hxxps://mega[.]nz/file/CPR3HRoR#y6WGAG5EQfoIpfqJmdDkJneS4ZtU-myw9Z3rexsPI4s

Analysis

max time kernel
599s
max time network
502s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/CPR3HRoR#y6WGAG5EQfoIpfqJmdDkJneS4ZtU-myw9Z3rexsPI4s

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608922070947689"	chrome.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3436 chrome.exe
3436 chrome.exe
3424 chrome.exe
3424 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

3436 chrome.exe
3436 chrome.exe
3436 chrome.exe
3436 chrome.exe
3436 chrome.exe
3436 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: 33	3616	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3616	AUDIODG.EXE
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

3308 MiniSearchHost.exe

pid	process
3308	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3436 wrote to memory of 736	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 736	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 4076	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 2380	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 2380	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe
PID 3436 wrote to memory of 3052	3436	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/CPR3HRoR#y6WGAG5EQfoIpfqJmdDkJneS4ZtU-myw9Z3rexsPI4s
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd3d27ab58,0x7ffd3d27ab68,0x7ffd3d27ab78
2⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:2
2⤵
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:8
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2124 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:8
2⤵
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:1
2⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:1
2⤵
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:8
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:8
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4476 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:8
2⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4448 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:1
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4876 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:1
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:8
2⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5144 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:8
2⤵
PID:352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4328 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:1
2⤵
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1540 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:1
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=992 --field-trial-handle=1768,i,7408799106663070805,11697067629106924685,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3424

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3616

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3616

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3308

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
Filesize
326KB

MD5
3d2db381d4b45d24a618005ec7ab73df

SHA1
79bcb1b4e1b547397f0f5026f29a896c79ea0616

SHA256
cab92569edc658843e7172d48d41cc172f9aff041be631e17eb9478dd90e2a56

SHA512
e5c400c1ffc84042c0b11184765bb6289851bbc214fa8b1fd80a0e85abf9868c8d4a7960eac8abf0d3157d0b76013763668013f25a5b3bc557d671c4a95d5ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c
Filesize
133KB

MD5
0323aad92caa62778508a5ee42cd5711

SHA1
37fd91ecfb8deb122443776bf2fdf79acd0f9d1e

SHA256
aa6a88f66df9da57f0a7d672ad2246555798a491e8a20a819fda0fa8d24c9a14

SHA512
8701654a220e5f14bf42e782bf5d1cef34e21ddf219cd3176b988c5c660111c82461e7c8d78db44f08645cccc29854c62195d202bbb7c67dda58209d707668bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
c2373a65162834025920c92cacdb6328

SHA1
6d8e2bfdce21fad1fdaa5799a878b4d39169bfdd

SHA256
3a98bb7a68b2ecaa56153cb49c95b99a0ee2746a5a555914b88b44d6a04b9424

SHA512
0296c25fb66573321c6014fe8e3db6bfa4d51cd70b348cee84aa139c4a916719a4f4c4f430e21f7749904984ab31f55b675bbc8bd38213f1e57cf5789bc55ed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
1cb3761d67a04406ba1b015df1c91593

SHA1
3d649c9dc93dade0b167b6daef782a77ef035c03

SHA256
97f7611193f23ac7eb21af952f5ff4df80d39740649a1eeced104298f0f016ef

SHA512
19b652124a48e31455bc2af6e579fc19d8e3d1f84c8751fb5f3928bb0155764a8bd27548df5b2ea31f7cae049869e423c5713ce07b2e72691652cbbeb7fdb51a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
0c90863de71299ec2a738baf1a259681

SHA1
6a7a87baf517cfa64f522fa6551c6e4e20dbc490

SHA256
257a31ec5b330dc6c3649d4c328ebbc08bf3ae3951ddefe4c0f6fc5636ab5539

SHA512
8fc087bd310557d6ea6768d535d110698533506acf3ad48fa8f4c148e5669bc23b137b6d11dfe29cf05ca79b1edcf690c2d399b8e30bd09606e094d5b72b8f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
8a513a5a406af88cb946ce5e74e7151b

SHA1
543b90fb0824d762a840153f0585579e8cef0826

SHA256
4ba94f55d2de402efdee380d2fc671bbc878ecb838104efe0c40b32dd563ec63

SHA512
8c2593725a3eee9919e515d0a266bfba85bf05e0214d68d80c437073ea0ea72fd774bf6f82df8e3b8c81034d2a5bc5084f8a40adbcb0438bdc610cc6ea93c8db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
ac6655453f9a111c11d886fdee8f426d

SHA1
a7a0f4bf448c903f645bb56d65e6deb60d161d93

SHA256
4c4c4f11a9a67fd7fd20e1b8771e4f991abce2b7830cc59fd3b1f15c81eef871

SHA512
058f459a348b9e8b6956233dac5030305c5fc3336c738b401cbc42689adebbd32f1dd0e631f9014b1c0238fc4128ff835d8090790a75e9d6fe3bfd641548770a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
1dfd87cb0854b7693b01276b9f39c559

SHA1
65e9cd4cf815d2c9e26ce8f7b52c5ccaa457332f

SHA256
381192323d1e7431fca1ff08f28d9e852833061df786a2a11a9ec3ec9913e18a

SHA512
c7d1249fcaee68550db0c5d3283262e81fb7c9ce2a6a05a0a13c8bcf0596d14e11fbbca63cdd20feeceea3c9b0d8fd3d966bdf1c270160c4454759db49dd5285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
71cf48bf8e04d382bc0e988c943e0200

SHA1
e022af578bd54a03773527254514ec23dea8d529

SHA256
d46851490198cd58baf4436f687354faa8c5007c1eee4ac7224c7e616d36ecaa

SHA512
2da286d27c297b1e48a31c2f630dde003a55abde1f5461d84e01f68ecbe224041a74806a7a9acc79f5c62f258adaf96912e80c5e43c475708bdb1c75ac20665f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
a99080a1aa2a975f1f84d5a0ed75833e

SHA1
ecf33a267abca342b605a354791d79e344df78f5

SHA256
50639ae7b5ac2d0e81b62a94afac57092fdf1cfad8cf747b991b4a8b60f67cd7

SHA512
713e98f284b00a40a05816d00d695a585534a4a42a82ce0023d2d81ad23a000290323525bb42000b037e7d74c0d28cea4a5976780b90179d24edcf78b0a421f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
acaba25dce30aedb15030836c25ae804

SHA1
6909cc233e4138dc70b36f42725c505838ea6e46

SHA256
bd0de7ddb18fe30e984ce8e842f90aadfa4e5c2827b782d13b82b67309df61ea

SHA512
9b3d4f1a926aad195c3ef2030a5d9cd73e00f8505890aef2281c2e6cb3080900e19bc33d409a591009719c6600eca24715c78b9265a27291efaf6cd8cabebebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
eb6e9dc2d89e6a446b231c54f7d4e280

SHA1
da628b9c0b7f15d96e78f67228b40416c5a4dd91

SHA256
3d7146edc916d71ebcf6db2f8f4b7815e289cae8e1b5d8c30e3bde2ead50cb3e

SHA512
ef64acc9e5818c0634ff41e6dfe39cd2413cb9747cb4565be35a11f62d8904731262053477938dba2fae726ffef4260dc044e87de0cbfadd89fcc0774f2c83a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8e7a74f08b334aeca2aad47db062782f

SHA1
fe1b53d5d7b4defb5d17b0b1cd206fb6293e7584

SHA256
f7415e2e477fa6c649b35d38e86982e7c6981249a3766e0662e75ce371a79444

SHA512
7c212e1dc5b5d2e85949677b671d83334403bd61979c38cf9adf6df1bc4f9aa0273c0585550806e17c72e07e36c756e6a8b03722772fa144f4f050aead572683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
a9a5239b742dd7d9299e03ee3f68e9f9

SHA1
986f0cbef433d139b06b205d81a9532f53f25edf

SHA256
d0c315f75fb1ae73f20f7a8be554bc209f70ad0c9f500e67ab0d8b035d86fe7c

SHA512
e1a0793cf902e4e2614b4eb583fb32964b850d9ad2566e4926403d8d6741b9182705c3dfa84e5a3273161cdcd0a5d96f6cc45a742f6dd6ed7bfb9a33e220c75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
3fff3503bf5268c7f0975dce831ef9e9

SHA1
8caa25614bd3efb8a6561dfcdfd4f52cc1ed1d13

SHA256
c78466d70038761b8e5c298bbae0594293682a19b068eb0bdf56c327d0fde133

SHA512
16e3d17d1f335dcbcbe53ae50e4f44f70bb5ecf2438fe3881cd8a963de1ec9647b2ae52fcc6209f0c004d34597c97fae78149cc605d929fea8166899f086460c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
929c4f9751de5f91048d06a7141710b2

SHA1
ffac6cbbca8f28cc0e210ca8d657021448737322

SHA256
82c2fda8ba20dc89adacf34acb65c4c4941736bf0f65231e0200713e2bbf3a66

SHA512
c93bf696ee93ad8260fe5a9d7bd85fb34d2ebe32f22ff2e5ac9bb3aa5b7b711c21cc29322541227d52e4015033597c1a3e99d56f90c7c2028b3403b5ff77a73b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
d17e61ae79321fbf4df06578f66c48da

SHA1
fd31e46df5e2da17720336bd71aed4ae4eaa5708

SHA256
0a4813cd2f1aa421314558a56c7a8abb082bb9a6d560a34ecb45a35df0eeb77d

SHA512
65d6f6976dfb0a02abd276572864a41707c4fa7051f4a44ccfd5c83bc0838240c0760d8fe729e5ba82ce5493dfde6498f74e7d6266697b43f0a9b8ac17e56eb3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
e91ba7113b9ee73bf73cfbf795374b4f

SHA1
beef122500329c4babf0903b183e7ecc933a234a

SHA256
71d02f8625c90f7c9499fcbc6f2335fbacf9a5fdc58b475e0ffde696de5a9c98

SHA512
7c7644a911b218d20300a51c288182312bf57e48c78faf1791c0f710451bd907721d64f3f6d26a0cac77fa7ed088b0bc084d272f4416299122adbec9896586e7

Download Submit
\??\pipe\crashpad_3436_AQHLQQDJQXOGZRWN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit