hxxps://drive[.]google[.]com/file/d/1IutMfwD0SfN_bDl39heVfR4LhrHAwUfN/edit

Resubmissions

13-11-2024 15:40

241113-s4cavatqby 7

13-11-2024 15:27

241113-svq3msxqak 7

Analysis

max time kernel
50s
max time network
56s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-es
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-eslocale:es-esos:windows10-ltsc 2021-x64systemwindows
submitted
13-11-2024 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1IutMfwD0SfN_bDl39heVfR4LhrHAwUfN/edit

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
12	drive.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759860520771311"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
460	chrome.exe
460	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3228	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 460 wrote to memory of 364	460	chrome.exe	85
PID 460 wrote to memory of 364	460	chrome.exe	85
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 4380	460	chrome.exe	86
PID 460 wrote to memory of 2368	460	chrome.exe	87
PID 460 wrote to memory of 2368	460	chrome.exe	87
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88
PID 460 wrote to memory of 3764	460	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1IutMfwD0SfN_bDl39heVfR4LhrHAwUfN/edit
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffdfe3bcc40,0x7ffdfe3bcc4c,0x7ffdfe3bcc58
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4524,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4864,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4900,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5312,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5356,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5384,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5340,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5048,i,8688313565880518792,5854177746188097143,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:2360

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3044

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
34f3cd16fb63187140c919f9e032bc00

SHA1
bb079bd82aa0ab99c93505d23677b126ebe49062

SHA256
30f33b753f008b5f66d4a560c752898c1b240b0f5a1aaf85f0eaba3be710fb0b

SHA512
a115c0108b18099da3800fddfc431d19433d97593504e82f27c5ca3af81aa15bf9baec05c54e43217b4ed6ab9780db60406a9515feb364c80a83696a1c33b5d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
babb4b59b4d9fcb903205420312b64eb

SHA1
fd206697355c95ab6413ba8220aa101e6d80a34a

SHA256
3329c48deacad2e8a95ea4c13c4366fedc0f4aa84e7219c83431d8328cc5a062

SHA512
90f27362d3aa747846033fc74eda83dc1361d2b201d4211023cbb2c5d2c39784ba5c9b152c600c0fbafe1dbb44ce8ab9d8c66ce1e7b893cabe856b6281dfbf1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
4a995cefc4e5f210d3724e39699bcfc0

SHA1
b5ae580ffe8bd0101c0c3ef423e852ef2910a830

SHA256
00f6ba40cc736d780e09a8c1543cea635e4cf65c2b79f34cd6d920b8dfa3f484

SHA512
1fe93b150ccf180009c8edfd730be7daad80f602832a4f4697102f9ff2eb4afd732d130f1506e19b074bb680803cf04f42bc4395c51e292ca948432539060e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
b04c4ff7e634e73a9a1138ef8aaa2115

SHA1
7bd03d7dab4d0d53caa6320bf79d6f94a3ccd304

SHA256
30f71ec1f0f349e294e0f27b719a9ff2ed9ff86bc518f37fcd336f09a75b448a

SHA512
99491db93e14f61b3532d3189bda05683603c694438781207485b6b714705b14cbebbdff97d40b269876124e993c9dc814e10cf91e9297f60d52f5404a2ea412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
426d641c12cc5fdfa4819c93a98415e2

SHA1
b3df420cf892b4b5e44ec0c179431976348e776f

SHA256
febe881019317b237ad8cb349ebd4cefb08bc1aa0cb581243f1c8b515ad12938

SHA512
840b46f445cf013e21d7d2ed7c0b1831f8e75d194b1d2d428032bedb47b21de448711cc75907715a6bf6e8e8c42fbb3c5b882b0707fa114ac94fa552772ae8fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
59043ca168e0b60aa48f2b9187107561

SHA1
eebdd3777dc8c1e2622e1bc74b5dd7faea650d94

SHA256
6871b92bf4e2c4405c1e3723476ee0790eadfb7bff7d31257df45f67b4296609

SHA512
d17ba2c9c6cc5703a420e5a6fcf614aa75134dbf1e85b558a0fff9b212a4c426e016e6eadf8ac1cd36ebc0dbbd392c4d4d88ad9ab4ae03029dadc5956f6b295d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6131bccfb6a67a9c2dc6f672eee3c3a5

SHA1
7d7c784b9c0c42f6f09fa497ae3d2ac0d7df1f22

SHA256
3e6a472f67db75e490f3305da127d8d855886c36a962d282d8adf74fcbddd415

SHA512
98c9a54d078ba647764c829c85837924e55ab3f693a0dc52fff46ccdd9f084936199a40e9ef49070bd3dff8c34289ea9b9c249dcb52963e985a84bab8c219a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1cf9d2182f2a194774c0b6666785ca47

SHA1
8d891a0870a41e382b8da5aad77e4f6c3caa5da8

SHA256
125b3243588493e789712204ca90369333d596c91621710c42b98de61b876709

SHA512
097249c4e98334ba5bd04f61568c404ad41075ec89bf9b2a09b3596d7abb06e3d81ec60a6059871d9d870eb39dfb9fbd9f20a7293946756ec5ee4b193a99822f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
49906710f05a45cca37774783dba7d31

SHA1
3975a6fd144de1aafbf47a6fae66de4a7250f039

SHA256
ea64e911a21b39f5bda4bac171f5a677bf7545f4987bd3cf334ceeb1d5f1b750

SHA512
3ddecc59dca5b4e20eabb2385325ca6a92bfaa48860c73bbe1611fd3ce1154626fc3beb01da7750aa27c1491d9060adf6ecd68db18005102d12e5d1524e83d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5702e5896acbdae6054e2ae6796ea66d

SHA1
b711bef80527667d5aaa4db3dcb3dcc7e08716da

SHA256
30b2b76a022de58bb726ca891c08174f4d1ac1f01b76e6708a89962b95a36075

SHA512
6d72b0f91c58ee577073f8ef796372dd58d55c14845a6e85db16646b9b2cf5d1eb08636cf944df90c349184bda6866d0da3d8d1884d341ae597ff2b625b8c9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8714cd736c1ee19dd7dd74dc58d6472d

SHA1
5ad73dd52144f3225ccfd8255b9c38e785b11efa

SHA256
c2082ca19028cda7c529a5f47e2a25b1f524f6bab8363fac449f46df79d61771

SHA512
fb00d856fe778334f545538f033b091d3db7ee60349fed6f8abe92ba68d8088c8d2a39428492979654558cf035b91965a9ad8bcb36aa85487e7b39a283612539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
81de239b294863910b934095bb77b47b

SHA1
153a276c6db26b5c90874ccd98bca080010fc37e

SHA256
ea14c42d792ae3462623f1b1800e985430db11717d567e7107175003ced9100f

SHA512
ea5811946c02bd22221215146d966eedb27961bd879f3cc89c54c325d2299553f1c143071ffc7f4a8c4f6dfd80bfebfd8e7a32310006818cdaae381f39f51edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
8bb618f76204166c5023e6475a45f140

SHA1
f4e6a2db6bd1f4518be1ecd464106c975776b07e

SHA256
8fbd1d06d585b4f3032d12af01545d01cd39d4c307e4e5f0c0308d35ace286a4

SHA512
eaf5365c7dc1a9a4df9bcf58b791894f9930b5d57f202658e79665a243ad2d4ede6a135a696babb49ef35ade9710ddcc31d651ef6637c7672c8a9ded71b22fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
3b552c1165af65da4b45aa2a01086fa9

SHA1
83651cbbf855d3811e191bd0f30a358a2002760a

SHA256
02abeb749e83a28167c745145fa0e773631e3bc28d0aa9ba8139ecca941c366e

SHA512
0f5392893424d10cbc00a3515905717081dc54f6cec286596191359d87dd1c0e696783bf9508150b5eb9dfef9c8caad2a733dd47533d642a11fea1c9ab45d129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ddf060ced37c757c76b5f31ce60f12cb

SHA1
3684176915ed7b7c0abf1a318f378678493e73fd

SHA256
9624c871e9e6516aecb3c2f766a8de03921dc2093a05abca8f6fccdb6a94ba7f

SHA512
e50f73079f8d521b4ba08506f9d4751014182d6600a1df0f1fbe7b91d687d44594ef4f35678d30f0cccbda0fd7a8a972afd7d241b07ca210b38557379c6bdd97

Download Submit
C:\Users\Admin\Downloads\🗂️ Ransom.win32.ranmsghp.smt2.note.crdownload

Filesize
29KB

MD5
702f167bbb73f30254fda5342c00d34f

SHA1
c1f16f1248ccf3880f76e4e1b5e176338530dc8e

SHA256
b90856ef10583f105b758a3b20310506a57b9454eaf3716e922a444adb7e7e04

SHA512
758a6609620fed100edcb40062f1b5684b1d6222738d29acc11b87872da57494f762ea486b5517e809a5216b23513ba844eb0ac1f207a5d6f64c5a5225dda932

Download Submit