eb3f85c3d94230f89807de4642d7a54b603cb7b35d0009057ec3c4d78dddf272

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

target.vbs
Size

854B
MD5

eae951cb85656cc231f19829f9550ec4
SHA1

412416ea84052b16ba7204e8260577c99498cfba
SHA256

eb3f85c3d94230f89807de4642d7a54b603cb7b35d0009057ec3c4d78dddf272
SHA512

888ce426a1eff7e6c5e17b254df246e41f58ab3e7bda2429def5f69e0b6070fdb6d395441917f8c4eaa8426b4767772cb725218599383743cfe7c7ed743802cd

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
1904	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612101984453397"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4592	notepad.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1904	taskkill.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 4592	4764	WScript.exe	91
PID 4764 wrote to memory of 4592	4764	WScript.exe	91
PID 4764 wrote to memory of 1904	4764	WScript.exe	93
PID 4764 wrote to memory of 1904	4764	WScript.exe	93
PID 4764 wrote to memory of 4532	4764	WScript.exe	96
PID 4764 wrote to memory of 4532	4764	WScript.exe	96
PID 4532 wrote to memory of 4964	4532	chrome.exe	97
PID 4532 wrote to memory of 4964	4532	chrome.exe	97
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 4492	4532	chrome.exe	98
PID 4532 wrote to memory of 3384	4532	chrome.exe	99
PID 4532 wrote to memory of 3384	4532	chrome.exe	99
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100
PID 4532 wrote to memory of 4240	4532	chrome.exe	100

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe" C:\Users\Admin\AppData\Roaming\note.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4592
- C:\Windows\System32\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /f /im notepad.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" www.google.com/search?q=what+is+the+problem+for+Admin%3F
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca3249758,0x7ffca3249768,0x7ffca3249778
    3⤵
    PID:4964
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1912,i,12520333972425329023,6628573663560581540,131072 /prefetch:2
    3⤵
    PID:4492
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1912,i,12520333972425329023,6628573663560581540,131072 /prefetch:8
    3⤵
    PID:3384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1912,i,12520333972425329023,6628573663560581540,131072 /prefetch:8
    3⤵
    PID:4240
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1912,i,12520333972425329023,6628573663560581540,131072 /prefetch:1
    3⤵
    PID:3648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1912,i,12520333972425329023,6628573663560581540,131072 /prefetch:1
    3⤵
    PID:2984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1912,i,12520333972425329023,6628573663560581540,131072 /prefetch:1
    3⤵
    PID:2544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1912,i,12520333972425329023,6628573663560581540,131072 /prefetch:8
    3⤵
    PID:764
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1912,i,12520333972425329023,6628573663560581540,131072 /prefetch:8
    3⤵
    PID:2336
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1912,i,12520333972425329023,6628573663560581540,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1496

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3800 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:1088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
59ec177199642661189edde73ffa6e91

SHA1
151af1e9995570f3dd7e87aa71c9a5e510fdee0b

SHA256
44d6fc303fa62109f0b72db5afa178c21f314477e95a30688a793c6cea46d11b

SHA512
f363e2175e6e000befcd8da572c026c841a108f3fb93cc6e6424284624cd935d3d1414322ba1ecaa86b316452f6a5c529bf6f2861562579f71e2144c0dc43587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0c9c951b325ba991a75e6c2c83d6bf4a

SHA1
0079df004fd89da1ba293d4b90384c79f8d43848

SHA256
bec8cc88ba7e009b25e5977bc35b044a15db8b0e412ddfcaa7ceb335bfe6fed1

SHA512
02b33e89abc9802a119d44fb24458c53e5416fe3a94e6cc7e2824b62c932ed7821a9e9c56f27942c2633363be36e714c0ebbfecdc3edf274f8c6dbf75ac39e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
9b2c481462072dd362db362eb0ae1063

SHA1
1f0881dd212c5e342f024f36419b163145ad28b4

SHA256
212d36772ccdd4204aea2086c2bf0e67cf0b153ab0e6833d65d7c265dff1b93e

SHA512
cfb8e11c7e24615f7e68458466acb186f79ad254e465fa8d4635cde5d1060c5f329021a540503929f2c8dc0b61ebd0e4414edf1fb566854fd73f773dd154230e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5cf07ffa48f03dcf6a608371c7ccebf9

SHA1
d04a262a07ad708570d6047a8db841a2a17bed04

SHA256
9b244360313c6fd96f9245f90f8ac1adf14cd33d81f95431450ef2341675447c

SHA512
14d1665da9d94af2ce393023979ab68ed502a39b5068fbda5029516587649f4fd5b0ee1115dc552dd06de7b80d75ebe44c3966777c4aed2f44816fd7d42fc4fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75e34aa0baae834f17982955206db3fd

SHA1
440b3824dcb946b94ec6481b8eed60ca60b6ed07

SHA256
3eafa362f08749a00e90877dcb0a13c8581b6932caee00f2030658c8acda6744

SHA512
a4b06e11f88b40044bca325482383b79cfeab756ecb0325e1cfff8d7adc2ad4b0d8b43fd543cc3c4ee16c5aa676a87023a1035e3a17cd6aef12a84c4df271417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4b98327a97d2af9b82a54c00c7fcbb55

SHA1
0a66955311fa98f930abd7ccd0c99a9aa7db121d

SHA256
22fad793fddf54f0206c25549912a1d8176e08529c0755431879edc2a1e163d2

SHA512
3573f4729ae84709927fccb0fae2a3bff3c2be723618d016f475becd82d093fe9df2fe1650072b62e39d65ee9d14d6ef93a93267cec2150e2608fbfa00456de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
269KB

MD5
bee103cb277cfe5d6f78f366a46577c8

SHA1
40d99ba13ac2463dc4581d5b1c67ecdcf2441c5f

SHA256
21fcbb45bf42722eaa1448e742546b9544168705ee8a280720c0b02c3570e3bd

SHA512
e13b69a8338412e85d79c3adb979b0d67a20bfa87e0f1f03a8c0b82674d9784b22040f0f7e7abd7dabffbd06241d8bf1cd615716dd4fd5f983db8fcde32c06a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\note.txt

Filesize
105B

MD5
7974a453105fb964df9cbdf56bd8f998

SHA1
f99e67104498c6a19323cdb636f3edfee2f89119

SHA256
03eae3a1fc877ce36665bcf5c4f6b2614059447b454132083e3ed1eb439e00f0

SHA512
243e57c7f65de4f0ad505062bb80f06b2342d515b0f55bed8978f51367e517c42d60df5d85d83fa5f9ec17f076d2ea40fe4eefed7fadc2e72f88fad57c63d107

Download Submit