hxxps://mega[.]nz/folder/DEtyBZJR#5VhJonjSRa7xedtKHMHa8w

Analysis

max time kernel
1800s
max time network
1803s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/DEtyBZJR#5VhJonjSRa7xedtKHMHa8w

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133497498463497652"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
2628	chrome.exe
2628	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 2100	3368	chrome.exe	84
PID 3368 wrote to memory of 2100	3368	chrome.exe	84
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1964	3368	chrome.exe	88
PID 3368 wrote to memory of 1812	3368	chrome.exe	89
PID 3368 wrote to memory of 1812	3368	chrome.exe	89
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90
PID 3368 wrote to memory of 3536	3368	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/folder/DEtyBZJR#5VhJonjSRa7xedtKHMHa8w
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0b369758,0x7ffe0b369768,0x7ffe0b369778
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1856,i,15138950617271097515,17378978975028617796,131072 /prefetch:2
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1856,i,15138950617271097515,17378978975028617796,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1856,i,15138950617271097515,17378978975028617796,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1856,i,15138950617271097515,17378978975028617796,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1856,i,15138950617271097515,17378978975028617796,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5292 --field-trial-handle=1856,i,15138950617271097515,17378978975028617796,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1856,i,15138950617271097515,17378978975028617796,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1856,i,15138950617271097515,17378978975028617796,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5176 --field-trial-handle=1856,i,15138950617271097515,17378978975028617796,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x298 0x4a0
1⤵
PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
36KB

MD5
f90ac636cd679507433ab8e543c25de5

SHA1
3a8fe361c68f13c01b09453b8b359722df659b84

SHA256
5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

SHA512
7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1d1d300b37d059b076c070df7e63cde5

SHA1
2557f15441b52337494757ee5afda9eab2d52946

SHA256
4d8f7a47b9749101d41c5d55d69b16d5e138ee124cc2132dd9bed08d62205408

SHA512
b59666f1ed704d49974318b67b92dfa633f3da2995fd7802e53353a62306f78eee0a6433f12172569d5097cc4dec694af8561b9f22dc88b82158ae82356da1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
945B

MD5
d25771ee0642dd5ad9d80ec7c6a11f8b

SHA1
260194bc69784015b0b0ec1d05fc1772479343c2

SHA256
b5862115b52f2953ffc4acd67b84c2790de415e2351297615e6319895ff472f1

SHA512
2926f6adf84f9157ed877490698f94a876bc080c73b6cc25e353866d2ce9b0f3d9381ce1e054ec3c76972596c83cca4fc5b960ad6ba47b5e91d85bbd3867d388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
41546f54693e879b4ba4d365b817b4bb

SHA1
4ce4142dd8c993a65b880e5673cb2988d1290758

SHA256
31ac9c6bc02bdf78cef8c1563adb4966df21c33938b268281c3ceb1c45d18893

SHA512
c24bc9794d024368373244aa6b5dc5ee7b4ed87aa7e2b95c50cf70a18028744f6c640de2c2921d348dd35240b58539f4f51318403982f73ba98e1fc8bb622026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cfe32962ffc014ddb66fe9b878c2f127

SHA1
48bab4453f119c24a9870ffdea282ad31c158a87

SHA256
a127336ef49acfa15863ee051c4b07a7bc68263efe1400ff5aa9b4015dc96393

SHA512
aa509f7c22a6972fad9fec67c1a33ecf6f571664ef79dd1d39c04790e441ed892f45ee145064dd76b00db181ea37744f3f738b56a142ecd265d27a778e38aec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e0ed430ed5057a048fcff0e2efa63fc7

SHA1
2ce0c46a38d44860c7a1ec17e6c9498b94a632f0

SHA256
760585d18567f0a6f68a0cdc09646823bffe3497bb1ce9a8a973b7e245111820

SHA512
bea4d4e23f97de01efe8a2b1c414cf36c0ea25edb56eac22c61e6b6930ade13f8d41a650e6b7ff5ceff254d1538be30f7ddf0fc9265f9ced3970d23b39086de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dae754eb98d7a94fe824c9d2f7b85ef8

SHA1
ac0da0540a5f5afde1be01070316db381052a3df

SHA256
0ca783955a4806319c8b5885edefae91c7b8ab71ac2cecfb3fdf784cf520d3f3

SHA512
84c15746557e5a1c82a76e6c83e190c318cfea809e8a36109d6374b1f0bf724b3bf2c3d4008874bf8fe3b5024e7acfa9124bafff2154511dd8b018db0a319437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
10345c66d7c3ce362b95a33c56a8498b

SHA1
7ad3e55153c0178dcbb0c377b4643cfc99c56101

SHA256
54e0fb2a1076f591ed292e56fede4f7ec77524e2bcc21e45e7109a2cdb137b0c

SHA512
96c3cafe5baf54dc0945eb0faf14a6f792d924ca0b2eef1548da10be310937a85d6ab53e9d8d69e4010d9fa989c51723c911ab12365563c01de54033affcd9f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c0dd1d6b2ec0699e4b11dcc5290c0c62

SHA1
da22c3f069f7685f12fad377b64632a894aeb667

SHA256
cf0ad50a733d691bfa8d7e42c7dc1a4fa9a6ec141ea57d1be467a29e17f78a4c

SHA512
cc4b845b232171418daeb12f9f060b251d78d8698ce05f8cb3d35d4b28bc4aa09d6695dbd3805d2373ff0a38c14c75952174632fd3780a160831c82a32559a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586a3e.TMP

Filesize
48B

MD5
ff72a3da2532ab3a5c6333a0bd031e22

SHA1
3b093ec28a957d9efdaac4d68f27c36352a73ea8

SHA256
0c199bb5524d7198a03c3e719abae610226076072b52ee3a415041e013c71c33

SHA512
e9212918d4476ff2516d81dceeef642bb5420f80fc23e9abb5d7cf0234dc2c7cd75eef3e7c459690d9d2e33be8c8ce38a778beae296f72baa0b661633a70e744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
a4601fc0167f0346e702374a2a0a477e

SHA1
f76f37ef47d31adc2d007fba5de0f9f3818672ca

SHA256
35302606c1b804a68168052d7b8ac5110affe37536c4df071e1aa87eac3288c3

SHA512
a5c200fee02f45fb66d0da8ddbbf620cdb11f1fe8378396903cacf235733c88cdcb530a603ed01ee345bbc9ca9a50a07fd4ab49f1cea5915048f62850d320e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit