hxxps://megawrzuta[.]pl/download/ba36e41fb26365ce06247aaf1e43d5ba[.]html

Analysis

max time kernel
601s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://megawrzuta.pl/download/ba36e41fb26365ce06247aaf1e43d5ba.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133593007907846998"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
3816	chrome.exe
3816	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 3712	2428	chrome.exe	90
PID 2428 wrote to memory of 3712	2428	chrome.exe	90
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 4492	2428	chrome.exe	92
PID 2428 wrote to memory of 1852	2428	chrome.exe	93
PID 2428 wrote to memory of 1852	2428	chrome.exe	93
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94
PID 2428 wrote to memory of 4932	2428	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://megawrzuta.pl/download/ba36e41fb26365ce06247aaf1e43d5ba.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe6e939758,0x7ffe6e939768,0x7ffe6e939778
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1856,i,3853028662056859887,8240947125061160952,131072 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1856,i,3853028662056859887,8240947125061160952,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1856,i,3853028662056859887,8240947125061160952,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1856,i,3853028662056859887,8240947125061160952,131072 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1856,i,3853028662056859887,8240947125061160952,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1856,i,3853028662056859887,8240947125061160952,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4700 --field-trial-handle=1856,i,3853028662056859887,8240947125061160952,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 --field-trial-handle=1856,i,3853028662056859887,8240947125061160952,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1856,i,3853028662056859887,8240947125061160952,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3712 --field-trial-handle=1856,i,3853028662056859887,8240947125061160952,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:3256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
6fe133f945a4c563c7e643c2e5db2683

SHA1
ec03e19eed5a91e097f5fc83c7806ea8f7d9db0e

SHA256
9d6fe122ec2595088caeffe04ed8b666adc0752417ee019bd53f8d3cd712f80b

SHA512
b01e1d9939b47b91147732c838c911e424af69c93388994e914f5db85a371a19995d765420bddd17946b9c48f40423be2d479bd58edbc1a393552b559eae4720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6d7f1a93007bef8c20b383315efbb823

SHA1
0e96e2b3f8685cf5c3ae20065c87d395fa4933a4

SHA256
72375ee0acb550f8214e6bcc9bbbbf6e88d23e971107ea907c50addb8a6a9c04

SHA512
eb8a302d8586cb0f663c290bd22ed432a5c8a07ac78fcbd72f3a49ba251b88f6f71ab5d6d32a663e6207a76f528e4dd484e5572b7e247239a7cea000a6a2e2f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0be74c5aec13a2965e5e6a4bf6f8ce7d

SHA1
df39f8c806388f70a16b32a034310e72037cb7af

SHA256
f7001c203d8edc528c95eb7d4671ef491601e9f76f9624e4d711fcc38d95b29a

SHA512
8ff9ad73020b17bfe3beadfdabfba4cfca0e60b2c6a28f19a302b379706c743aa041365640a86696be1bcad885d85d8ae661b9d69e7531dd65bcaa2594899a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f79d37b9414483b4126124ae4a8d87a6

SHA1
8708e5b17feca13a71aaed79b8fb6f98a3fb25b8

SHA256
085b5b78e48d8ef3b996e06ab6ff07abfde33215cd17f7b00d8f5b6566d2e7eb

SHA512
e3419b89e78f0e07111199bdc1158602f735a0e9d897fd21700d9d2be175bfa9fe7a6f2009ec8f36719116cee0b9ed0a5a841b784a60de7a603a7787d07a5122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
dffa59fe6a632722a5c61df9870b9a5c

SHA1
19970f18f1f13f36f17871c0bb40a7ea75827c1a

SHA256
43ad7477182996cf07552312168b556682d96c2d0e49cc5f94e76eeb69ba9287

SHA512
581490952075bc97cb41c6c899cb6111de07bc115a67006bcdf30f312283d4f7d462ba23d0ce7f5b325be103ad434ca082497eab9dad5b90500711dcf5e44840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
510ff74f67cdcaf6c0f47d92e91e27b5

SHA1
eb1e993c59bc3ab99ef9bf6e297497fc4526d9b7

SHA256
388c3821ca5758a82390d79de81d49ae05f32f7b744cbe598da4e2748635cd08

SHA512
6c271f6361bd0da9c45151647a87158a4e3dc9087893306fb7c88eb16bb018c3763e80d27353e475d6e6666c3947c5a6d1916aa50efb4671e25046dfcbef32cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80cfb279a42651ef7f1946ff7a410668

SHA1
b0bf5a7959c231cc62fc8a72db3a2b94df51aaa8

SHA256
d4802586ba2dbaeea4fd2ed41742b55eb56469e28e537be2816d2ee7fd30fa5e

SHA512
b936e6f3cb24c10a80204b3e03df97c81f46bfd1ee11cc93b958ada82d331f3c2ba2fcc523b1d995f91807cfbfc99709d6f6f71cc85053d52f6a4649fac60a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b24bc39d2cec4d1337bdd9354ef91f3b

SHA1
aec3955e1dc578ecbb40478ce3026d1a1b781abf

SHA256
77e4121f75035292428b07ee752ee827ec478b07590c1db08e5336dfe7a4f5fd

SHA512
59568f4d773699928d9403bfa5c86b416621a5c494ceea48b1838eabd506f982d44fd95bc9c1ba26df2793b9abe4f77fb2a1be7220ffd29051d457a7fba0d5e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ec4eb4bb32f76b5bba049f0b6239fbae

SHA1
a85741d2a0ce17dd97e1dba8276a01636cee8d7a

SHA256
e6c571175401087e8613889c0961aa13ef443d73b1d80c2d23f467cb409c8d59

SHA512
af3dd3525af0ecb659013125a15ceb934e28de91c408d12badb87c6214789316ca6079a4d797936f292789b72a9b4c69558d7b50d1c2c7245e87b070adf9a47a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
46acfc90b7b419cafc76bdb1a749d76d

SHA1
a878cc024c816f97ca1807bcd2062b01594e5280

SHA256
b6e57bf7f79fec825d4db49f8ba56ec6a9cdd927e85ab2e51f2fb410aeba4589

SHA512
122387ffc8dea30a1d9152c97e57fd9f981698506b1dbd7c2099092e702b5b51353f6b6df44f93d4383f263af617d8f6fedf7001c1511aaf56e4a7b1911e7f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f39fbf9e6c0b78cb7eb27e5aefa8959e

SHA1
f3d4ce3a637d2ff1c676145cceef5c02bf7b2417

SHA256
c007ba6061e53bbd159579094c9b4e12bed5236d17207355ded6fece67edbbcc

SHA512
247c5267b4cfc548fa4f9c08472c449966f271fea3f2c9184866641f64e23300d86ff6b08a01ddec37e625d7220e3a33e0e2c45c47ad8f298e36fcf7f7092e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a0c7e71b9499abc78312a62f9db20108

SHA1
af1f7194cad019382464c7124b55efa093722f48

SHA256
b928dfb8409907efb459223cd7263cfeb76f1d386d63007444a4b3c1e21015cf

SHA512
8c81b2d371576c148af5d41f9a1de2b9b41d571db3504c2c008f4ef09e766c139f0d3ec6577478d0e287dc39b9b107e202c456589e088d9ecb718ab5bfefc9a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c37c36ae-9416-4312-a4f0-cf417cb22dd3.tmp

Filesize
6KB

MD5
61cbff2ab519141063d280a5161d8145

SHA1
54ca69d2d98c2eba57284bdb4e39849531f923f9

SHA256
065bf417b11f072f65d2ddef6e63a254c44190ea91a61df879783add0ceae6aa

SHA512
c33872d2731f880ea9bc71527cef750f02c71a6e1ca88e20f6546abd812f1adbbb28f191e34d6adc093178d71f2010f65594b7daea2d692adc0867ceece75ce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
cf45587e45fe7cec96214b8939ab5c87

SHA1
c1a5ca927300c4cd581b11818125c7f5debc762a

SHA256
a777ca35d285a089f422dd86811929815205c46b1461f189fe2170df7d3153fe

SHA512
496ff0889d0d1ba3699481160ed03c69f8670de2f4be3a28e83c73e7d0aa81a1072deee36f13938a05e3f1f7caaefc223fdf72c451ae6766bbbe7ea5a3f3ccda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit