083,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4404,i,7000570880984297009,3821416798082077083,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4080,i,7000570880984297009,3821416798082077083,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3352,i,7000570880984297009,3821416798082077083,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3344 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4740,i,7000570880984297009,3821416798082077083,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4444,i,7000570880984297009,3821416798082077083,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
92ec567acad0c43ed3814f0506fa645b

SHA1
622477a1a40405c352f2052b7b68970134c6a7cb

SHA256
671268874faad2797c64b15ea976d38d041154258d9b05cd15883744f08a7e80

SHA512
aad3db386220402f8b7e2eb1ca47230fbe5358b3c19e464874135da2fe988ff5119f6b3c8c29a5804663be959c45812ca6eeaa47a41f32c1a807f8cb5712751e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
34d26aae7fdf9cbca2918ad3a7eaf619

SHA1
d180e28f4502e459b263f720e2d22a8b86728145

SHA256
de78bb8706432a503a3482026937531d67593590472f3def5208f388a9039d4b

SHA512
eafb34afab555121fc76369685a950ff18ffea9221e90cc60988e9e423723fb2515adbd9be489975aba2bf12eb1825e338f7d727397efe2802aa24f4ef3c6af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3f7fc350a48d7f10529adcbf0eda846a

SHA1
f29b9c75bc35d4bdaeb0ca9d35e60a47dc8378fc

SHA256
9baf404ae5e8c03be36d4138bbcdac7d85828c379702cb2a53efe6d07ff23041

SHA512
cd6440f7b15af84a35660fd24744b2de4aa382da77848538754e056c985229445577f947a00ad3c2509e767e973377b9383a788081441ad85caf063d85af0995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
b936b966de370f6abf4052367d3ec527

SHA1
4b38f33c9cffd3b159cb688f49df0807ee240e81

SHA256
616d80ad6de14454e1f578a28d44c851d23c53809e0ae2e4d972393ff915a4f7

SHA512
79104cde71abb1badb464f74169fe8e0d50e68c88e53293242e6855aa8e45d26e27699c2b0a06ca4005a35b3a206a1a85947acc0dc9ca6eabf207cbee80b0fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6bd60447a722c7fca26d65138c8e01bd

SHA1
0bfca3af0d9380e0765306492472a30e1090d3b5

SHA256
708f1ad091e71dfe6476155b88e86d4e6d72463c7d5a556da55d05c3ba3dd448

SHA512
67815ea0fb28f66f671f98da9ef0b44b45dc7f0b925e55a27910973fbbd9450bb171a943eaa0b3c56946ede483ccfa061ad92e16ea13ad413a12cf2db8413d89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bfb6e655cd273523b3ada7659a0ff225

SHA1
2b623f6bd2db80c95ff69c85e180c5517e4adaa4

SHA256
6c399b52dfdc014d9479f3219166be1a99f0648bc74b02d96836dfbff1f88109

SHA512
3589a1b3bf9d46d4ca27b7e11206326be65ce60c6d6216ea61315e71e2173bbc715903b135e61252f33d1cc7102409946ad2096886f140f03f6ed0e34d2ecd80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a5d39236badae74c8b31a8616e2be8a

SHA1
74322d13351ab52cc086bdce4a576ec526572c71

SHA256
b6daca0cfe9c088ebc97e4e1d679111ac0acd39ec708e46dbec21e5780577d59

SHA512
f652d3878c107cb70ad1bfbf9fefbae217025e6c9b65961fa23e0664b8590be56fc1246046a93d32db44fd371b114bba94392e85d0e83395185ec1176f23c1ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62b8173f766268267cc655d5f7a85ec4

SHA1
435d671b372943496a82d40a3f8fd9dd02b8e735

SHA256
a07a35202a77bf088527fedb77ab8d9d098ca7ebebfcf91f04f1a551c62264c7

SHA512
4304117248dbb5f0acfcc1c7f0a10846e9652637db7471336677c4f43915a552e5cb729712e4fc3b191ab4248ebebf5483aac2752ead39e7a69fa303eff5f853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6a792020f8eab24616fc96b480caf16c

SHA1
4e504b7696abba9e058c0d7880c8ca1799295f0d

SHA256
9355f35f8a9b812f0f90cb0a639fc47ddd59dbfb9db94637c33fc0c27a898fc8

SHA512
1b9f3cd027265800def1d61bf348c500e636ede0c3741e0be66eb582433d43c4be58cf7b491b0930b116cbe4220b42aec311f5998e2f9e17e4096d1fb4c71eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
a41d99f617b56b4f084f53010c7961f5

SHA1
c1dc8beb9ddc7e8785e8a2d3f0d5e17f0121e7f3

SHA256
bee6b100a74418b866221086e3b2883bd74b85c2748729bd85a5863ec8d45076

SHA512
5671edc1acccd88d6ca2fb9e3d94e6badfe7b88af42b5755b5cc997ffca44ee6616e990994b7bd60f7dfab13ffdcb136c1e253af45830d58330741a01ace802a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
d5c09e98e7a07ad81078561b4f6ffbcd

SHA1
fc75859a4269f9873a03e2aa55e40f6e0823ddc5

SHA256
0577c77f5761b9db7f0b8b7d60e0f84749d46cbdc26855c98406628e0ec79b22

SHA512
ebd62d45b26d9ebae09c2f231c699737bb847048d8af6ff5ee5f57b57ef339d4b4ee5d6872bf4414cb494d483a033f618bb4701cd6b6f80bec150a4a9a786922

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eed1599235b9dd933e13cbd5751d7eec

SHA1
d461f7edc8bdb31b672f97b18d34e38bb7c96c4b

SHA256
13ee96f0fd8b45de1603cea7aa86ddaa749ea580989d6cb806d944f3547fbf43

SHA512
9679690676ef1ede8030e26359381a092eaec7cb671d51e91d8cd446006301bcb98518b977fd5d475e777baa11dd28e69135c517e3b3d74475134bfed4e8da9e

Download Submit