d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

Resubmissions

21-02-2025 21:12

250221-z2l6lazpav 10

21-02-2025 19:57

21-02-2025 19:34

21-02-2025 18:54

21-02-2025 18:38

21-02-2025 16:33

21-02-2025 16:20

Analysis

max time kernel
156s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2025 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.txt
Size

18B
MD5

5b3f97d48c8751bd031b7ea53545bdb6
SHA1

88be3374c62f23406ec83bb11279f8423bd3f88d
SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
SHA512

ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133844461555287466"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3108	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
336	chrome.exe
336	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe
Token: SeShutdownPrivilege	336	chrome.exe
Token: SeCreatePagefilePrivilege	336	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe
336	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 3108	4080	cmd.exe	78
PID 4080 wrote to memory of 3108	4080	cmd.exe	78
PID 336 wrote to memory of 4592	336	chrome.exe	82
PID 336 wrote to memory of 4592	336	chrome.exe	82
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 4232	336	chrome.exe	83
PID 336 wrote to memory of 1320	336	chrome.exe	84
PID 336 wrote to memory of 1320	336	chrome.exe	84
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85
PID 336 wrote to memory of 3792	336	chrome.exe	85

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8300bcc40,0x7ff8300bcc4c,0x7ff8300bcc58
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1732,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3556,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5020,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4652,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4600,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3492,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5144,i,14479808514815674106,5639847050161557979,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
21411109e56f9fba86156bdd8ea55a25

SHA1
ef02d3a9efa5fa3ad84f6a0accf8c1d8ba923077

SHA256
abb0a9d1f059b89c886f9174c77aee6e500abcc1355e0fef29e505553e9925c5

SHA512
3752f0e52ed23e83363f0a0a3a8f7ca63c2355c27f887b2b3cb6554eb8bf04ddafdb3f206efd05b5bca0a54a687524ba38e595b4a910303be23656b66a4b7b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e2ef18760d11c26ca5af76905c094dd3

SHA1
48e4f9e991334edb426b8d32065436d3108635da

SHA256
29cd78e784f96ad24fe07a57fa1749dad2a5e854bbb9253cf60882417d1ca020

SHA512
48e6ae6e53c4bf977993136a250fadf43fd31cbf897737b1e40c76308f328e655d9fbadb76242e2ee3f361078a157e7dd1ad0c712f42ad97268b4f88cdb8c0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e6381940284b3750663f21b1ce95786c

SHA1
6d4abfac7370e6824ca570352a9fa63e2c650d35

SHA256
1e3daa4afc15fc17ce87999b1ed7ba546de1a1759f96d3b054c89265b802583a

SHA512
2541f8be63e302107713626bdf57c4edac3a9cfb3471572c7990a56fb3b2248641e7cc6bce2ac11d282e91c4c3e92bcd7fac29bfb9af79ac056ebfebf571e5bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc5a90132df414af9db4cd642f1c32e3

SHA1
b138580f1f100774a8057fb0e52e9b2ac3bd776e

SHA256
dd1b552bd5943bdcbba08de8c1b636ab055e4ab38e756e24941fbd49f6aa6c34

SHA512
c5879f3c6841e8703518d45856f8fc5e89f297d2746ef30afc890261e7c32641fdc3be34eb36512446492803f430daa493062956735274a6a311171ec1db1119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c94eeb971c76d8f930cb056394a4be4

SHA1
8f006b4adcc8fd7b9ec6e8c54650aebad478e131

SHA256
be3f4a158bbd1dbaec14f57ca6e03b3e7138f441a550050cd4f865a9b1c6db83

SHA512
a628fc74480c41c784c06cf13d29aae52d28c5edb6415ce6285b3ac96646479cc9da37b132612a8465d21d2eda54f632e62c6bdeb2153e75254850cc4c4febf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd8defdff295f73eedca0bb9f3bbebea

SHA1
7553622997b7779c9063dcfc4a750f75ce718b21

SHA256
c71ccd503e684a7d177978f83fb9db9c30779c92fcaf47b4422b6ffb46741d65

SHA512
20d897e171c35820e34acbab81a00bb0dd09db87311c5b0b633adb01390b0e3b405e216e6f8c52cb6a0bc040b8caaac3fa4a6f994fc082ade816b4764504d4c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b9cfe040dc8033e2636e785485b93931

SHA1
2490f0036bb1f1527c441916768e450e8697ae47

SHA256
1a98635fd54dfbebc5451c7a2df2ce47d178aa5623252822e5be88e401c733db

SHA512
20a2a56b584f05f236e561767f80bed9bd40c3670c48dd90cc073a8d50744ad7db717b27b27dee21fb9d2412addef2be2356e7ec6b51bb310052809696667c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d44cd0402d721794bcc32a50e85e791

SHA1
4740597d4be0e007e9b3bcce03667aaafc7077b8

SHA256
3ddb2c42dd27d6f420df5012ab8a57da5716f42e91f0e99412db458484b5b0cc

SHA512
bd416d4378ce5f6f3849b7c17bdcf3d67cce4a7afbe1ab724b0f6d1e0e53b5011d61789f6cb1883b2802bd436689f5b0bae4c5b16900a68f5db0cd7087f1d795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ccde9f19c2dab69639e1abccab83783a

SHA1
30de90a1d0db9c875a0ef74da33834e62776198b

SHA256
7fa06f4cd76ebb5fa7139d9ebdd855583d16b9484c38ddb32361e23142517917

SHA512
126c39c5dade4441f4fd6a21085d1cc1b7700e5de603ed2679531fed38525475a20d5d3156891c29ea874f984c64b111232b4d05d4570cb4d6736e4260d8ad5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7dca9288805bc1611eda7f4b4b5332d

SHA1
371fd5fea0c3683cc2abd3cb5c633b5efc3960b3

SHA256
26ced294ebd8da417bf715c9774b783ad9620d6141695e53780d95e5928fe569

SHA512
fbaaaebd16fada61e76108a60d61774c8c4889f510e8449ff7211062f14fe9f4fa2be9cb620a080b415e46cdba6cd37a0787eb7eec50768a24d6279ea2017afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d20c140bbe454d3d664cd3b77b0536d

SHA1
bdf1e54ca01b6b881d0a93a0c5b96f96199b92b1

SHA256
f69b81ac60f3c92b7b0dd57b61b7c62f89e319c85ee11852517f1e3b3ee8f04d

SHA512
2ca0427695b3f4470a5eb9aadced1216f722c7ac4650cfafbf96d9d17b6df89db425d8813781782c0ba9621570fd2b494618db6032620c142b87cc70280354e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1983d33231476749b69423c648f7b33a

SHA1
bfaef0c36c85b769c857330ca229f1ca19279221

SHA256
8844dfb758cfe526a9b9a9e41f6309a45ab3fe3d07e861aa2deeea66973b22ff

SHA512
605c6a15dec211c6b164312d20a0ff50f50c8db08b4d31006a81127ea2c743ca367ae9316afdd195e32f8f26dc8d6cc28996fb876478fd7550b1ea34a0ef6ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
885131b26270aa5d752356f0f0c38670

SHA1
ece905840b93cbee11c2310c6b2cae1e9031e4d7

SHA256
54634f3f9259c006b2eb98668f0d16ace4a1b00fc102c0c815b9aa8c54209f32

SHA512
0caea0ba005894c906948e9c42abd4a05444c757efbb542b392bafad09359af3d6731d1e14f27c71e3554dfcf6c1da2720e5b9c42ee76480e283368671da11cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
d503de7841b22593a256167b3b5a0e3b

SHA1
7b8d530bdbcc1883b411178cd4743afd407a2d0b

SHA256
2b726d875109f4a61e61308475427b7be37c487342ef1726d029284d73637923

SHA512
bf23b2f5844bb56b38f6cdb47ad4764aa65858a03768504ce19ec129c1b20689e73339b6a6b3a686f3d252f8d3daeb9c923c1253aefa433d1e31f27ebc89523a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
5d3dcf2eaacba38a7fb1f8c5855a581b

SHA1
cd9c5094882c8036d44a580f3432261b3e13934b

SHA256
4314d92dfa8d151e3f33922726cbef9304d930adc1c5643a06e8fcb9bbe0cac6

SHA512
5ff881f671b13b817aee0e145ef4933905769d38c83b118d6bcce34c6ace89676b5275a9f5c75398457d594ac3be5e476c98639d663c3ce9e3130b1663f6ed7c

Download Submit