hxxps://apkgk[.]com/com[.]assistant[.]tripdeal/download

Analysis

max time kernel
39s
max time network
153s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
27-11-2023 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://apkgk.com/com.assistant.tripdeal/download

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2804	2800	chrome.exe	28
PID 2800 wrote to memory of 2804	2800	chrome.exe	28
PID 2800 wrote to memory of 2804	2800	chrome.exe	28
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2892	2800	chrome.exe	30
PID 2800 wrote to memory of 2568	2800	chrome.exe	31
PID 2800 wrote to memory of 2568	2800	chrome.exe	31
PID 2800 wrote to memory of 2568	2800	chrome.exe	31
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32
PID 2800 wrote to memory of 2472	2800	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://apkgk.com/com.assistant.tripdeal/download
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6869758,0x7fef6869768,0x7fef6869778
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1756 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3224 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:2
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3324 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3592 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4240 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4220 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3312 --field-trial-handle=1364,i,5453961417371394397,14505259433120560400,131072 /prefetch:1
  2⤵
  PID:2396

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3a9de60d41f3c274e8c20349b68dfc9

SHA1
c1a0d866c7c3895d04f80333d1bcd0db950f9cb2

SHA256
0cf70aa502417154ab44aa47d0a1a94910b5a33e59759eba880e58b924a0f9a1

SHA512
16673d9279fc04ed7bc3092aa6bd4d9ad09fc5fe8ea68d8c92361aff57daf72dc1c0391173b5953f2b53fa03a6a5b79c5e8349dc158e5cf41168f08c2251581e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ad101e3d54dc83d100f9e6c629c61cd2

SHA1
0a9b98bdbe76337f259af8c23f50d1ee6152743e

SHA256
cce6f3435ce814a237921f34057b0014ee32d8d25510ec0cff51c4cd02f6a576

SHA512
e85d8b61d5c0cec9347aeacacf1e233e9ca9f81ea4e501f40d523bc5879dd273220ac9a75dd65a21dc48f53e04035851c9b979d3240ae48a632356aa2fcb1a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9466670cd213c3e198a952a2d3d36809

SHA1
7c6bc84eed14efa6c8cc76883b3aca229f6fefc9

SHA256
a7d41b123d621bb91cd88b63b83a83b1ed40d219c9f506eaabda8100df633c1b

SHA512
0f49a7f7cbc5bd17f46def24cae7030d061b49f9223e9edb9da4fb1b27668a18ff34678ff63af12be283646955ebcf55698ed16720d85ef6bfd9ff8c10b562d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4c896bec8bb37268c4f3003d867aec64

SHA1
9896273116d5b7640b49e257aa1255d5baf2f53a

SHA256
8c7c9d05c4df79f4ac12ef58e47125f37bb39fed2d9d8baa31e445671767bd63

SHA512
4624cd23eb53640e67af50baec9979a5bec7c852c18523b58f9cb28cf4c802ab33f7549e9c0197d48c9799e05daf059e28d495c4ca74e624c02d942036f0622d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf76824a.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f06f254b-14f8-4123-83c0-4d74ef568f9c.tmp

Filesize
5KB

MD5
d3a4ba96033d53f4571b98a044abd0c2

SHA1
e112ab0114c1aa93fc44d8788dfaa63d90a89ad8

SHA256
55f7630e363b5b195a53a45c818374b0ce3ca8033b0b486f68e3a0b70aee7125

SHA512
1371e65b69a7348cdaa474582f6fc69880a45d098bcf5d0ce7b7758f74ea8e0f38400b9a83a198c3d786831c7feb494405440bbd8c9563371f20e99dcbad4ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
1d9ef8a28f8264a219d2a18f199cefaf

SHA1
ee31998a62afb513cce8cdf0806ee4b1fd7aeb66

SHA256
cdc5cac5e21004e5ae2b5fce3b95d41347bda559c7c34684add5e2d36f49b0fc

SHA512
2c65ec527e9425daf5fe22aaceee15b31f580ef9ff09d537e46c6697346976091dc5b158591d0a5d0c0fd217a7855c3be73ca7be0d234dc825095b08ba09ccc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab846E.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar84FD.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit