2e156957ffdc73801662b89b1f6773434c4d13bb4b9bc1670827e399ad64aa7e

Analysis

max time kernel
150s
max time network
150s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02-08-2024 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ransomware-master.zip
Size

12.9MB
MD5

30da61eabe92b48ce784f7ee31f5ec44
SHA1

4922cfc2c10b5d92b2fb199fc6a2aaed095035e0
SHA256

2e156957ffdc73801662b89b1f6773434c4d13bb4b9bc1670827e399ad64aa7e
SHA512

648a9e6ddce09e5bf5da680f8d031afe3224b236cea9598e64e0d592f64ec0bed61e0ff089a931772d0f758a42a463e7ee6ea7ef117ad1c1453dbc2240b9f209
SSDEEP

393216:67aFd62nfFSrjIkV4mu/GyBSKb+JYSWTmq:67aHnnNmkpbDSWD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670908636533866"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

chrome.exe

pid process

1120 chrome.exe
1120 chrome.exe
1120 chrome.exe
1120 chrome.exe
1120 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

1120 chrome.exe
1120 chrome.exe
1120 chrome.exe
1120 chrome.exe
1120 chrome.exe
1120 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1120 wrote to memory of 1068	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 1068	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2236	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 860	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 860	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 3292	1120	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ransomware-master.zip
1⤵
PID:4404

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff5df89758,0x7fff5df89768,0x7fff5df89778
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:2
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2532 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4916 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2944 --field-trial-handle=1852,i,9360815511091658845,13872768842913985907,131072 /prefetch:1
  2⤵
  PID:2340

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
944B

MD5
b44f4cb63a231b004fc3edcaf3bef43f

SHA1
f1726f3b784e9293db8ba98d9d2d117b8f952a30

SHA256
81055fe864bc319a4f3772a031dca523c795aef2567bf538edc0b343987c9247

SHA512
be8ca3876c3ac8d2fef1eaec9bee130320f8c718ea0ab4f6958a18746cda99498f271725518e5965336908e1a93873ad20920e033c647938b4c0b84b61f71046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
9a483630f51eaf27a7186adfe9a983df

SHA1
83d2d6534189c6baeb3f1d60c587d120d246c620

SHA256
de260e16df9ddcb77c2fc28de4a5c19ed295d689b8f9ef41336e01376232e319

SHA512
d12cd7a5d5be95e98e80db5dd4545026e240db8774fcbcf5a4d096b841025e44342ac21b47e037486fd80d1a11f02042005c626f555a117f6aa8430c342aaf3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
492d5b81dab47e2b2654007616741f6c

SHA1
9973c0c25f0860afec6588257927d74474e8e98a

SHA256
39d4f26bd94fe95d97c0cdd3dffad085400497643afe38210378794ea6a827af

SHA512
5d8fd525f64f59ff79649d264e33fd1a7b6aeda5881808bdc20115ea33d918d41f886b4c19735fcf9f80384dc4046c1bcae637dcbd16215c683d9bb52461a3f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b6e6ffd96f117dcedfd14af3f5b67865

SHA1
700eee6fcd81c505797e2464226712b27a6fdb1b

SHA256
6b362ad40d08aca0a19387dbee4a19525468b3ca93298a1ab8b7ed6afe494636

SHA512
30d970cfa8a7c7423ff189e670c10e891e68852563443cd260cc6eec9a3f83dcacf5464bc59437b7cd3506a899845f7895750cf460f68e2e4a0f859a07139633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7974801450b07462882ffe03e5f78c9f

SHA1
54aeb612cad317def6a3a178ec795114b57b0ff7

SHA256
b153a1dad164a9fd6d52d268c8caed02f92315cd1503bb590a28f55392cf63f1

SHA512
f4a73e941680e019b073b4a2403b89652e1d7a7d7a99785a78bf7654818ca9f743b5d8e824a98fbb34a059191347756398886a22fe2aa09dc7856585883f44ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
295KB

MD5
2712875cf466c80cf304bf1f02775031

SHA1
4af3939c8a18f181eb5dbdd768e6786df23a0f87

SHA256
074a2a2ebf6b77be9dc37c1332232dc0ecfd35aa851b984cbf74433bb218ab9e

SHA512
1a8fdf4976cce41e9dc3e1bbc50240550fc2bfb371a95dd4863eddefb304b82a7f0187fed56df7a291a9fa70d29b3437d8cd3d8fe28acf7c65507b485f1337af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
398e4e678b2d297b871c975138fdfc93

SHA1
0d11925c32b52d83f089608af3d1b115208b62c9

SHA256
1436351515a7c2bcd56bd219540fc3cfbd11ff488ac9749a983f8b59e70a637c

SHA512
4bc99b39914ab39e45b40c45acd4a1a8802d5ae983f896be640654510ec2850fdeb82c29fdafbb06a6eeb1c72dee6d06da5f99b7118e27419a03a5835cab46de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
313KB

MD5
57190485bc7be95431d383f4108529d9

SHA1
d826844d687f5d60f44706a4249901b4721af7b9

SHA256
4463390dbb3b29647968a6d80b032863d1e0875ccf5927664cfb03210ba70a00

SHA512
ca6d8e53b684583dbff61f1f0ed32b8d06f10d49bb953344a704140a670e4ad56c228643cca4cb8754b3d8d3fdb731e018fd4f13143cfb2f2d90e7255bd7a717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
294KB

MD5
5a31dd4d3b8ecd4c11cbfce8fd73b734

SHA1
ea8178ae4582f8471b6134caeeaea189c46465b0

SHA256
72ac8afe4e48592c7a43db2f6d1737c5d0458d31108022b9a26e0d4e7bceee59

SHA512
e112e2f5a557e3bfb23b8977a694bfe9a8ad327a5c623c029d5abe71264c0e48c9de916456c07a761e1e5418b0e4dd6aa802e1be062dec094c0e5530fd53a5cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1120_GUHRTEDIMPZUDJXR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit