hxxps://github[.]com/HalilDeniz/RansomwareSim

Resubmissions

25-09-2024 12:52

240925-p343paweln 6

24-09-2024 15:56

240924-tdvj6ssall 6

24-09-2024 15:33

240924-szaapavbmg 10

Analysis

max time kernel
1358s
max time network
1714s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/HalilDeniz/RansomwareSim

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
28	camo.githubusercontent.com
32	raw.githubusercontent.com
54	camo.githubusercontent.com
58	camo.githubusercontent.com
63	camo.githubusercontent.com
26	camo.githubusercontent.com
29	camo.githubusercontent.com
31	raw.githubusercontent.com
52	camo.githubusercontent.com
53	camo.githubusercontent.com
56	raw.githubusercontent.com
27	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe
Token: SeShutdownPrivilege	824	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe
824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 2184	824	chrome.exe	31
PID 824 wrote to memory of 2184	824	chrome.exe	31
PID 824 wrote to memory of 2184	824	chrome.exe	31
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2812	824	chrome.exe	33
PID 824 wrote to memory of 2708	824	chrome.exe	34
PID 824 wrote to memory of 2708	824	chrome.exe	34
PID 824 wrote to memory of 2708	824	chrome.exe	34
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35
PID 824 wrote to memory of 2832	824	chrome.exe	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/HalilDeniz/RansomwareSim
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7ad9758,0x7fef7ad9768,0x7fef7ad9778
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1812 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1840 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2732 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:2
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3632 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3884 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3132 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2628 --field-trial-handle=1288,i,699670489820574868,14740660039697289408,131072 /prefetch:8
  2⤵
  PID:2828

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7130d911f28616410f60e3c2b6febd8c

SHA1
c7197d774e5970acf4650e9723111587c67d8bda

SHA256
90961b8bc2694256b7813afdce9bb81febed8c64f2986736fd67d315211fd61d

SHA512
3fe5d9f79bb8ab667020bdd0a1ccb442e3430f6e16385216aa9c5a8bfdb6f77b1e9d0ba10f0e028eb166b1c5d5279c1289ed71108a939c0dcc4068a3cd00b908

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30dc9df33ff87dd0d4b3adecc01c90f1

SHA1
eb9e10e3855d1567cf4e917f5f95646833f52c21

SHA256
fc0b4dbf6b7b4c313faeb46278a4c618cf746973a14da3e12f9f8c036982b372

SHA512
b567ecc772ecf81353c14812fc1af2100db5f54e91a9c554640bc70c965d07a38e6bbf212b659dea0202f62365bca3883264d680bf68f507261a3febb3cdc87a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9831f3d5d6236a57cee5a4f5d8befa8b

SHA1
998b89e0fb1c04118f9555048f63a83f3d490970

SHA256
ae983337e73d86e6ff512c03e62ba82b1cd669db1e14437cc6ec73e6e2d86897

SHA512
96c5d40a26eaf33b8564f954ecc9f848782db034dea4173483075a7f9a62f6a2367bec1b7dc2f2b033160e638857def8dea074c0af77fcac4f6886cd895f2be6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
274dfd55ace0d76a7663d11c085cdddf

SHA1
d1a33ccf45169eb87ba6cae1712bef18fe898466

SHA256
0f5a659f6c6d838f94778e572728de750601ec2c0954257caa3a5631d0850962

SHA512
fd57dd1ec03c147bbeb8adf69d3fa2bfbe8e440d124b2ca3acc3e588566e52e6312faa5f626b911a3fffcc526c814a04c63843553c9cd4f599638db66732fdfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
37KB

MD5
e7b69618f1e662bfb228c90d4f639d1f

SHA1
631c6f72512c7b6cf799ee7faddbeb9583574aed

SHA256
617dc2900d8c831aec6cfbe2eb44f086b691b4033e2c6986885b21c9c1f5a413

SHA512
0776eeb7e1eed3384ec16e68f72dcb88203792624eba3c921e82f0f5b8b35e3ae512ed6ecaf292d09823ad0f90bc28dec2391aed93428978dab8aed3d4e87009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
21KB

MD5
be89131819117173abec1e1a375f1ac4

SHA1
94537cc74677b671d9cf475b57ea11518f4c84bd

SHA256
e85deb52f4f7aafd50e84d48f26c6fd65dd58c42adfc0c6f7cd043d93fba2e93

SHA512
e2f033b4df28a245d3fe023db83ee4c3f9c64904ddbaf3880a0b429548ff6d7074f2bcaa0396042d361780c7f93a51e1f8a0de4154dbdf721cc6078ad9f29e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
37KB

MD5
3ae7a1fc24a2fc360d0911d5074311c9

SHA1
b94f593d8789e38908e86e75bf5d4795fa14f4d7

SHA256
3e687d87510e90e494e83e1f064cc388577ff85bbf9798044ccb2c274b0ee18c

SHA512
c82aef8ad194a149f55549e7ac903bb18601ad765e63aae0550feabf6699bcaef604be165639979e65bc9bd1fc680d67a76ece63b4338148bb2ea6a5a731bbb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
22KB

MD5
f35e26747f787446d7fa623bafef0fac

SHA1
d4ff1d27cee84c0be63a425c6e31df5870331f58

SHA256
b1557df85c986f0cc409e6631ce6977cba9ab15c2429b7cbc42f57ab891c5deb

SHA512
31a095d2e75dbd7c7794b9047d4b2adbeb9f0a4b196ffa44d1d03000769153a6c7ad6e4c4edf63cd6cf6826b1bf5e3a06f629b01ba2f71d9f2d2837888513dc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
0845a7e6353ca2593000e513d1ef6511

SHA1
720ce2ba95c2795d41bae5d4ee7cad8b758013e8

SHA256
a1839ab3c16ac184694c30275a9edf1f9a08361524b39986384e5284fdfd7a24

SHA512
22bc477fdaa791a80275ef9194756bf94e0f291861a2008100b2d1fe613ffe7c6626b5299b634ce13b49f9a947dfaa7549afc25309ec2c4293a78f9fc52b115e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
988e88114b23e060e4e886f6e07b82b8

SHA1
5d5eb05911c3ebd8dfd7778914617e93ac394a18

SHA256
53dc842de557df16e5de3eb09bdf952dc88ace2a51f893e15d04278aa8b7f084

SHA512
796c00f84ea03c9aadde663b2632c30d9a7137732225a47edc19a965752ab2e77fc701abc1e5f09e4e55deb22fd1d33da15d950107c803512d596180cbdd551d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1007B

MD5
6bcb12d194426c2d1b6b25778a89ab8a

SHA1
1d9d601ce8921a9414c9a01a48894dc7af21dcad

SHA256
4a6fa2b0888167e3949e86528eb792c3c3e13f814780ebe42035738b700719b5

SHA512
1b61a0eff72940cb700d19f6036bb21457790f2b7883a5b066faffedf1793c53bb5b9b14021a22ff3a0f6cad3558163e12be8dabb66239e9ff0ec1beef893983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
845B

MD5
14f68f365148887e36ef9079bef70cfc

SHA1
d50e37bd6e61b7d713cb24bf1a204ea1ffc390b4

SHA256
3cb26f222e4523d22513ac7611ccfa5c6903e31d7b62f86463d56ce7cd93efde

SHA512
afe43912e67d8a09dc6ec9f3c16b80831b471de2cc29065c8a30f899f459802b40f0d4696b474eabbee1d1f4963ba9a7055eb04d2c5b9a51a2213905ad8fdb34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1007B

MD5
beb88e25b80a92baccbb8f9587e4c9ee

SHA1
b8531fa964018fc75c7617878fcab00f8b569199

SHA256
bf4653e36694cf3f6b931b9958ce6d8cd6c20ff0ee915889b436cd637d6a8f64

SHA512
9ff72e137205cd76b59d5a2e122ccf7541f88a82aff977fce154b9f8da27935ddd9053979d253ddbe50b4dab5505c135d9a641e3558322c6072456ee7d8b5ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1007B

MD5
f77f17324ebf8bc21fe07a9498ebe42d

SHA1
c6484f3eb6b74089250d37b61d10fc6aaa0489cd

SHA256
0b11cd3c3af8487c08f33b29278b47e459982389a5ee988880a02caf834f64a6

SHA512
998e2dcdeba1e8be0d5c6d124e940b57e7c7b6ed445a9df812db757f23664bf9017250bf9a24d31726bcb6c881a214fd72be1c94c506fa977acbb2933c4d8a90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
845B

MD5
388ea720c8f56d490f758a5effcd1521

SHA1
3dc98b5350b8921c06349a51d69ba9339e498b9d

SHA256
3b83cdc2af1d1496ee5ed144a19984372c9a2d216a87f137c7ddd90601d0af69

SHA512
4fd9e66c65850498d8587bad65c949f7632e00b0157652b1e2712d2e85db34f101cbf9c49a63bf137ac7ca8378b582d378f592a0d49c617676cee06b447d38ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
843B

MD5
b4e35d21df52e4e640d17ee6a8cccddd

SHA1
e9884ccc667e362c84db511b28ffa51173c6a8c1

SHA256
70be74f8da7ce8f4f4e8ef5e12acfd2a2f8137adc9b4f961dde06d7d3d5f1192

SHA512
2fe8f1667e34a3b06784106b1513f3f53f9bfc915af286fb8e3aa7d7e8fb0a7ae22a0215954cdb850281007c8440a82bd2e442d690dbda032e04c7791302373f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
845B

MD5
8cfbf00468829fd650ba5621d1126017

SHA1
054adcafea943d6969e7740fdf791bc9c8a9a1e3

SHA256
7c4ee4ce98a255062e73f7eb7a9b06ddd4daaf64cffe491209ace81cf1c44578

SHA512
6e873083ceff7af7aeb815335f8efc2905a20a89964a397d1f10b34e1affc126da0879148e43983462091fc66f7b466ab3319c0d5c990d36d5f19d1152cdf92d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1007B

MD5
59c7968304859a2d5e62b71ab5b706f7

SHA1
c17ea12783f33904da19ce0862f2a3245a2f79ae

SHA256
4d6f6f9ac1a6ef90790d68bbd714bd5d61d3f501954131a5ff1d2ee5da7d6e7c

SHA512
c6d85cc4f3a704968bb1cf52cc27d2c102dae6958b0e4d3f6f28b7d4ce9881c38194ee2b781edfe1c5365ff2dcb4446972ff7f340f3f8b96097e9227c7c2cf93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1007B

MD5
dbdf2f73f80e9999b48d256ed5c4dd26

SHA1
76e7a5d898cbb79f0b7a2be59270564e1cb11515

SHA256
4aa4b73b25fa1b381c2dbe85e739fff03cd62d3abb772110781640084594d7e5

SHA512
1dd451c45fc77f13237e6eebcc33f8e53f7d6090344ef2ede62d3bae2921ae26ec766c9c8f9933d694822d9516a272fee79d3993e210b2d0aba15092a74bbb5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d6a9af085e940b4e007646455a663fe5

SHA1
bc7e4897850e961244d8b6c4b4d7d20536eb7fdc

SHA256
ba0bd4f6e69c6e9ec0354df5eaba7fd171790a8b2b2280d3b255149673a68c3e

SHA512
8789bfd9fdcdee2ade94d62df303ac6874d63ae79105778b06435bf0ea7336e53c39b32e75c33ae96c2409107d58333dd0781773c79605d8ddc32d0a88df8d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cffb0747579983f1efbfac7998ffc8c2

SHA1
ace2ef2b10279e0ce7e56bca88996de74cf119b3

SHA256
8872e1cc0d1a865b57c01bbc84a97023c0290b70f205217da3f4a2a27b2b638c

SHA512
07dc36a48dffcc2367a17279cc392b093ee4905e7c50769459ddaf61fa368475eff2b91cc004932d185232fbc3db1c6dde6d08b3a14fad113c0eeccce7f8b14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
79a7e7460adb2996ff39143e1f84351d

SHA1
562667077a06adf1eb0a5dad8d502e01926ba8e3

SHA256
f89e406e58d76092211f2c091b22fa8e033f64fce98aaa279b16ab4b71272c9b

SHA512
aef0717acb29679c7dbe22e425c3985534392f7e092363ebc448314ca2df3caf73316d718d06e7fb1230b1bec39fa50476739901e95cfa521dec1e2fa3256814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
726708c7e0c733452896ad629928c4a7

SHA1
7965021bb9f83d2b9273e22d108c55ba89562ff8

SHA256
de63df4cc4397219bb66c7336081b0a8014e457a55be61a462ff4c21f688f596

SHA512
f41f4387c115057873e30e7df77445b30c4c1294f911286bb45275f92460a2b6eef7b730847eb1c52770113108f76a4d47629bcb15d9d3df120b909abc4c3469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
eb998996d9a62411335699208970d3c2

SHA1
1195a0e75f2fdde7f75131913539f2059761279b

SHA256
01681ebe04e8ecfbfd515e752a48106de38913b1c747cad5addb340690334f85

SHA512
3901e9e2d5e118cf22d8937d8a027d3caf9b0328d76c9d983c6cfaecbfa6297e5704f06038b06577b26902d81f1745f408682f143720bf79750d281d5864f9f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f897edb9e34ba36c3a5edec5081cd9dc

SHA1
6914e6648249dddd0ae0d40cc2948f7aa8c92c77

SHA256
864afa618a465f7959154dae79109b62724b8dbaeeed146a8d62d622fbd6bcce

SHA512
a02ef8bcdbb374dfcfbb8fd5669eb16d3ee2b3e136cdbab79fceebcc7316892a7c405b51fc41b834f856cd902ef5bb7345bcbf15c65d3dab12b675e6fdc60c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
1faa6af4b7917cdc293f0f99944b6b10

SHA1
f5fd159a96006d5c676903a291a76d83ecb5bf46

SHA256
ecab96a5b78971dd4fc55c2496da3004f7ac2547d3a40b2c34588f1c72dc6d5f

SHA512
c8b8ae8ec69da0498469d30ef926bada41b36b8d6f13f036effb91219ccc2ebe316201d1219e2cd5a01a5a1f7d62715b254b94473d4ae7db1124605ca1050849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
566744f2a6ea1bf9121acb4458230616

SHA1
252802add4c5ba727b9a59d8222fe03af8a137f5

SHA256
94e9dff22ceb6c13e08edc6caa0858570389c5577bd834c40de343b42337d866

SHA512
7c606887ce79c7b521083174e35d564fe2e94d550d17efa9943e84bac404de9132fd263f3d6ca680a571ecf56eaa17803f5141b0c8e2a46b4e945123c348b35b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
af5e2a8e15b0046901ba7a70be6fba19

SHA1
41fbfc898e4fae78e6bf53588d096495093a606d

SHA256
5cb4dd6ef361fed05cb1dd4fced88cb096e727ee96aacaaee100eae5dbba4317

SHA512
d77660223c9c0ab5c7454fdddcc6554d0dceda50e73c6a5be006cc2112798f08757891a053cc6a7c2d041de2150a629a80478309ccda9997158610d1ae23e10c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
d3f4fb42d5aee9fc1fae9b46b62426f8

SHA1
42556a4b596c7f842abbc73809854b814ea6e616

SHA256
68d5953a3cbdc779016d69af5eee727d9b37968e728abefe7696fc5b6df9ed58

SHA512
6e3d339df017aa0b9d77fd139846c872622f1901b579a04f225f2e5af43f7c20417f044b70d3a9de4d96aa8827aa3d004170af320e3a72c6e01694f89d951b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
36a86aeaeb61f8e8d34dd274aba4b617

SHA1
fc3f6f5484fc83dd8f3c004c6627efe9060966ff

SHA256
9e7ffadcc93d6c5ff44e7d4304d8d775a9a4b4a3066e85d6e060d7a230a72104

SHA512
f62725462e7402a2957ec127fe1b6306077db2e1953ad7895441e280491e0fe750543a34861ef813385b4f69f8c79f733b92c5eb5b1f7bd740bab778e458b185

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE948.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE95B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit