bc21d8349fece9e42811e44231c98468413b412b5ad3b1088a6702616303c2c0

Analysis

max time kernel
79s
max time network
151s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UnlockSteam/Readme.txt
Size

1KB
MD5

d0e3cc1db36597cb168556a6ea90a218
SHA1

50dc75091dd4e60e2691886708e97c6d21090ca6
SHA256

0eff33c482dd84c8391c59d42c472cd0d3ef908f57623d42132e826b1a696260
SHA512

c1002035ffe3d57e6d1889993bf9e98a0b630ffc1ba5acc8651c791f7ca1ac590697d4f6074cbaaf09835f95b31b6a0c77985165a3b78c84899bb6ea77b48e68

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1952	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1864	chrome.exe
1864	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1952	NOTEPAD.EXE
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 1308	1864	chrome.exe	32
PID 1864 wrote to memory of 1308	1864	chrome.exe	32
PID 1864 wrote to memory of 1308	1864	chrome.exe	32
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2624	1864	chrome.exe	34
PID 1864 wrote to memory of 2588	1864	chrome.exe	35
PID 1864 wrote to memory of 2588	1864	chrome.exe	35
PID 1864 wrote to memory of 2588	1864	chrome.exe	35
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36
PID 1864 wrote to memory of 2600	1864	chrome.exe	36

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\UnlockSteam\Readme.txt
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68e9758,0x7fef68e9768,0x7fef68e9778
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:2
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:2
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3216 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3688 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1696 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1588 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3212 --field-trial-handle=1236,i,16336645314736437557,11017646971334629372,131072 /prefetch:1
  2⤵
  PID:1544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a0b914e14ac8b238_0

Filesize
19KB

MD5
9a32b1134194de18a2c6306091f290a0

SHA1
82487f3a46a19cfb7f202e0b644666430a7cde34

SHA256
e7426767bd765c69d8ca8af7f4ba26eb5016be9340565047a8559a628b27495b

SHA512
fdc13e51527d6d02e5e8a6678daa633a533299fb9e6d7bd7f95f9d87fcc45162e5c46e54980304b512793c7af4900ef94986d0d53bf7bb84ba8a56d86f8b616a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e90f3de079e4d23f_0

Filesize
280B

MD5
7e4384a09bacc377eb283d480ff4bef5

SHA1
f4ef11af75918a0550bba96b8f05e515df0a930b

SHA256
d750b672cf8848c1234583d4d6a863f85f746b9320c4a25f966c8c552be4562c

SHA512
4dca8926f43a32e4ff7c0641f32bf1a8dc795c49e42846f7b7fd611264ecfa6944f2d7cb156c06ac911b3201aa5517f9be8b1b3c2b28e865253fe870475968c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7ccd87484bd325601af7b1b3304224ef

SHA1
fe03c25dd52b52d8757f1a8e016c25092268a26c

SHA256
f44db765aba9f6416860e011c406402395a1a934f826654fc86b990b6f04838f

SHA512
9671faac808b3ed5686d088a01375fd7108b1c2dfcc0c1350422850890523a95b96a8e0605ccf1a4e85a3d98295a8076349e3df51165f2b6c1de63159ba71496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
fd15bfd55c41508d878cc9d8df66c63a

SHA1
6696339fc26ac60ad1d0cc4369e166c0e2baa1ac

SHA256
3b703b4eba25e1f87c028c884ea9a8d35441838e26a1ebe7e42ee5c7e3f499cc

SHA512
a07ed1c49ea324145d87a852ca86048b0294937ca1d871f90b332748bcc316bc08032d4d2818fd489e2a39831748b5ab774012b2bd24ea14ca2875e64ecbe634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
cc42c1b758c96a7d90cb4294df2bd88f

SHA1
a2560c28af364ff57df0cb249f31cf125d6e6728

SHA256
ee54c1801a9329eba870e8e1a29096ef35ac6c8a664b9f53d6e252039af4ce34

SHA512
3c6035f29ef5598664c31fe5dfe46d8b5608d90185716edc7f5fd1bd0af60884dce0521a536e2a99591809e7101804594b4fe2551b3d8138ed21e84093dde0e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8d42125c6296a6e2cfab6b798c07704b

SHA1
52f885fecc25ec363230d7a21f2db85cb0a10e94

SHA256
2f8eb84d7983d77c52b0bba319eb8868eeea30e43aa2bc00c1894cd72c1770d8

SHA512
a3e9ec55c9dc41a87a304095355691bb4d2f5f8a93197aa8a37115a756806308268cae5d2a73163911f8d8fd2647d2e7a4cc8ddfa99cf7550101b4f52ee338f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fe204ba0bfb1c574b0e3df7b6eb378c4

SHA1
bcfb0c57357ac7c1652bc6b85b636050897cbeb8

SHA256
03236ccf17f0b7e2557e5695a64c8d8440cd44a3c048ec8ed8ee38950c406a30

SHA512
e11d1ca21a7d058e9b3875c7338d110767243d3a11e65327cf1b8da387501632fd499b01fa397a5ee496e5b06862c413e595a9b38d82d17f9c1b784b75d8131e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
475a67f924195d9245412c1d00eb1ccc

SHA1
488f11c5782c4c9c995a19cfd11207f86b301a79

SHA256
734abac4d5cf472548fed973dc07623b6c8aeb5dbf6ec8f15feb9ed5b6e5f38c

SHA512
3e67494c822e1d951fad25f1e94d9a65c4ccef837a524c9828fdf36e3b60534e4b06af9a245475e41783e657734ad8e79384e83d4d5c49283ddce3fe797f29cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c3e8bfc29584c039db66e3d1d3b1aca5

SHA1
17de1e2ac1a83046df5273d32261752a5b958217

SHA256
14de8c021b668ac8c530fd4098274aec1d8debab29b0d9e80fdd8e9bfbd9360a

SHA512
132cbb95632acd8ea35767de028886108cf38d496157ce3f428b819bd0d24750338f526802f30e75d143ebead3afa65c464e61da662c6363e9d539075b21fcd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
332KB

MD5
c5e6fbda457f4423bb3f356dcb1477d9

SHA1
7c6fb5eb5c11f04d1e97a92520d4e10b74826132

SHA256
7a2e8a3221dbcf4991bb5c949a79cc552bd9930f767a35153ff641a876a56770

SHA512
543e5cef26d7b0b8db80f04d0a57d6c3de97b1cc07b72dd329fedd087de55cc2b587754fc6c9e7bec68a90c3a6eb6df29cb7879ffa15de798fda6202ca42d86c

Download Submit