b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3

Analysis

max time kernel
150s
max time network
152s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
31/03/2023, 22:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

desktop.ini
Size

282B
MD5

3a37312509712d4e12d27240137ff377
SHA1

30ced927e23b584725cf16351394175a6d2a9577
SHA256

b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3
SHA512

dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247743698553919"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2236	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 3084	2556	chrome.exe	68
PID 2556 wrote to memory of 3084	2556	chrome.exe	68
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 4528	2556	chrome.exe	71
PID 2556 wrote to memory of 1144	2556	chrome.exe	70
PID 2556 wrote to memory of 1144	2556	chrome.exe	70
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72
PID 2556 wrote to memory of 1884	2556	chrome.exe	72

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\desktop.ini
1⤵
- Opens file in notepad (likely ransom note)
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8b8e89758,0x7ff8b8e89768,0x7ff8b8e89778
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:2
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2016 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4936 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3404 --field-trial-handle=1712,i,6545405122052085063,13400329964564814860,131072 /prefetch:2
  2⤵
  PID:1764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2932

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
2ad8b8fcdf26be03f0d8d0a676d2c864

SHA1
edb4e94287180767b8b5c2c04962ff574921449d

SHA256
1f393b7b118940d7281ec15c7839e64ce42b26f031f747560568f258fd8f8bed

SHA512
6db0653782ac607fa269607e3f08ef7e084e9358f3a25d5abd135d88d11c333db604b22a18bd7225d24cff4af2a2ca9133a826a49a5c6e5edc12a8b0d52dc641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d484ce947ac537d17291217af1b465bc

SHA1
74a221c25c9c70413e7b4b339acc62f8f4fa0fe9

SHA256
0e74ae3141311feacbf4b2d2bbed04feb1b54e64b7556844635a4b9640956ae1

SHA512
fe6993e4a3c2b3d9fce7554426efdb04f9cbaf39e745d9b1927cb8939a8b0fdb77efa303123b2d4c16070200afc2f3a74a8db2a30a894a19853e3bb2ba5d6ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
16af4f499c427c173e59c53b3d594e69

SHA1
5a64cb5db887acc1cb4fdd05463def940704d6dd

SHA256
ba6b268c50d648ca81b95bf3eff6888b071810b1d97aeb936373527458776e43

SHA512
be7d8c8c4d702d85ef5e5d6aaf2f79cd01c01a5853b1b74e531fc316d9a571f3b0dfdea7255035ddc16a4a248b7fd1f04aed4d959c6524fb6425da54041643d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
74d7d6d234a2c09e91a7828ba1b53d58

SHA1
b4c4b955023af51f3b3b4a4adb7d8ad2e31e17f6

SHA256
3f50e1e046f4368221f88459b224624d3186e9dd1479df5b714522e96488150a

SHA512
5e2532be97520ed703b82d2b6f1479b2380709c9fb466545e24645266530db62b0feb391c61fc001efeee6d08a04b808c2e097eb9e1a44ec50b4880dbdd85329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d63692b321e19585adef92b4fbfb04b4

SHA1
a8405d6ce46c63a0e96c596a4ef1f917d255eb4d

SHA256
e3d3115f34971251e8ff83f90c0c180b348863bceb4b48c2682a4467b8b8cbce

SHA512
79a60b319520c43ad7ebca71b057b44ad9bed2d58080bf77c937dd7da45e5ee4ec6cc57fc65981e4d170e7a66cd745824e81d457602c6f96edae1b943fe8bb52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dfe9ec0e5ffd0ec618815cff7221bfcf

SHA1
17aa3bcf802cf66c35bf7a5733d4e22d28943a5d

SHA256
23485300b990df8033563b3cffcb9b0a76f78b9a8cf2fd50a99620f60f4ff0d8

SHA512
2dac1977fdf0c4bf982f95eca8fbd5d70ea5bccb9d7d50a33c749fd4d83c98ac7d2c6c83127b228f0af798876ae90799f2bc7d3f9b2e32f7abaaffb752f7fbae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
16571d39c91e7dda05b4e07c06b6c840

SHA1
4d6348f43bcb39a7c596c6ceb06acb0f3d65682e

SHA256
6aa40591ccc45643b5b692698a6061e2bfc5d060048126a4251f937428652ee2

SHA512
b42f2ea86bb2ac66822699ad4d2bd36b97061866ec9f14dfa2bf4e913cb39d1d4116a6251ba1a2236b9ffab90a3c55111a727fb57557f104b2e384961b9e5960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d0d4443e47b3a0e0998e697f7279971e

SHA1
be1120aecdaa24c63a1e69fa131d6a90d150895e

SHA256
02ac7dc998dc04ab5ae9ba95808ffa6592c31ee87a5a5865cdd5a081fd6fede8

SHA512
7ab2e6f00129e98898a2cfd997ced676253f93bb3e8a4f431463c26db3ec867c99e8c0a3a36ab17be87a310bce4e51c99d4116c032678753c907dc7b90a5071d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
36f40c13a591cba9b9a3d05739cf0a52

SHA1
459be84fbb9ba34d2157363c664e07d6a4078693

SHA256
b7655d6ffc271efd41e4115a1017e335a81c3df0a472cb92f17c312929c80b43

SHA512
336309c4b89b9eab22070436669d664766e8a4e5456fd1fc3eb9c9446adfde16e488e9419a767718f7a33a81919c04146c1945b0f270417cb6af395144854e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit