5e401f494824e6c7924b6b920990c45ccea658119b6ae6c0a248d1c801864472

Analysis

max time kernel
149s
max time network
149s
platform
windows10-1703_x64
resource
win10-20231220-en
resource tags

arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
submitted
29/12/2023, 06:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

h3tLrDU3Q7q.html
Size

2KB
MD5

28409ac6ee7ba7247a0306ad113fb398
SHA1

51c14e013dc638f5b6d5014af67b7cfbdfd2b4fb
SHA256

5e401f494824e6c7924b6b920990c45ccea658119b6ae6c0a248d1c801864472
SHA512

7af763845de3d753bc3645417785eff37b6758c471288857f1ac06905a722aa0cb09849539960f53654320a4e7c874fe0e8eb69abc11c0a355b0bb70a5614277

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133483041255880650"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2208	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
1580	chrome.exe
1580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 200	2408	chrome.exe	74
PID 2408 wrote to memory of 200	2408	chrome.exe	74
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 2256	2408	chrome.exe	77
PID 2408 wrote to memory of 3244	2408	chrome.exe	76
PID 2408 wrote to memory of 3244	2408	chrome.exe	76
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78
PID 2408 wrote to memory of 2988	2408	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\h3tLrDU3Q7q.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd33459758,0x7ffd33459768,0x7ffd33459778
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:2
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1952 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4968 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4872 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5356 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5696 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5316 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\HitsPP.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4344 --field-trial-handle=1816,i,13820650467281792651,5387411495692690986,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3fec5c2359ae19d0306c3144b82a1f4c

SHA1
b3f12ae5f01c40437eb867c28a2126994ea8f5f7

SHA256
79703a4e19f6deb51b94372b46f1cdd5bdb3c9f0ed64b5db2709d7c94effb18e

SHA512
41f612f99092b08c4190da5337a95ae3d7e1dc0d68ed57cf55cde80a4de8b0d9f94f7b864697f5fa6f1b8daeaed72e302cc61ec6ea24949073f0f424912fb159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2bdff274c2d94a6c77efec2a092bed1b

SHA1
22da2c303a08c59e59697f447f5f471dd5c869d8

SHA256
1b97e9b3bd7b4f3674967cf574de47b5cbc99ec73a4d10056663494d5a476cc4

SHA512
22702be204f99824dcfa93d49eff3e6c0ea3e14888395cfd29146e666502d691c51697a1eb8a31128357ab70f4b10a1c24f7c156ba3a735cb7233066870a1e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
ffb2df43157c07bb08c9115a9682ea8d

SHA1
c2eb9a73ece499a5623a18cf8ddbba30478c1722

SHA256
41b17c18354bcf385117d5dac2c14f6427d96fdd40c054fc9a38193d9bd366eb

SHA512
b1242c416f21a735cac081e4edd20258e9535a4bb5f932c4d42199f364b5a41bd80f8cc6fe0b243a3f2774d25cb056fdb42d3dc3f55b9da86c306288359a19df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3ccc5bf9cb8ad445fe90fa63f5a7a019

SHA1
10dfd76014f3c0dac441301e69f859977a92706b

SHA256
632fe47815fc5297ebed633cea250d9bca72470d9fd199c2d365264e82580ff3

SHA512
ba5135b073865031a9f22256cff6e2dd73f7f1fcaa34d6299a4c6a31a6cac959882d7ed853ff72b56c45acc780780c91db20b7599a40146c8594be00c844ae46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
15e78b3d782c804414d636a9c10c9f1c

SHA1
aedafc4bd77adf3daf7b373f8ffb2c97025f80a3

SHA256
11fd16dcc0146e30a316d55028e50567e3bea2cf9a43da40fd1fb6751cf77b36

SHA512
069b3e0b5f09e73171b7574f69690fd98d1a80fbad2737487422b86508850d56e3e15187afa2ef08f62a42d7adaec3ca1036322d4b97547de9b13c0b76e39c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d0fd6a3ea180c80b99f2ebe2809239f

SHA1
7ef119974af8b2f65d3271cdeec4a9b295a8b29c

SHA256
1e2a8c51e8055df2c4be9d9dbb867f088f1c8349415b7ae986e90ac7ad22b803

SHA512
1c018f7cf77a73535c679ffc28da30b849f8810eb1dbf08639bcc0d26e79f3bf8ae7229b5bbc6fb3093ad5c958c85fdd523dea76e43604c136b959b63d831e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b9795049ee5f006f004fca69707e390a

SHA1
0bdb87bdae846844db5b3b958d2fb55fe1d17dc4

SHA256
923d5427bc90bc15027d3b7569d8d7e69503ed97a90919ec44d618b3c95882eb

SHA512
6d19aaf568c997a15ecee817c11f27b1d48d5d658faedd45ba90623dee7d08bfb115ece9313bf48535ecc1a921009896ebfaca87c9e09f18ea69bfefe8bdca15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
bbc4988d22a3788ad623af8c29db543e

SHA1
98074f087d5554bd322f704345895887250f5020

SHA256
f963def8a12d99c973e872d815e5990c997c158b68094733d33df44d15f67a10

SHA512
2f0ea7e45ebeaec3337f414e253697bf44649216134f76684f87965ff8e4e23c8435707243cf297392474bd5ef29e6df319e65d5695f15754c11ecdc343cce46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58684a.TMP

Filesize
98KB

MD5
1898c52267dd4814795e24c95af1ce1b

SHA1
6b54d38b06eebedceea5dbcfb0d32945e6e02605

SHA256
7faca941c5aeba43cbe3424c4085da0cf3368b49a3c5a3ca01f125b5d6b6c6b4

SHA512
a544081b4f3ca1c38bbdbe99026b5797ea573697c52305390ca6c2194775d1541d8e258cbd315f4e6216c8788c51170ccc15b80f70932ddcefb3c9994ee8b275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\HitsPP.txt

Filesize
54KB

MD5
3b38a2bbfe51e2f2bfa2fbbb4fa46f31

SHA1
4056f4f88799aeedf276658ba3177a44fac3afe2

SHA256
b88588b3a373b7b6920237f80d4e101a41df2280b181408bbd9f3920e683b4b9

SHA512
c05023cc1353c3b8632b3f26066d2665c92b1dc5c89c4138a679d0943c2a68eeb8a753aff34ba142e0b73f312dae5adac0482e7d38ffdf7b2753558a36683b23

Download Submit