hxxp://omtglobal[.]com

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://omtglobal.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591609033147065"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{E4E23D88-5F03-41F9-8D8F-0DA1B50B4742}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4780	chrome.exe
4780	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 1132	4780	chrome.exe	82
PID 4780 wrote to memory of 1132	4780	chrome.exe	82
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 2020	4780	chrome.exe	83
PID 4780 wrote to memory of 1904	4780	chrome.exe	84
PID 4780 wrote to memory of 1904	4780	chrome.exe	84
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85
PID 4780 wrote to memory of 1068	4780	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://omtglobal.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb42beab58,0x7ffb42beab68,0x7ffb42beab78
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3332 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4100 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4280 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4116 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1864,i,13865029136936183695,12882846897110261767,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5024

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x31c 0x304
1⤵
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6960663445221bfd2d9e5fd1ab9481d1

SHA1
c62392db3654952ab2758082607fe60002c40828

SHA256
6edbf78890356b80208b45e15c4ca2617768550f1d50c6f66998e209ae3a6ed3

SHA512
eed4009bd93ba45db40b9fdbc47c3092f215d92aa56ad47eb0e9757f8658bbb4d3239950eee3da6a886e210d3ab78ce5a5e35d8bd5e66887a8266727ddd0b553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fba00d8c7a74d112dba54db412ba396d

SHA1
3f4fdece724017d6b673f6d636827bd58c6de425

SHA256
d711eff225824a0d42aea1807d8d470b44ce3726815b5bc4af94a680d22c2c74

SHA512
d9e30aa8fa73a20d3c2fb61e090836e86d65c5e2ed75c1c14dd0a68d2a364672fa3a45697ccd3445ed4eb1e690a758bb09a77c6aae708dbcf0f3e79c512d16c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
944ee496321001fe028de26e8a37267e

SHA1
a1f1fdfb89a017ae596296056706e5bc17f29a78

SHA256
867b88814bc0b5c702cd68157ce0b8f1e72a2314b03477fd8bbd53076a239dd0

SHA512
4b3085c96f4ae17889de51ce3dece8c8300b348b4e33d13d553cb0c678e62abd1a954186d30e965531fca78d49dec1f2ab51effbb9abbcbd2b7e80367bea0ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f83c6203-45b7-4ca6-ac3a-100cae581be5.tmp

Filesize
1KB

MD5
f55d4cc5e65131c972aa5b23ba6a6b2c

SHA1
93005195349f3b226790b5e4774b186f0c72e17d

SHA256
82e58a3a481375586d6c954378c6caf7774c7528b5461027cb97eafada61ec49

SHA512
dc5aded89b26e5aedb565b80a2caad26e6e9054547cfeef12659f97057a6fc2c8b6ccf025d766f141162cfda6c6719c0a6cd649890c2bc6f3ad0a6d033db270b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8f4e8a25b2e376d0d194bbe6636c0b03

SHA1
098d1c33dbaee63cf86b38fbd22fa76daf4e159d

SHA256
18455a788bd7bd69f896578fdcccf6dafd8ead15e9dfbdf10918bdb90a02b999

SHA512
d6fa1921a2535a1079cb692d471b5802422610992a52e1f182f85bf87a50face87e27a8880dec37f1b3caf991fcb279779ddc331bede32ff6550be0e4b9ed3ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a028.TMP

Filesize
120B

MD5
e97f7cd740a9d39e3f50c23e57a3d53d

SHA1
8f7f66d9c538f1db3ae4fbb4f740721a0305c9be

SHA256
284b723c03c5230be8aad1c5c05b17bff8a2461c06ce977fb43f3bcc9c6b46f4

SHA512
58cdd3cc1710f34879997413de70215c4313e04a06e37b2021728f7db22b33e66bff3064abbfea6526776e35492e75cbfe6dac41aeacc0c94561bbd0b551537a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
9548957a638381bd30106cad0bf33d77

SHA1
b350cf9d044f6c2cee2060c49ec9be06fe9afa88

SHA256
29b5605bbf5415cbe071b2d096baca503768320150bd6817090547ebee2804c5

SHA512
90789e65b3e9d647163b0d101960ebd82b4f74e3449311bb74b9b09df4a6958455f6bc685e8bdcb3c4e9b3e18f3904fc456fa6ed745d201f18ab4024692f921d

Download Submit