hxxp://egihosting[.]com

Analysis

max time kernel
153s
max time network
151s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
27/02/2024, 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://egihosting.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133535479929460752"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4364	chrome.exe
4364	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe
Token: SeShutdownPrivilege	4364	chrome.exe
Token: SeCreatePagefilePrivilege	4364	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe
4364	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 2228	4364	chrome.exe	69
PID 4364 wrote to memory of 2228	4364	chrome.exe	69
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 1824	4364	chrome.exe	75
PID 4364 wrote to memory of 4100	4364	chrome.exe	79
PID 4364 wrote to memory of 4100	4364	chrome.exe	79
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76
PID 4364 wrote to memory of 1672	4364	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://egihosting.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd66f79758,0x7ffd66f79768,0x7ffd66f79778
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=288 --field-trial-handle=1712,i,14523286541091910757,13874304304016303863,131072 /prefetch:2
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1712,i,14523286541091910757,13874304304016303863,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2736 --field-trial-handle=1712,i,14523286541091910757,13874304304016303863,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2604 --field-trial-handle=1712,i,14523286541091910757,13874304304016303863,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1712,i,14523286541091910757,13874304304016303863,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1712,i,14523286541091910757,13874304304016303863,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1712,i,14523286541091910757,13874304304016303863,131072 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1712,i,14523286541091910757,13874304304016303863,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5188 --field-trial-handle=1712,i,14523286541091910757,13874304304016303863,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=932 --field-trial-handle=1712,i,14523286541091910757,13874304304016303863,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1e0
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d0f34db42946e103fd91a6aaa6d3bdd6

SHA1
49ec8a9f5cc6f82a9c79f754b3d1c088bd81acf1

SHA256
6932d86deba6b55774856b5dd454065e566640d22ddeb954040b9426ead20a74

SHA512
3fda93ed8438f6c833e70346883cd48a4c0c8457ac7c3253d3356aab819bbb6edc4e6afe6dbea7aaf54a9db4f11dd09c692107d4436184a993f41767830a4e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e03ffe69401b2e899fee849ddb8ab3bc

SHA1
5f7331edabf9581ca3851c72e44d22b012091267

SHA256
31979facc99ddf47e93076dd5cf5b583c0b7965dd04e883a5d978ed00978d7f4

SHA512
ce7d867a28caf054ce6f88ff23150d31dd74ec032cec62bce2ebb661b8cd3936c8e5070253947e6b2856d9928e764b31d1a41b4de89e6aee6434b59c0c702166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
0628b7f5e780e82297caad2eb7a6f2aa

SHA1
a561628774818114dad9cf2c8b89e89d451cc24c

SHA256
9a4f0a8d68d4e690053764b0070d9b159545ca7638d2620e898aa612e9decc76

SHA512
eec782bf9aae44b500de964bf26e1fea590ed2b87caeb2d8e9e4168dcd05994777f17e30c668c415f406933a7f83672f805dcfe2c945da2da4b08b5462d5b630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c864a175ea5c80b3e9c0c08c0690968c

SHA1
0aa4f9770dfec70d0483e074f2b624ef377e791a

SHA256
e0b5f26a0bac8b352036f93b61453bcf4b1f6124df00953974b7fc7b8b8cfa59

SHA512
e7e796e472eb1b146728314050bd4dbaf400b442be5a2663e11286d7ac287ef7a55a47369574096b7a9599ec4d4db1f31ff3a5b2ff370d68463b27d87a0c0af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b1753e7aa4f13020fe34dea30131916

SHA1
b6552a5e89a3034de6dce2dee8eb08dde5fd5e49

SHA256
2d42866ce1763d63ae753b275eb144e42eca531d8b495780356b25b413fe7627

SHA512
a7afb8b2b825b9f4242c03c6e9669a7ada1a89b2db403844652f5772094b471e4feaf5d5d57accbce8ff3b6ed08d617063c279e924af0bfbf0dd627921aaa82f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2d18ad985990a2ac191a524a16fd2d9b

SHA1
c4f86bb4540dfeed06bc530aa4b9342bb401cf8e

SHA256
f614f5bd5042ae5abf5a6cc4625617bd79ce1e6805aee831a54a83b31e7d99d0

SHA512
23f3bbf4ebb0e7dfd6785c88e6b8ea3b60db78478e8cc7d46c63c66b01595b8b2cd35517050499e603591430d9ac5bac67938784246e22784527356e0aedf0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\725d18cab14a33770593c5b8e469cebc4a85424c\984d98e6-c344-42f9-83d8-c5b16b1cc092\index-dir\the-real-index

Filesize
144B

MD5
3098b776ffb7413ab97080c099e431b5

SHA1
b1c780a31b17b4ce837649722fc44388de4fd901

SHA256
15957695a785430d3278796c7d0b9a07ba926278acad3f31a161a273bcb7ddbc

SHA512
e09e9a42e8beed7e81be29b69d562fa91841c9a9705342a66ca58b66d00019b483d4daf416a97ef6db00d548426d806052a495f10df767e7522562263520730f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\725d18cab14a33770593c5b8e469cebc4a85424c\984d98e6-c344-42f9-83d8-c5b16b1cc092\index-dir\the-real-index~RFe581efd.TMP

Filesize
48B

MD5
7ebec5d10630c232e766ecd7e658a6b0

SHA1
b7c761ce3d37369aa0b092acf6ded7797a63c0aa

SHA256
06a715376b16f331b4992fde26b77c3a99598d69d4843869db6303264ef51f5a

SHA512
02e3a10f444dbab70aa62817587dd67433c85ad2882a63f873190a9bd3cf13753c62a5873854a925f7bd84476d4f01a7095adfaee6a80148ed5d3fed1f855d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\725d18cab14a33770593c5b8e469cebc4a85424c\index.txt

Filesize
106B

MD5
3623b38bf72ee56f0c2827289edc2598

SHA1
270fa1fb0a0876e4841406c8f96715c9cbe1fdb8

SHA256
2c3f287293294d2722c949a17d8f78602425057e7342236fc0f59d77f3d00c32

SHA512
692f4469aa4c8065762a0bfc9eb42f0d01d380b18cc8ecc6a2460501b1b628b45b385448face59de8248b5372c637edf24ee88af5adde3342791beba7a493f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\725d18cab14a33770593c5b8e469cebc4a85424c\index.txt~RFe581f2b.TMP

Filesize
110B

MD5
f15dda293aaed73b458d0f1e43a4e814

SHA1
f5514f20d304656101b179081de6d2471e9c75a0

SHA256
1eaaccf8375c82a0c585f6e9a9293e9ea8218ba4b72da3d00a1fac09308c38a4

SHA512
6fc7bc483ec3dcb9b19b7fcb34eb23f50a58bf0b04db14fb6c22a199cef41f2812933387479c828603edd92d5ef670300b73253e074b54276d239bdea8a895a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a837436bbcb062df837076bf1606c396

SHA1
2736a6a12f0ee68c2e37c28f425aac299ea102e0

SHA256
35c473a182c5e54038464dff642dce3ecc44d6940dc175857e7c74a5c2efafc4

SHA512
f45483ae2b17f9c349834752dcb117e64242efd63d0a35936305002161d09ebc07887b8a231aac680d70ccb7a48aebbf33468a14a76eaefb53dea64ae50ac6a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5807ac.TMP

Filesize
48B

MD5
87b355ec647b0cac543921f685a87afa

SHA1
be6d7a88b5de919000a4f8a07fe2645d4d7dc3da

SHA256
e78bd017d4821db9b7c6563735405f8e0efef31832151e7b2fcad2d8b1e14fb1

SHA512
f5b007ef2e12cf6c29ae3a6c95e809a250cb8a688827ccb501ce19ee00eb3dcd5fc8376dc4c189a34234534c4ad04d9e535ffea27aeaae4c1a9b755a2faaf449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
349334a0a948200b664879c52cddd0bb

SHA1
d2e35ffe2164b8af1f93bd5e1d9d969c5458eb1a

SHA256
0c1a177acf8307d381a3607fa03f53b0d66949fb9f28e5dca984b7931e0114f9

SHA512
8c862caa4c7cbf005bb1b5f3ce2b855d6abbe8c96e3c91319c3e37fa37f4e3590fc2c226edfc8a32d270978fbfc0a614ba8c9eb3d0e3f5d9b8485a574d36faff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit