4c28464d8021c4e2e1fda9cd427604f72bcfb7d3755be4d8f1af067ac998da6f

Resubmissions

15-10-2024 17:31

241015-v3y5bs1fnq 3

15-10-2024 17:29

241015-v2pjha1eqn 10

Analysis

max time kernel
67s
max time network
68s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2024 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xniggerskid.pyc
Size

226B
MD5

3cc0096caac2690fc3b5d01b3f3563e5
SHA1

a474b04fa2c23a5dfa4e6a7103630af1111b26f1
SHA256

4c28464d8021c4e2e1fda9cd427604f72bcfb7d3755be4d8f1af067ac998da6f
SHA512

4f683c31ff7cf4117c3b93f48021821af5b7464fba056dc5fcbf02ed5a7fb75c47e290becc611205651daa05845118f555d883fef033dc8d4a97e52292cd2b3d

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133734871437061183"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2184	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2112	chrome.exe
2112	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4492	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe
4492	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 2184	4492	OpenWith.exe	96
PID 4492 wrote to memory of 2184	4492	OpenWith.exe	96
PID 2112 wrote to memory of 4748	2112	chrome.exe	103
PID 2112 wrote to memory of 4748	2112	chrome.exe	103
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 2472	2112	chrome.exe	104
PID 2112 wrote to memory of 4584	2112	chrome.exe	105
PID 2112 wrote to memory of 4584	2112	chrome.exe	105
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106
PID 2112 wrote to memory of 3020	2112	chrome.exe	106

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\xniggerskid.pyc
1⤵
- Modifies registry class
PID:4776

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\xniggerskid.pyc
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff85c2dcc40,0x7ff85c2dcc4c,0x7ff85c2dcc58
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2008 /prefetch:3
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3284,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4080,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4912,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5152,i,11331409929021580382,18335809846846072605,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2736

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d7f82f01b771f5939e10992b29f2c4ad

SHA1
e2ef9c90fde19ba0748c7a05c6ac9dae20ee01b2

SHA256
ba272e354448d592e0842d3b34533db018980e42b26e7069b96610cebff01326

SHA512
bea220efc82cb1e8c13c3b2f8adc2042fda11b58b0c4e2f25d70b54ac3ce2b7e72770b9feeb4347fda6aa3cdb9e08e1e58ba2c0c8bebe3ff77c13088cf3e139c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
2b6c819b972175510ea2db5258803730

SHA1
49e675da77de15105b5449281b11e2dd51f4a5da

SHA256
4c4ce15448c5942067c31ad796f129371330e179a2b2bfd76ea9a0c8f5a4d509

SHA512
ec486980146b7414d61c35f19b1d9f91a0e1bb8e6c12cba86ddc6ff3aae20aff77e31555e4364ef73e0dfece8d793e4667bb40ec32e1c723c3c6ea596735b48a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ef62f4b6aa4fc0cbfcd7c364fd8e109a

SHA1
50624d4ec378414e2edf4f504587d56bb802b9d9

SHA256
66375c8d7557a712ee7768fe6f5b48e0d727085b88ad5d2e5974dd7c50d7fa65

SHA512
645dcc0955aed57893213daf6cd361d5a62503069672e8a86833860c5614fec83144ff8d2ecd162762bb663485bbea5928c73d5cea571bb627d16112d2a65c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a4953017f2896f42a119c76bd77c83d1

SHA1
fbaf5ca64de65aa8126b2f3285a76de40f240733

SHA256
f5a50377359a21f0069c99a02e544f03d4bdda31600326036b16d4c0de5f873d

SHA512
e342960ecf5ca3753096d9bcf8be7c48f25532ab37699fa690c26b34842a3020ac6f73cd91e83021a9a3c52e90f7e52fe2c7eb3658ba16e39674a861b04bdaca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9eb41c218e5caa379f5b2f31692326a6

SHA1
b004b655e8dc608b2b3afab7f04c23003264ad4c

SHA256
c11f01d36bcec056be2ea32f68cdfd0b92380f7de398fb52dc0fa0cc8b3363e0

SHA512
5e08b84b925f919e4cd204c2d79ec7bbac685e14468ccf165c78117dd58138a5efaf22b297871af47f737456db617fd41cb651a3da994d63f18dec151f7980db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4bb31006939710f4c156b684451b13fc

SHA1
8404531d6abefd37f0662b56553f8fcdac52b2ae

SHA256
064fc0dc1b680d5d88160812e78ba5eb1e61facf1fd5ad110ccb460377ca6be2

SHA512
2b5af197d9941e5d56102a3b85fed280a6eb711da5ca17eef56c0d214ead416f3c47dc393f73240713a550dc92dc7f3be4b33f7d9d70b52e511719cd242e8b2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d700d04dae7fc7d8cf0b89af88fa40f

SHA1
08cc344be08cdd70994daf387027cd75d2c89cc5

SHA256
f804cb5b7c5044c9f83d31aec47e963495dd0857c06a7249236461bacd298274

SHA512
23ba068567033e1d2c762e886c2982da54e7360bb0e06c183e0609bbf2366693cc60892a79773f6fd957914f00a4179ac537c5d60caca29fdcc44d3667b1ff14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
369ac264077caa86fafdb2e3f1dba282

SHA1
d1a925e73b2c175b25ef210a6c0bf4432ddf31ef

SHA256
c8e7e20660248d1972944a61b9973b07c1af00e55b5c305e89e7f403b7275b11

SHA512
57e3324feb33d800eec75f4be51b2ccfd190ee651df714abe93a30a18b128a6f3073a4a3737d3ea194b2824f4b79bc8cb212bf88682243f43277c495c4852683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
38f5062a63e24a22b764bb6599afd030

SHA1
65150aa22b043d675abc1337ed9b252c1f5f30c8

SHA256
f5008c09ed1ecaca762ccc7a336de327930d03fa3aa9aaf6f3c4b24ebaad28fa

SHA512
9420df45bc096cb1db1faeb51371babf6071d89003a72c8cd2e189dc08f0c6510d2de4729b33c000c65875087f1f012996c724a15ac0c322da020742fd0ec634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
5cc9f194b727ef7154452950b863e0fb

SHA1
da9545bcd3bf268ea008ab25fd900928aaf5ac57

SHA256
8d8c6b6d8b5aa76c62071ede05c25257ec3b1ff2b5a7cfa89575cbdd337b17bd

SHA512
f767151b68473c7ce8dbfe32ec484d8e64e73d6d6b193cebdca445e5ab3c603b15467efcbd9390ee4ba0b97e99e02eb4fd2c95e373893250b40bc49aa145e9c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
452d965d74305f9a7739554aee5bb778

SHA1
00d0b539bb2b06886a2c9c0fb9f5a0158bf8a664

SHA256
da37a4f463c2fd4c7cd9cf92e441158a68cbdcccebac17e8f1aea9ccdd1c17fb

SHA512
a3f3b7a44c718d7dce62dbdb026939b32f0f3cadb855e6fbf8601bceba879d90e3f3b6373ded36e0ec0c1ac3a5f200ddb8aca9c4458db34201c6e2ddbd9ac0c3

Download Submit