hxxp://www[.]almatar[.]com/

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.almatar.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608297651735894"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
4744	chrome.exe
4744	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 3756	1508	chrome.exe	83
PID 1508 wrote to memory of 3756	1508	chrome.exe	83
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 1220	1508	chrome.exe	84
PID 1508 wrote to memory of 940	1508	chrome.exe	85
PID 1508 wrote to memory of 940	1508	chrome.exe	85
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86
PID 1508 wrote to memory of 1924	1508	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.almatar.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa808cab58,0x7ffa808cab68,0x7ffa808cab78
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=280 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:2
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4612 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4884 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4076 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5096 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1820,i,7206639281764101875,4898778906613308809,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b2187707b32ff4a42674c77430df1931

SHA1
be3993410ff3e897f162a4a5f0b861d31134ab16

SHA256
031364faa09bf53b30019aace15dea1699b46a4694f07cce77eddd65527b02d8

SHA512
7715c19d2c64768816b1e93de509024984eb0095dba5fafcf6aec898dafbb43d6ab52853d8a2e402ae9856ea3f012782c041bae78ee049fa473adf71415be6b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_almatar.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
becd45294f71722f37f831dccbaf4aa5

SHA1
cec9b10e811fd9b5c9ae188883c47b3b53353d9d

SHA256
cfa582ff21fe33c542a444bf4dc8da2a9739ccb5a1670829a25d90a3ebf992d3

SHA512
3c1e9af9ceae52ae915b56b021564b11d47d59f4a6b75ec6f416eda12e67f747afe1ef2e19b6817624fcf71cdc106d073b93d0483a225f5dfc00645682dd76a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1cb7da0064e4a98d6d46363471b0aac0

SHA1
d259e08cdfbc14ec0a933a4f21213ab40fc1ee08

SHA256
7a8d59f4663e4aba83f1704d50c8b0c7d80f4b9dfa9a94c4e0e15b98758e0f91

SHA512
fe8917348e626aeb96d9e4066fc9736203d53d6b28ad78965bec9d515854ddc7dac582ec75e6f792b0a08eb067f22fff4e41609a8d6c9e3b412085d92224996e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4e469d733ac7aa09039dc13d914eebea

SHA1
4c9c624da9b0f68c624f42b6140cbcda8b98fc83

SHA256
2f1b4fc65686ec7245f84cbcbbcbd74b5a02002f2e853e13d6c5ff3cb2f2cba2

SHA512
484e928a0ee9519e8c8f553d4c7cb95a98766048b2174937c4dd4342cab3e42cddcdc18c2eb52cba71931a652439aa44468f29e23c74071c219f42da5753daed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9ebc02b83ee4c02d628f056c7c5e3dfc

SHA1
97095be8487a50323faeb492aedd9fc1005808b9

SHA256
539f3f5b6455c1cd1b999649900ce3a588b9c672e2f5c1d536eece79d40f76a9

SHA512
b6764abf07a697b88f7bbee4b07ab736f00dd5cb3b7533c7485048b5a04519171f244d40dbac31d09b79645412cf9dd736c9c9d234a441676de0a780eb15cd23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5f37851016575c888b537c7f43474727

SHA1
3e2d9bbf9476417d2e514c5a45bc88383b92937a

SHA256
1290d3eb810dd44da588b3ce9fddc46ba4b11121acee5e119c4fbdfaf20a77e6

SHA512
c1701a77caf04c567a6181cef9f070f2336131559678c3103330e0060c0d3667e458611dc9bccfafea39bb5450aae36da27dc5da08472ca59aa89a005feb3acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1c244c62261422c3e492f93f99f28e62

SHA1
09a7a1a52a1d5df992b6704048fd6a79b64182e3

SHA256
8a9ec236c502a2af35702cb9774b0367a8ebe36bd384b4db5900ce61e0db0d07

SHA512
c440550f966aff48577b52418a7778d2c3b47e4ae167495d3129a70a5f11458235dbb48c2cd796088b0825d50df3362c3b810b237bd35ea7d76f2c92f2d7c223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57db6c.TMP

Filesize
48B

MD5
18c8038b8bee9e88a64d25e1dd22890f

SHA1
9848decc8c9c6af504376a112a620190ae1a80ce

SHA256
0068065222a9b75490412c5cb51a88322c5ed99a61e7234dca79b3f43b7ea6b2

SHA512
c787cc6d6c925026cb7fbe2a17de1a285f44286aacc77e10bb03d6a0eb0f798c0d935ce90b3f211b9bea45b19ef9f4a6e857f7e714c3dfa10f81960013d58399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
a6c744d97f56e1b40aa4ce3faa0151d6

SHA1
f4bdf364f7480f23762d288b0952f63e81aa7b04

SHA256
b830dd496fbe9d773af5177e3e9fc6b34ae46b1e3cec517db3664acdfe807eea

SHA512
dce07a6a4ea39edd3e5319e9c0b2795b09a2fe5e02ccb5fb2c8d3761f870b5eac55d05d15daf95bdfd85bc3a87e2fd81afea186ff13719efe0b0fb5cde93ad85

Download Submit