hxxp://f[.]actualtechmediaevents[.]com/tual/7dm8aovUkp7ewzyUe543Udv17rlUqb00Ucev/2/s/survey[.]alchemer[.]com/s3/7791146/2024-State-of-Ransomware-Readiness

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://f.actualtechmediaevents.com/tual/7dm8aovUkp7ewzyUe543Udv17rlUqb00Ucev/2/s/survey.alchemer.com/s3/7791146/2024-State-of-Ransomware-Readiness

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570623468340175"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
5740	chrome.exe
5740	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 4552	1400	chrome.exe	93
PID 1400 wrote to memory of 4552	1400	chrome.exe	93
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 5048	1400	chrome.exe	96
PID 1400 wrote to memory of 1380	1400	chrome.exe	97
PID 1400 wrote to memory of 1380	1400	chrome.exe	97
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98
PID 1400 wrote to memory of 2996	1400	chrome.exe	98

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://f.actualtechmediaevents.com/tual/7dm8aovUkp7ewzyUe543Udv17rlUqb00Ucev/2/s/survey.alchemer.com/s3/7791146/2024-State-of-Ransomware-Readiness
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9d1b9758,0x7ffe9d1b9768,0x7ffe9d1b9778
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:2
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1248 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4736 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:8
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 --field-trial-handle=1908,i,11862159857479852407,8442439324301552112,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5740

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3916 --field-trial-handle=3408,i,16599691418790971742,134777455365707676,262144 --variations-seed-version /prefetch:8
1⤵
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\925bdb45-acc4-4b5a-9612-fbe80de4aadd.tmp

Filesize
136KB

MD5
f24730d880d54db06c5b69f60d38bc1d

SHA1
6f287845351edd4818805f8b8b416786b2e9a480

SHA256
aa8fb1449fbc28fd41342a2db3ada385ac54a8fc73dbfe556e40760df60df988

SHA512
49258fa693d6aca42ba3e694ce12a72fc0054e062eeea623251d684c363278a5681ccbc68dfac9112d041dc2eb78792aebaf45ec670036e76f83e407be656c41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
720578389a3d573081789d34aaa7e4b9

SHA1
35e16140084ac1632c222fe69a21811df1afaeba

SHA256
eada39f3b42257dde178ad54bc36d71b263afe88601c57e46c76d21365b1ecd2

SHA512
32bb49e32b4560ae526a713318b15695014263ff21fa27c65e811ea6ee6d15bb06639fdf1377ebe9ad06a12ec2fbde20b786d69628b5fefdb203e457a513e2b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5dc388bab772e1c4f6bce655d829d0da

SHA1
559f60aa790ca9184d6aee25c53747db93f3c24b

SHA256
d4b61d4df818fc7c1457e1850cba9970eedf263e3bad54be96ba4f21822ea664

SHA512
b1fcbc6cce59c51b647f490c5bdebba1d7e487e9d2292d4f2dfbd15b0dd9ad27b4a7c83e18eedcc8d16d42108b0116953b120c654af63a8b4121bd0ba70c5540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c9dcd99de04f08f2b13f260894f085aa

SHA1
601413b95a81875c014fff7d754869688669356e

SHA256
2e0cdeaaf82e6dd7df6dceba77370c4937b5f24b4b8282d3e542c4c2a467c075

SHA512
6638831ec4755e3ce39ea368a0f98dc687481ff73abab7c83dbca4b91ad54db526ad178e245dca958a8169bf343b0de9641c61971384b7d1816d5fc5ed59d8bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e6e8aee26e596cac95227111907ce6b

SHA1
48ce61cf7a78eef783eb13c984b59fdf0d5d1b89

SHA256
4a1f0c762ced393480ebc5fae4a4a9c9f164342b8dc16e7897e4f24e9d45f9a3

SHA512
ce5b5e59d540993be02ad8390f23172d2122d306df6dfc7e6567e56bf8ccad59373c4869d99dcbd5c8a01b01d0eef40b042db31d43044349e299fddb1ffcd0d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c94547e422fbdab3a865d68d67311d38

SHA1
ecdd6d1481bf769434a5bdf29bf8f9e36ad3f7b4

SHA256
65dc54e8bed1fe336c43a8d802e69ed95d775a2275006204e42fed3b2f5f121e

SHA512
87ca23a8b96c3d5f96657714f7791a9eb68a5f2862f10c9e805da43c82cc82d131eaa4caafb77b3eeb59919b3abcf957c860049e043a2dd085a4dbf4bcd6f8d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21b22c1382ecc59b776003f6063875c2

SHA1
0322823636b3cfd4704f04aad6d6bcd8be53cac4

SHA256
16e4a81fe9e2d9b84c5a313ac98c80c54ad94e9fabddb9adfda8b5f969364747

SHA512
bd0df9a7e6d505fcbe7cba7c1724338fc351bd2fefcf6e3a00afff4d04c29af037051e14f3d94c1eacc68e3039f624d924ba890f2116ca183e44f95cc30ef544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
168KB

MD5
c0c5c4a8b06d230dd25f99813ea30ed9

SHA1
110041e52bcc3f52bc85a44894eec879756fe01d

SHA256
9e91a7833faed88bbf32abd0cec18127fae911ac24088f53a903a2653169694e

SHA512
4bb8b60877eab0dfcc1d51c57fd56b90daf263da9b8a002d7ff4106419437433b88f79e34572a27414c380013b555cc6767bffedcc5511f90141aeb84b9c6cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
eaa134556bfa0653597dad301ecfa4cf

SHA1
f836822083d78a56cd57133032f2896a35243232

SHA256
af0dcd2c91788b09bfe462a3a43c325cd1c169c58c09d33e3e2335415ffe9e5f

SHA512
02c14bcd449262cde26fd5a0fb80ac4ec18693f6a5ca67f0501113e514079a2e7c1b9585fba4a3618515f0b4fc9de15f89437dd84998f69f458935c0398b990b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
03f122adef6387f4e1797a853ba8233b

SHA1
9a823e4522599ae5add78f64b68d7c2646a45553

SHA256
5462ad07c5aca0ba9671bed09af30adafb134740e35db9be2b0c82eb91df5377

SHA512
022e0ef9f449c82161cdc59e9b779d87e9a65446ec96c4e9c84842a44eacddd93a8864e093d3247601eb64e1e6cc59c959865b4ed4c76cb6c72234f48f149dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit