hxxp://transfergate[.]sbs/rdc/offer/62ec7/520/00lry/daa/34/76?HIFgqONiOkuUFxDViniEAdldhjVNBhhiQMphBcpqmKkRhNNqbVUCZfFhpAUQIbZzOoGqqWGDGQvOEifGeZidfOkupflXhkxWzdmPaTtHKOvpWAVbAdeGSpbhvmfDxCzWGMMG

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://transfergate.sbs/rdc/offer/62ec7/520/00lry/daa/34/76?HIFgqONiOkuUFxDViniEAdldhjVNBhhiQMphBcpqmKkRhNNqbVUCZfFhpAUQIbZzOoGqqWGDGQvOEifGeZidfOkupflXhkxWzdmPaTtHKOvpWAVbAdeGSpbhvmfDxCzWGMMG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607307668422106"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
3612	chrome.exe
3612	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 3596	2408	chrome.exe	83
PID 2408 wrote to memory of 3596	2408	chrome.exe	83
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 3228	2408	chrome.exe	84
PID 2408 wrote to memory of 2464	2408	chrome.exe	85
PID 2408 wrote to memory of 2464	2408	chrome.exe	85
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86
PID 2408 wrote to memory of 4264	2408	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://transfergate.sbs/rdc/offer/62ec7/520/00lry/daa/34/76?HIFgqONiOkuUFxDViniEAdldhjVNBhhiQMphBcpqmKkRhNNqbVUCZfFhpAUQIbZzOoGqqWGDGQvOEifGeZidfOkupflXhkxWzdmPaTtHKOvpWAVbAdeGSpbhvmfDxCzWGMMG
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xe0,0xd8,0x104,0xdc,0x108,0x7ffef941ab58,0x7ffef941ab68,0x7ffef941ab78
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:2
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4408 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3244 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1000 --field-trial-handle=1848,i,6080070297904992787,14156783417913426400,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
3151003acc8a48e8632bb0d2f67ce5c7

SHA1
56659537b59a47ac16289dda5d3b86835560d2f9

SHA256
53c663c4f4769d65bcc60e429336c4054a0528b613dd8b51778af3846c19118c

SHA512
caed60e902174206a5577203347e4cc94e5a9e71d3c92b769fe17258760bd0834cbc13d2c693091e25a282839e0d752ea14c37fe56f9f52daa5ffb2d60738e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8bb568e094ec3cb3056661c6057199e5

SHA1
5852d87fea2d48ec0b25c441edcf4f532cbfb349

SHA256
70c5944df6d3e62ec208e5a3174676486a4ba12d4843b6abf4ca227dcdf09907

SHA512
229be16c626b2236e93362da15d6607cf929423838000becea2ec8280ba9b0ca76ed24455aab6b18b80429d8f795301fb2e60175d06e22bf0e1194408205ccbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8a2ca8187cb0e77ecaf0961523afe187

SHA1
8d3bf2f63177bb663776cd369d739d18b32d4c47

SHA256
5002172f38075b30f27be7bddae4b8ce0240031acd844b425b47d2297c807035

SHA512
6bb99e390ba8bb3073dc15302bd6312dd19c831887716049345287fc51b5fa1b82e10b827247116b6ade3931ff7f6b639ddc2f452cd23a32cd2b526f6464d443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
db31c3a64cf68bd226913585e27c5593

SHA1
3c93950a742f6ec59cebd58d87d7594d9f165709

SHA256
5d46f18355eabccb815459201567917286da4caf3b251505309726c7251dcbdf

SHA512
c4fc781768f3cfc6747c07ef699041817e4db5147a7f1d7a8f9a7844b93c3e26f661d9cadc52e32781dbd2a8839e45b92468d4a312d3659478d2b796cfd36846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
66152a886be265eee57df4e35f9b7267

SHA1
b039f75e7e55dd4e10f2b4b3a10d58d57bb9291c

SHA256
98e0d9eccef09e9a090ab92177dd8c500b24d82a2d400c5d631b9cc9988cc817

SHA512
feb562846a57e629186db67639f59e1b4d1ccf13d409cd2c0487ac7711424628e3beb9871c6d7b6a21e2ec711c115143e28e2b23fa2190a7b4538b8c9248b26a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b6cbe521f3529e6e244bb810e5cae8c5

SHA1
8cae36351459a9b16b54640bde873f308cad80c8

SHA256
8d8624405287cb29f2a067eba1863829b370eb068a87ec791e29c3379a9a5da4

SHA512
f4fbfc18f681a391d706e67e604041910aaef722d4224e1cb3849674768f97b59c8c7cadf076d2274c74d60b9158f13e28754bc6020312cfd8bfb4ff1d45abd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579933.TMP

Filesize
48B

MD5
8c14b90090aab6453af1fcbe15bb7b85

SHA1
577d2ad247b212be3d48edc600eb153c9984d4de

SHA256
f32625c9730a97c86ceea5c0703efae18731a8a8e93b878e307c378058c3fb86

SHA512
900f0758e0e6679f318a083b8388b13d3a6cb04d48e486374725b8b7f26ae1065396640371556012ed0414b52d01779c1ba4eb931702a08dbb19aa5611105ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
ff408d1cf962e7e81587e0c695cdf2ce

SHA1
843e12e9cd42bf46471c3f314876b2eff3351566

SHA256
3fba28c0e526bcb622cc4c315ea10a46de82921f39e4c9b9e7f95598fb72cc87

SHA512
c88776a0be5b0f470e42c9a65f3d3bd6ca186479c35c50354e4bc8a586f8c4c1642f3159cc71fd6d41bf5e0fe7c213e0e4946c96d97e7399cacb0f38c4cfb0b8

Download Submit