hxxps://mega[.]nz/folder/6ptiBJ6R#OSp_JxqJ7ee8IxR-Bkt11w

Analysis

max time kernel
1800s
max time network
618s
platform
windows10-1703_x64
resource
win10-20230621-es
resource tags

arch:x64arch:x86image:win10-20230621-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
03/07/2023, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/6ptiBJ6R#OSp_JxqJ7ee8IxR-Bkt11w

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133328587458809942"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3308	chrome.exe
3308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 3816	3908	chrome.exe	66
PID 3908 wrote to memory of 3816	3908	chrome.exe	66
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 5012	3908	chrome.exe	69
PID 3908 wrote to memory of 4220	3908	chrome.exe	68
PID 3908 wrote to memory of 4220	3908	chrome.exe	68
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70
PID 3908 wrote to memory of 3736	3908	chrome.exe	70

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://mega.nz/folder/6ptiBJ6R#OSp_JxqJ7ee8IxR-Bkt11w
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8e69c9758,0x7ff8e69c9768,0x7ff8e69c9778
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=256 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:2
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4844 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=884 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1756,i,7497189896189769901,1806685477267032650,131072 /prefetch:8
  2⤵
  PID:2208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xf8
1⤵
PID:4520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\495fed90-dd08-443d-be0b-e0bcd16457c3.tmp

Filesize
174KB

MD5
7cf7cedab073c3bd2a10b83112ea306e

SHA1
197adb2995a5a2b7e34b51195ce5e698148afe21

SHA256
38b4c90827b5e1bc9d82e78219721f95f58ebc701ca2064ac147978e26f23bde

SHA512
288191b91078ce563add5108ea2804a9e3eae32457ca27eef94fef4e5366b4ec0262db7d9152bb4c3bed35f379f257f7e6973dfb034f4f8e2792865a1f14a544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
36KB

MD5
f90ac636cd679507433ab8e543c25de5

SHA1
3a8fe361c68f13c01b09453b8b359722df659b84

SHA256
5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

SHA512
7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
773bceb758b9135f85c6c1f6ee168f36

SHA1
28da5c26e7ef25dd6a6d10a1ff102a7382801fdb

SHA256
bea8bf5d722a7873c68bb5158438a65e47e325603ebf3751a79827ba63712619

SHA512
66477904466af4dc9c5eb0c75bd53c282c040f860d209ada7fc71f549edf9b217845389d0a400792f3025e70295ad66b2a391be134770d64c830a6d7d3ad3bea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000

Filesize
1.9MB

MD5
b4ad978e9b5172dacf6b0dc976fff78b

SHA1
84a611f17857aaac26763a8c685a03d5eb857e45

SHA256
d7f4be051d3c7b3ba7325ec34d6a6a1bd7b344874e28b1596c1af6b09ee1666a

SHA512
465c972efb422af9f18e7c720be72b779eb0f40053455d9e3c8cbac66afcb87ab0167f7bebdb6553c42a242a327e041d7fb0d563d4cab20c6e45365f81911a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
33ba9580e0ccee28abfa1bc5064322af

SHA1
dcd0855faf4eb0c54e328f0654451902028e40dd

SHA256
f84886a2b6504154287fb87725a3f02a0628e4ca7e99986f789fb135956bc5b6

SHA512
989e54859ddbbc6c8954998c0a75b77485c1bd65c3f00c65bb06b4afede66cea5c63b2e661d26d8af7e708a70c4294de9e1726549adc57985b84723c9c84bd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
360d4f7d9e8a46f7873887d963ee8d87

SHA1
5ff224c075c3c8640b8586a160770dc3bee281ac

SHA256
4bdf7fb9c123d9a61b9745c71cdaf0ba5e9baf55569e61c809c11c0548543d6a

SHA512
a5d10fd1a69a2ed5bbd1f7aab636850d7b3b0a31ee1eba776fcb74c32bd8ff93109ada5e093a89272fe50696d0755c09a1326ee2da3e78f15eb08bd6d0c086dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
81ee9618e07426a1a9b384a0607cd509

SHA1
8872065ef3be249022147058f1191143027c2092

SHA256
6b30351ca4af9d592a9a40b119d8f3ea515010865b2139a9da729d5b319f9751

SHA512
be1e8134dbfe1a5e5066f79266587befcd36a11e87a6bd590da40bac55bf2b633102a0b4cf2ea123f8b5abaf85b61e74233b4c0cfd07c110f5b8a24662ed25f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
600ca308cd29cadb53f3b7cd894b2450

SHA1
ef01c1f7c713a74a539958460bcf11a22d6570c2

SHA256
5c9a5cd44e8d9e16aa3ac26ea006ba7d0f613ca322c03acece01701ab2c1e9cd

SHA512
feca18bf0490fa33e0aaa324fafed779b18c37373dd080f2576baba5a5a5ffbea368891c4e08690eb26e1d2fac62a16efb0572819ddbf2cb8d9d9aaf9850e264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
00f1ff813a58a601dc1e291673d2d0df

SHA1
309e3453108c7c32385e61c74f40ac7f91fb2966

SHA256
639c1eeebfd776aebe0b759e02c56e1fd852bc3020a51709fef877ba7537a262

SHA512
0aef3dbedbf29b18375115d9b0c19872c8e21ecab82f56e689cd1eff36c954cf8388c4e1fcc96db7d77f27787086c942e9d3fded72ca4e3483e72cdcb6075656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bb0689d446b690c4f4d42515c359ea19

SHA1
23d1374d41582acf28f97601140aa3b5580fbc9a

SHA256
19c0b5db42ea81616669113fe55eb607a87be7be25d765073d73298c5a953c21

SHA512
fc81ae8fcb549954b1d51c5151edbbcabb0418a3784ad309a904d342dd7a5d796764acea4d5df218c20a04b20f8ed952b5f0b2d169f38d89b0f28f165b8ea317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b88642377825e14441f232887be110ce

SHA1
74caec21acb432399a33124df11d962c33c914e4

SHA256
db8dc733ca052c4acf8991536c52b5ba8cc7e54f77bf9261b0602269f345d81b

SHA512
6b79742ba131f324a5a92f8480534e319d66426dfd5ed02fc71b5b41505c990e43d110f6703033925a74d3ed9dcb24ad705e226100069229f0e2cc3e910d9b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56f9f5.TMP

Filesize
48B

MD5
9757bc9428b83f56a98439ac4124c359

SHA1
2055da2165641a1ffec9b92ba460096232fbc306

SHA256
c1ba34d4f4275fe7afdbe49ec76fca2e5cd678a131aa6586b11a1872b2135582

SHA512
c4ef5e2ba4b6b0d15d9414ed5262ac3459f40cca98b1f8422a7712f2343ab7c288ba864310fd0bfa664d033124332408d8ab1ca84a5f5701c76fba3dd01955db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
41ebe7c5fb809003351a518483692c51

SHA1
3e53c5d61cb657dbef882875814359fa92fcbd2f

SHA256
8e5ce574de5948b2e495fce5667e676756032fbbb14bd55145380d253e54f34a

SHA512
ef9bfe79d7e9d7fa3918fb791c86d75bdb8356cacf43b2f88b5b0072d080dd7600aae6de4555bf8aae27785808623aeb14101bbfc2e2389168ee0e51af0e40b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
88KB

MD5
3e2d4c494823c941f9533478232eba63

SHA1
c3d9567d158f1b2b0625762f62555d7f28685717

SHA256
cd52b9771c85f8776d9a1b5f61d677869e196584a80ad7b71396e102b2ba1db5

SHA512
6b92bd518477d4de77b05c8d3e0d4798a3dcde4f67409aef3d12508119c94050ddcd4f3e6967987dd3aca48e85e7667ace7cf964a6ec2385195c93d6bdf2231e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
8557b96d8888f01b05448d7b6bb69da8

SHA1
ba36163aa7355391cf17537964986cd7a062cd96

SHA256
f4235843c87f064c1d0b0b955a32a6900064c18de6f8653baa6e7f311e1f05d7

SHA512
fae8398576f99d433090ad3a26ed366d77664d18c7c6d83ac6a923e2a41809f10960b1497af46e6062956e23575ceeef32ef3e2a3b481a7cc731070b10202033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
6c5d0f46df5d1da191c54a1b10b52e6c

SHA1
2e4be0a8f41cd3d0fd8b407fa062cdaaf124f5b6

SHA256
753eba17356c17a6a7b0bc84cf604c09405ceb154894401d2850e5396f85c402

SHA512
ccc070bf8b3714d62f38c3ed30f35a3b966ffb5a6334f5514debe771ed2fd2d54b6877f77b45ed1c9c5578d4a4760e7a3e6bf655005957cef94e31fa5c7af450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe61a528.TMP

Filesize
100KB

MD5
40629962070815f8a7b389512ae33702

SHA1
ffd0a6cc7dbef84079a99ce65812e95ae3cd277c

SHA256
7c6e37ce35967f0cc337255add97591ad38a64978b0a7c6add34ef0f1d8d6605

SHA512
0559daf130af4df5ebe525c6c8dc4ea57aa76326a3828e26a7c6f12e5aec4f52354334f95b2ffcf48aecfbdfa1e77be2810309b700559eb984a4a4e2b09c29f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit