hxxp://mega[.]nz

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mega.nz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133416758190247380"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4520 chrome.exe
4520 chrome.exe
4520 chrome.exe
4520 chrome.exe
1772 chrome.exe
1772 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4520 chrome.exe
4520 chrome.exe
4520 chrome.exe
4520 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4520 wrote to memory of 4584	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4584	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 4036	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 3884	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 3884	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe
PID 4520 wrote to memory of 1672	4520	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mega.nz
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff79119758,0x7fff79119768,0x7fff79119778
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:2
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3680 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4688 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2748 --field-trial-handle=1896,i,16684105287371488328,1307706652012963628,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
aa963e19b3b0253963e2761af9d4c0cc

SHA1
f81001af35adc163aa8d6d6477eac9a5f4d54f07

SHA256
37020f63e1778024a094821311c6f6af7b682f2b4c5fe4ac4452a1561dce5a45

SHA512
c86bc81c8476d0fa10238f402ddc37fe4eea15f175cbd07824b25f3e352dd340fe02ad615fe08a62a6eb3f2962e399d245bb45016911d6543571e30fc0246d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\352b7cc1-4270-408a-8075-548bc20e6af7.tmp

Filesize
1KB

MD5
27402dfc5aa6487581eb94be47b15b71

SHA1
56ebc2345d9c9c4cf47e94bfd1604ee9f1174d1c

SHA256
3292d643d2e1e13cdd15c06e39d5e78a66a69d047dd9a91a8265811ec6ba7b4e

SHA512
c217e771b7c5dc0f9681a053916c38902863cdf51de7d2613d7f3f9ba47b617d461a29d09be4a46b02d6bade69f44e8999d62a96268a590f0e2a1026564061c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
e8e9b61a8edd8de4897b1bb02ad82dec

SHA1
6c21d107203af2f080dc99997ce00aff67db778f

SHA256
367f7df31493e18a20aa074851a2343de8455a8ec248d3e9be56408f4addcbb9

SHA512
0ef01f6a9a9417a9fa472b333a3a6bdbe7126b62d7fdbbaf1baede351b77d031626ae7e64bd27523f0065c86a6eff831f011ea9f383fa60982bea46435f71f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
94fff3d015a13f9bd0eb219e3c5ecbf0

SHA1
dc1e291ef92082d65208efdacabfaf171af0d904

SHA256
f0c74be5d0ba4562dafaf13d15e86efdbd0dc757306ee6c626b5c461e3a2cf0f

SHA512
e272dd5465f86c82f1e244f29089e829153eba5a1d0fd59103e5a8193d51d89b26e36a2329b2eae4ad55d1625eb085b012a37ac7b81a3e79dab82ccc76fa4c17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a7fde03393aa62a773409930f1b1723

SHA1
c94a6b6dd4c74e57d0c67c0bad7fbe1164ae3656

SHA256
5c0cae61f669c779e6f78a901c97da6f41053e84f020e188627b0cd58b263deb

SHA512
fb2fd30dcd6118e334d7a82adc7aede8e07d1dc5c8fcf02c0083f97983f0b7b57c9716a7a9109eb1951b5ac45c9b97a19bd05ff27b82b872143c9f9500c4bb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
19eefbfa4e36ce6fc696372ffb785942

SHA1
e1400904fb272349974cd24c2466caaa2132aee0

SHA256
7a6cd22b0cd562a5492cda06c39420deb9496c52b58eb6e41a38875441ca8edc

SHA512
bd06afff300bfc5901fa137c9dfd37c686bed868524cd4a20feac6e1841735c57bba2161d7279c537f6325bb484944f972a0159c8c85d41a7ece2946ab83ddd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac75369f84b4968bee2ec96f827520ee

SHA1
c1eb56a16525e7bf45ab4b11d7a6a5bec517f483

SHA256
cd0f87285b30e79f277a9d6eee5dfc154e867eacba0d146d4c04cf6085518aea

SHA512
ee159d4b0f746903086ac6b79cfa76269c82cecbc9bb4a3e92d87c5ce7ac1ea8f3fb60f2d74b38d58303f92a8b9f3c974edd420226e551198a0ebdd512b0c5ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
3338edb4d4d28c4c62c23ca24bdef717

SHA1
5ea6140b1a93fa8f19c0557bca4d11908925e5d9

SHA256
b788e10c20bb8778c3cc62039374c0cc43226da8c8e194157432d7ca287cb437

SHA512
e3158b5c8fdf6b28c4185af1eff7d0f93c345f7c56d54700eab5400ec94a7b449156faeb20aa1a693f39084e1039167af395cbd3ff66a3ccfbe33381988dd9e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
42dfd919a0d2602512b95cb35b10d4c6

SHA1
c1401f7d5d37f939c6f5ccf4e3a42684087057c7

SHA256
20587649ef8dabf15f854d89a48286fb32700fe3a00989c1070e0ccb0a0e62b1

SHA512
630f26af76f92f41d5d1fe9529b249ac3b2ec9bd4c7a97d0e93d7cd89ee314a14e121067012b0772a8706d4e2971b51a5724dc7a54bcab4ba192f776f711fd25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4520_LFZRIFMNUPLCTZJU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit