hxxps://mega[.]nz/file/vbgCjYjC#eij-04fdXqkI-45KpR26ov5_b79ZV-jVEuAErQbnw_g

Resubmissions

28/04/2024, 17:57

240428-wjzr7ade6y 5

28/04/2024, 17:55

28/04/2024, 17:53

28/04/2024, 17:49

28/04/2024, 17:43

Analysis

max time kernel
242s
max time network
296s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28/04/2024, 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/vbgCjYjC#eij-04fdXqkI-45KpR26ov5_b79ZV-jVEuAErQbnw_g

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587998539490427"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
1760	chrome.exe
1760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 2884	4376	chrome.exe	73
PID 4376 wrote to memory of 2884	4376	chrome.exe	73
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 1872	4376	chrome.exe	75
PID 4376 wrote to memory of 3152	4376	chrome.exe	76
PID 4376 wrote to memory of 3152	4376	chrome.exe	76
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77
PID 4376 wrote to memory of 944	4376	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/vbgCjYjC#eij-04fdXqkI-45KpR26ov5_b79ZV-jVEuAErQbnw_g
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe56969758,0x7ffe56969768,0x7ffe56969778
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:2
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3708 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3924 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4956 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3008 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5516 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5660 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3792 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=164 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3228 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5220 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3080 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1484 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3624 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4708 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1492 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4424 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3148 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=916 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2920 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3360 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1636 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3048 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4832 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4940 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3932 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3096 --field-trial-handle=1852,i,14151518494233631231,14853985799881490259,131072 /prefetch:8
  2⤵
  PID:368

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x390
1⤵
PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8f3843a9da63a7c396a894b5865b2f67

SHA1
2e7f9776d1ba8b15aea00d84eff977929ed70022

SHA256
76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a

SHA512
06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
24KB

MD5
f782de7f00a1e90076b6b77a05fa908a

SHA1
4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1

SHA256
d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968

SHA512
78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
2e166c03b1c281e3491b382c8aec35cb

SHA1
556900f09a3920d6bc740c919a22cc2e887617dc

SHA256
b88f8434932f3b92d1039e309cd6005494d8e104ca1301dcd17ada6a57a454d4

SHA512
d8c71f7aa0d94c5fc323474a1984fa1f787cee0904caddee74d21b3b0870ce118d56d945ff1345ffaf90fca27fd13aeabe385867da76a2ce027eabfc2d7fc7e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
53b7beb5d13ca0759d2bc7cca2fa866e

SHA1
10ff86319add97dead0285a11f2a6c5316775e08

SHA256
d3a2bd008f9bba6c9875ca95f9e4bfcbbd652e91cadb57ca0eb7c4e63a4db5db

SHA512
642377c594156c9d47c4d64185e1ce744a838003ad1c91165f703615c12008e0607568e4b801a20e60bb0e7b8d32a8fb1f402dfc7d03dd9d9d42e7285b5b6028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
775f21ce7d9d9fcb24904a3f49c701f6

SHA1
fa8df352c676ffb9b03b1e38ded1dd7abd5214a1

SHA256
96d251feb71ea76e9da12f32f402f147160643da099d6255cd9105343a5f5998

SHA512
10254b2f6dd73f15d5c70892dd00ef3a1945d7a059e8597cfe8b8d1e5480c51e261b1a4dec3b08fd96a79e786384ca1032a5e3dfbdfbbc81997ed952d9439135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
336a0cefaa346d9f8ac7e4a909ca0834

SHA1
2034b360d740377a38a5a72f0e3899d309c9dcbf

SHA256
8f4bb3e1617711f088737ef122c1a0694af15832c2bc7fdf2270f446593d6bc9

SHA512
f01254cdd333a7b510fbebd8bb64d70a272f6e89543258ba50c0780fe737e63aa3b597023c07cb39ce60b7ad4ac96a8e222ed014d86a5b2968ae23375795e9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
e274aea690729db48f79b44b3819b153

SHA1
c0e030c0bdaacb5263f5a345f40733c0f057bd0a

SHA256
bd31421d463d1c0e9ca11630bd0aef4a4713695057a1c69cd9d0bd63a1564367

SHA512
4761c6f3c3a63ee5d83809e860522cbab95127c2dc1deac5a1865c5ae97e60a87da5d81dc6a885832207e4a7f1f28246d3e08eed5443acf2f5bb9c06479a7e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
c3acb447857ae66899469f63eb32a29b

SHA1
b1c516ba7ad7ce314c06f2f2826936b01a1e03fc

SHA256
995abd02c30de775c19c3fc555b160d2e3a2e3de76a4ef1f9b23afaaa3c53419

SHA512
d7402268dae9ddcdb05d9e7cbd6ce18d5b631cc43bc327925200a02a2a641cb9ed92b99fe2e40d26e5bb264f157c04a1a8955563dedeabf08011a113b8bf8f3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
09cce67c1568a1b6e68c31f84ba835b6

SHA1
b854c11a9103f12e6b122f2a5590ade72e2deec5

SHA256
30b952acc87f2d3d30eaa0578724c95b7f7582cc6ffc594086ef37f19223111f

SHA512
3f4b222352b9688e1d8cf97806fe2b9c0dc2eaad425e3dadb16ef9f924b2492a0fbb33abbe8a816ddd605fe531eb71afc77dd5ca4a362537172d5103cc6139a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
787cd7c46744055e10ed343d6e160fe5

SHA1
2dbaa3c7481fb594063fce25f026d9a548920b56

SHA256
1b5644798dc23e33b9f87be62fe01e288d86ab6a70f6fbc1b8766101c01d829b

SHA512
a523cadd0036b24ca0a7d8d6c70d9733566270abce6770603f0901ef47e41c1f86299ffcba5d13cdcdfc66fb7cc9ef1d6d7acf54607ff38b385ff8913bcac4d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b9bfd6368d19eee0bd074662edec563f

SHA1
8974c902d7d764a9eef0da3183a1d9496e32a629

SHA256
bd22edccd5dadd88cc9d16ebbbc73ded3a68e48c124627fd1d259b501fdb27c0

SHA512
cf96e9b98b9d998ad3e3ca664202bd59467e31ae66bb187c203048d0a082db6b1b0c87bb528b6a331604922501c5c0013515007067b277146afb0275b94bd01f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0d902993948b4ba94980b7e4be23bb96

SHA1
b631f66f2447b99871a9f36a0f3f07529f11945b

SHA256
3a6b892046300a4c8d2ab84fe4587858da4683e31f043ef4d30edb5c5de78997

SHA512
6cce7b11b2f54f2543de8fce1e04e4ce689bfb8f42856dd149fecc5a580e3c034f8789cd99d0471ea2683791bd417215383566463ccd067896be2727f8b9df49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
bfa4ebb914c6853fb7785c86a3549286

SHA1
e9a29d0deec8f3e9ce6e2a28fe34da597ec8bfc7

SHA256
ca13ef05a421eb6faac6269ce3156a06fffc9dfeea60bc58a4d5ec2d4deb3400

SHA512
795f2ce073f3cb37bace5e854c2c76d31837d65f256fe99f9c15f3ae42c14bbc4f4cd5cfd223946f2e5ffa664d52a1f4798ca4005b675e83c7de8200013fd77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
5b0116f077f90159430faf30e8fa95b0

SHA1
7397fce08c05eae734602c32000902374b6a2f29

SHA256
130abb502edc4358698db9f73e28c639a70e62d263b4a5916d14fe6a1e4ca492

SHA512
a39c666a815498a6143d180e4b89d725cd093e48f789ba70c4dd691513f7585ab852cc8b8c91b17f6ff47521bdddf365b281439c3d458c60e27ff719e7f1ebbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b2ad99dd9821cbf47fe1840ac6e4d952

SHA1
eb1dc3103ce7e80b0e7e782f0dd1fa2b0c4d41f6

SHA256
5fa8c157465eb4220fafe4965ef85d96d3e56f4d940270df516553d9000a5979

SHA512
edbb5b098c29fdef894bb88a3cc242f5532358207da5c481bd5a6ce28292fdb6a38c895adeb4e9229c6fc6d6fba0d4362db98a4b330d7e1ef95752eb0fedbc7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
eba44878f14fd45af09705ffd2b58b37

SHA1
fe1d5b22c96d43b4e5b1198504f35c7839030388

SHA256
36099fb5000ccb3e5d299935cac0d169155fac230e7cf44a02d1e91014c93a47

SHA512
d9d52b2c80ff6e6d803b0eba28ab979e384fb2349506149d464c08deebcd640d1ae5162c8cba745d9b7ed20782bc6d04808bdfa569d3c9569d15195c5b922f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4321cc1792e95819fa757f49b9fbfc28

SHA1
ccd181be5dc9f90f70a97fc4a80734f0d5fcc48d

SHA256
7b22f91d522cb7a29e6fe86666046f19752b73184d696d1a39c67d7cf2ec96a4

SHA512
fd3997e939fa4ffa21bdde5fe2b9f91dc0cc72472500f28d290cf1c5d1b12e1df7e586253dd9585a68d37c9b343d49c0949142841c172e4bd03dbe96333fc301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cb0b222f1321c4a02a59bfcca9f608fd

SHA1
dff27a76f1da27bffb02787e2586b9659d534698

SHA256
68a93ce0534a825eb82ae3661cc8e116e8ccd9a7288665fe77bac77e119d98c9

SHA512
53d3e0492992a317e7542d4771d1a0dc61bac259c366e9838d7846ca60f0041e56f4bcd33f0d188a54ad3c2503b3e8cddff3f83969bb04eac5b6820549721731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cd45c9ffd6212ae73428646c6e4c8e86

SHA1
10c98944c6418cbf15f501e014850189743e0ee7

SHA256
141213db3c84313f0ff270ad9efb0c97519892c637fca847667314c27a99f195

SHA512
e2c060e29bcd2208fd98ec5fefeecb1fe66c204b680c5455d22ffb64757e90299c5cddb1c44ab6b2860d9cece5c429718e2b612a26a8d6c2da3110912e87f51c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9d3062719c24fad4ad773b73c4dca79b

SHA1
03e8f71b91cf80df8977ada16177da55b2cabc8f

SHA256
df470a1de6491210270d07ea1bc8d151e377b2deb59c41edeb563122f8e6fbc2

SHA512
2be968be31e12bd66f4c03b06686cc5ba918fcfc37d3d8f2c1d8fc7b18b4279d1b5583aca9427e7fbdc7cca46fe74d4975ed35a48e425ac3483d51cf950279f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
004516188f584c31c727e99a6734941d

SHA1
81a7b9179ec4b517307f17fa44a613da7476d017

SHA256
79f3858c51f01d9d2fe8f32600d78ff5c0036a2e56eb09aaf59d936dbec54096

SHA512
96b696c599640112160ded5fd45a7ef8944607736e068fd27d6aeec198732749fb353e17770e7aa790287487d63c142e9ee47c1440faf29b7ac4793f01692ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b9b9eb01535590a2097cac6546f34c1a

SHA1
3a78bffa598feda65af9a4f90d0e2500ec6034a1

SHA256
b8217a3e424fb25d314b1115cdeb8c67da4cd008f9459e30fc7ae98adf1db8f4

SHA512
4d73cb66114e9e9bfe96c20ceb48ee4347c8330176660a10f2bf9c709b3eb6136301de2e282767b31307fb3cdf94c84387a8809c17c59310b31a12f931cff476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
91a4d446a2d4d3992c9ab6feba8fd6bb

SHA1
ef3d4885d12bc4db3e9067a5f181d706c6238301

SHA256
c5edc725050a58a5b31bd0ec244d12dd4e550d3ff7793ee52ee064688e4af062

SHA512
59c1500d944018b67589690d8e4f5aab3a5b7861b944dc768e5d5ac1da146c941df6f548351e0f322874189cd70c4b83ba2b77ad7a614fc718e46bade5b31016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7caae57eb45eb72beac528429db68da6

SHA1
1b9124cab08190fbd6d37464eae48c6fdbdeef47

SHA256
2416c07aee0f9cbc6b98a156e57f76627cbf7a4eacb46574cd89daa3cde6e4f9

SHA512
fc0bbbb736c974c23703d5d9437618880d0264d7090b7cf2801f207b40f6f3955a6cab54b636817a3f92b61c0a9382e8dfac1560b4a3ddb33580dad590a02415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
999f0cf30188edf06c286e02d0cdb680

SHA1
1bd36da40232718abfa5ef2b2a1c8e86c2cbb350

SHA256
93617876ae07f277e4fc821d3df3f58a2e5e06695bbc4245b48f7bca5581d6dc

SHA512
1e09d034b0251b154e178b1976771f54b064d9b8019d3bf700be67b709b6bfa754d3ac08425bc92119bdf2119ec14f22c67290fb92ef71a343521a82d0ac796e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58176b.TMP

Filesize
48B

MD5
a6609587dd18ab3bd7c4260f314b9cef

SHA1
6af26ba1f26adb757dc595056b4ee6211f7f9159

SHA256
c28c8f24b94d812b912a0ef628bb1af635f22c619994021cac982e032d3ece2d

SHA512
9589251a02ef553e0a82b028214e4f346b1bbd82f45027129ce15ec29a05385cf528d4bfbd3beb02145ec633714604b6db6c6b9b315fdcaaabc20727509876af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
aa1f6a7295b9531d24410bc9f1cb3474

SHA1
7da8193f42c2f3962aa35ebf959e37f3f2fd6a6e

SHA256
6d2a4e14a2b3e67fccf28a138452d4747ad71089b1c362bc0f08d8b0ba236a13

SHA512
b4ffb828d818f4be5b6b92ae16afc0addfd3971e7330ae68fb880ae07072e7679bf941e820e286bce44d249d5f74cb45a97fb5c402de48b5bd1779e48a9e5830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
57d0371acf101331a5502eaeb0315138

SHA1
c66151db9f7d2af42b7007f667dda70ea930d9b2

SHA256
f1a459502d3fbd764580baf25be90d1d51ecfafc5d1ec8207570f296fc82dcbd

SHA512
089f8038947a7da593bbb3fd7cbec4f3f99809aa75bc9021aaf6c1f85e07d8f68abac792de2c24f30154c4b371daa6f251e027c70d64bc10460aee582f4dd9fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
125633efb452a39a69ff6a227cd92f24

SHA1
2dbc6285d553648bdce2ce248633b457ede98b40

SHA256
bd95ade4e833bc7cabbc71799901626aaeb294bb4a9ba502fa0e2f4f286186dc

SHA512
39420f228f058885f4a2507aadceb1dff63978ce0143b78118668dede7f94de483f7a16c6448496987f2bde5687f107fe10f2312e8cecf4f830578694a5b0c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
2183aeee2364b9da40adb7598230ffab

SHA1
835771e1dfc113d067caec7ecac1668d8f52abd8

SHA256
04fb7a6683d8b37aaf4f2d533955300b77e42d06b55f3296b3e537a8e810da3a

SHA512
124882927baf901c567f9e79bfce82cad456a997dbc11d6e2568bb15ad6b1dd4d63e0ee94d538289571acfef89e1df6ba3cf71c781b6c50346d522ea0e00263d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
31bef99d7645ef21bfdbf982d39a01be

SHA1
833692aa9d340e620e15367579b580da48c7d8e0

SHA256
03b11ed5ac94d01e965ef5b28ae7736e8c6db4827bc1ba24fe7829cf7a6a0782

SHA512
e20a4e5bef6573b3067233d2d82d1fd82280a1eecd2af863048e0ab48e9bd811d8bfa94151b66aba54da03fd9de5e67a559eabb2367a57be83d2abe7cfbb8532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ada44.TMP

Filesize
98KB

MD5
7c28be83c26622415a37cc23aea4eeb2

SHA1
658d6d3278b84f64348ea39cd1ff79da50f9de19

SHA256
d9d8d8ef90e035fac56bbb5e0feaad6595e91e2ba275f36154c73ffbe48f6bc3

SHA512
c551437c16dca9c82e0e63a01a222e7968d06e41138718a7673e216d070ed421a4152479be0224592193d16b548802e2e48ad4b5b7a2f65727ecbb21cfb76589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit