4ce9095a92d1112eed2fdf1ffaf6d9c007224203037dd0b8a3a20e7fcb10f015

Resubmissions

09-12-2024 12:05

241209-n9axra1paj 10

09-12-2024 12:02

241209-n7ne3a1nen 4

09-12-2024 12:01

241209-n7c94a1nek 3

09-12-2024 12:01

241209-n6t68a1ncr 10

Analysis

max time kernel
95s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09-12-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

241209-n5y4sa1nar_pw_infected.zip
Size

23KB
MD5

341e29f1e0cc1d9fbfd3c7fc53d41c48
SHA1

b21f1f27b41f686285a21e84cc731eb02ec6fc47
SHA256

4ce9095a92d1112eed2fdf1ffaf6d9c007224203037dd0b8a3a20e7fcb10f015
SHA512

d5d6bea413dc9d9aba5001c6f3bb6854e831faa2719c7e2076319a7802efbde1e51909408e138788fed7b409fad2979f7c6ad8f4c07ce4cfea25e92ba2ffde2f
SSDEEP

384:YBh3pkxBVIvRFHqvf4UOeg8Vbt8s7eD7XB1vD2IeDEnpEtzCfPSyOUxaAjxxUvcb:YB0baSH4UVg8xtr7ePRV2IQ++tz+PqKh

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133782193955940070"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3756	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3756	7zFM.exe
Token: 35	3756	7zFM.exe
Token: SeSecurityPrivilege	3756	7zFM.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
3756	7zFM.exe
3756	7zFM.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 3196	4664	chrome.exe	82
PID 4664 wrote to memory of 3196	4664	chrome.exe	82
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 1864	4664	chrome.exe	83
PID 4664 wrote to memory of 4708	4664	chrome.exe	84
PID 4664 wrote to memory of 4708	4664	chrome.exe	84
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85
PID 4664 wrote to memory of 2784	4664	chrome.exe	85

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\241209-n5y4sa1nar_pw_infected.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe8,0x108,0x7ffe1ca9cc40,0x7ffe1ca9cc4c,0x7ffe1ca9cc58
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5540,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:2
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5712,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3460,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3356,i,14773880790821238309,8425129222148253342,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  PID:1444

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7730f1462bfef836227a2cc3158159c6

SHA1
a056aaf314d8ec8d909cfd53e2730657cb85929c

SHA256
2a01e4c8347cd78d473f6a5b9e73427fdd3797a15a127e84a323d889e912ef48

SHA512
296bdba6a328f016be15760b2930a750020d0787105ea2a21e2294678389bbb6bbbfc0dbdb3c62fe98e7ee4e73ccc551f502726bd1280902e575640428fa3b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f12326488ddaaedf57641980bb875de8

SHA1
be6199f0cb7652f8e80283c9712f74f11759ccfa

SHA256
c6f47b72f4581af1a4bd6dfad57f3e51018d90fcacdb082b45b55ec2e13aed87

SHA512
c61826dd8337d1de64220a15e2bc9704c7b5b6d197ea889b613e9f826f04f2c8f38a3672b97c33e0bb3008498bffb65efc705eba8e389c3f2490b6503f1938e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
3aadf530b4a606b2e494b4f99ea74b2c

SHA1
de61256ce53f3271b2781d9747fa39d7c16f1816

SHA256
c44e90c007373def342eb540bb15e0153946f5de4aee645169e10c3244cf695f

SHA512
a24bd5e80faed13a894465962bba020c6570659ed7f6211eb3866aa3937f8e5d4b66578e624b5841043deb3fb569522d6291967aa4a61d0c94bc59868b2ff591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
4d75ac68b78061c1cf46285b8fca2637

SHA1
1295ff9c8c062b89cebcac425fc8ab3be7228f32

SHA256
005d2a9171f7af604e8521b4302b1193aafa1f1fad34b792793959c5429f8714

SHA512
36ccacfcebf98cd1b9d0ed73709d2e0e3398350fa1168ef21cffffb6983b564c97d55ab733f688aa17d0b31873b9d2991086ae78b873a0116f501fb05f486b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
e8e2b3eab60cbf10db96fba2d0b080f6

SHA1
d800aa8af4f01acaec3fcb2e71eb86967693c96d

SHA256
2ea387fbb0ebb4697f7bbd7ee69b6c974fefdc6f7aad5a916cbf6c9c8f9bd036

SHA512
374b7302ad70779194a7528f312f7ad128ccf10c5a72e4b6c1421699bafdaaa47a7b98df96ac222fab7aa3bf65011a95604b491e98a519cc24392129ac974aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9dcd2191fb6a39b76912f8f2c552bc42

SHA1
36d058baf8e41a67024fbae0816ee858b0cbb3d5

SHA256
a182654e7ff42cf20c360236454259e8c16a3ab54792532d80644959c508716e

SHA512
cdd4836d202f4ceed5b123adc9bfd8c33cb802b88f6e0e957cb62e259ae46912ffed4fd4d92bc51c6dc48a80d7d700d6a2c3cd2e089c3e7756e2fa3ffceae5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29b167eb1c72586a44e6bd496ceb5e3c

SHA1
5d61e3bd60f75828194b66af923db86d0c9ac5d5

SHA256
e0a67c886b4e753a2e482c8ca8508f25732c43d70a5356743d65a8c977cc931f

SHA512
fe2c78c582ae4a1d325957c86d3ae6077cdb7a317618236cea129d37794fdcecbf60f4650695d09a5bbdedca1aae499f01721981ad5e6c3b4e8a9585ff7a2131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d962d1b3eccb5bf361fe6388eb808753

SHA1
02a1379ad637576f4c6069f95502967c3a232e44

SHA256
cf1ff51ee7a3dc0e8e29eb84756afc8a0ee6e549154312afb5e22ce9bd9bc26e

SHA512
9bb0692c337443613f685525b704fa1e10543d0317ad2d49d16f096aadd26100cf0f1cc54ff0ea02d4dc0d86ca828fe8f8549307e91c5362b1212e0e76314d12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cee2d8ad8cc150b9213b89bbd3239d25

SHA1
91cebc38c4d8d9662e53572add29dc752f21cfb4

SHA256
e343e9240e9dbdd49a6c8b6d81bd96c5a17861394f69933fcc731d645b795e5d

SHA512
4c7fad20b67633345c50b87e384f6c35c9a9800bf56a8ef0761829fc12bc7faf0c47e9fbfe20d7929f0e290b9b5732d8114f7d8b3a944dc7b3a7a0512f15aeae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
96B

MD5
f9354fcd36597f75a5d76ae932336058

SHA1
0a386d1eb8ebb5f32bec91c2c41ee3a7622132a1

SHA256
0b059d3c6e1ab0cd003d97c31c8400f841faa4e61825f58a38176063f2cfa045

SHA512
85af522d75e8a2626283f1f4b57926248d1665ad4a29cf51ca976b60839935604b9f7e3177a23894758b13d2ac78a3b96416b4a994691f6bec1640fe1d852fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
ea76997606ddebf71ae7336bbb77a949

SHA1
b8c9b2125f313514fdb2d5e02916f3e735522c59

SHA256
41dda2dc2441681ffc846e212943d637a7a267addf18023716b91477d2d472de

SHA512
886c1d2b512c090e66e6b82d7a6d141337af5a9e752e09241e29c662f2a47026f6b3095a39404b5d733104e7fa1cedad877b9c0368c9eb2e0aab0aa227ebb20d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
268401dda7cb0fb7cf9163dbd20cd34a

SHA1
40a49475686e2c902c51a9a65e6c150e265d4762

SHA256
72339d0bccc765eff6f062aaea651bd6611230cc03cd7c963c9c5970395eed22

SHA512
024d54dfe5bcdd4834c23a88af05d5d268651f103e319ab4a53570f7121749e018b8fd18e2fc537231d0d2e24e9b8d7e7d61dfdcbe7edc01a88fe5c13e123449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e7fd564d-8898-4e37-aeee-ffdd8bc0c73e.tmp

Filesize
230KB

MD5
7e2639356d85f2931d3778c815e2f6aa

SHA1
1c22d30816de05fd986547b5e1d273042e68a559

SHA256
71f68b959b8bc5365d5803ce9f35fcd569107a83bff2fd5041c5899db9ef916c

SHA512
448c99af327ac1dbe236865cceeb570ece40aa27e93ad7359f60a3cc82af7b01278af8b73e30407261f3e536269be5cf623e643948fa5de3fa6d1ab8c7aa7102

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4664_1129080874\75995337-f7fe-459b-90f8-77baa26fc40d.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4664_1129080874\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Desktop\d9789bfbc54d5cb6d52c385fd8f5d288_JaffaCakes118.exe

Filesize
33KB

MD5
d9789bfbc54d5cb6d52c385fd8f5d288

SHA1
b8f60c64c70f03c263bf9e9261aa157a73864aaf

SHA256
c0fcf3ac6b125e985c6574ed7ef1a7929f3be8f6487b68e4d58a48a3b1517b5d

SHA512
21e81d64136897e86362304666cb0a8510ae2280c432c8b768875d5459b527e2cdafe9a61107433d3ff7ccf8092f3bbc226f9366623c1d39f76445fc490dc4c8

Download Submit