hxxps://mega[.]nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ

max time kernel
599s
max time network
485s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612755174581816"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4928 chrome.exe
4928 chrome.exe
4928 chrome.exe
4928 chrome.exe
4204 chrome.exe
4204 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4928 chrome.exe
4928 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4928 wrote to memory of 3772	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 3772	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 2064	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 3068	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 3068	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe
PID 4928 wrote to memory of 4580	4928	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3ad4ab58,0x7ffa3ad4ab68,0x7ffa3ad4ab78
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:2
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 --field-trial-handle=1932,i,1048969041820328541,451826086162973645,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4204

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
672f366b6b79e35a61625490d6276f75

SHA1
37755701e31fa262fa2d48c3608800d34c875e93

SHA256
14743206b58c136bd000705678aec0345ba5ff08dbd9611343073e7779f9cda3

SHA512
163a9e74470fe06812e4aa7b0bc7a8f35fc5e8170dd72b0f038ef60dca9140e613e7cdb99c815b18540660e83e17d0c1957e90d128961228d9a50bc1fbe0bf99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
231f227237cae69ba6d5c8040bdc298c

SHA1
3dd6ef8a791fae175d8203f40af94de428671f4e

SHA256
a03190398afa7b9552f339e50da6c2230472f3d7fe1711c62a4638485690912e

SHA512
918b9b74fdf3810db8505cc52f529f033820348d822fb3e68adef684e1c3b9ad11782c4c6ea2d160c118246655412d5f6dd32a5ca62cd57afcb977e1f85681e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
59a132ab40cfa7f382536df979d39dfa

SHA1
cfc253de6ab726c3c60f44d159a1af63c73ccb5f

SHA256
28e135f75054f9590542047a3c89c7e757452ecfb4020ebe166f185f4de7a1fb

SHA512
1ba167cf7e1c5093c9f7c43b9615cb77478ad52c5b86faf416eb420ff65522afa00c0b471991c003d8c8c06dcf39828030bc956d8afb7b3bfa155e916eba0dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b67fe32143d91788d2eb6135a90ef921

SHA1
3d9745cff23b5818c8903962cedc107dfbc214ad

SHA256
8eb9bf026e645290efe932847323923be138d887b834cbfa2dfba17c012eda2a

SHA512
11a776bac8e803b1b22e0813d3eac95b12efe96ee2f1b0b3008920ac363092a2d6509aa52f2c7952c7c6576bbc74da349205ae13d48e749fafd918f183d7467b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
09911b87ca1ff5a3bc4bdb8d1127badf

SHA1
e0789793f9cd25eb04d46067e4eb55e1b0c1df79

SHA256
235539bca22398b2cedd1c4ede922ec219a182ce15ba366a4db9f19551b9ed0d

SHA512
d38d05e698777fa5fd38a7f35dc4b8ff68df3c2d9be196fce1ad0b4343178ca6dc9782c5beaa35c8b3e5410858972efc166e9b77300985917c0e7ef98ab2c1e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a345.TMP

Filesize
48B

MD5
18543961000f3c1f0d7d29f8a5403c95

SHA1
30ee600228d75b6d5f38389ce45ffe5ee202a6f8

SHA256
eb7ccb274759bf31bfff0576b66f828f5e30892ee4a8b726343645884474b625

SHA512
a39faa5fac8af17ae9acec6499e946f5b2805259fab6c58941162dc8aa73b9ea7d71b6d8a015b5c70c53072585bbac545bf3f231c9ff460cca400b29cb987e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
d3e47e0c0b444266523b2ba8c72e3a83

SHA1
b5a391dd311147ef70d837bc6b68950402872155

SHA256
a0d02bf0dcfb9ce242a4e714aa1fa8f04fee50316519824c1b7fbf3c79b92fb8

SHA512
edc72836c7871a3f69c4c0df2ecfe7139723b622249856d02d583f6fc27bc21bf8ac900e87842ad2618232316f6c18c217947b24a2b3a4bcdf60e8a97ea67942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2ed5275e25908eff13712c929a4028f7

SHA1
dd7d000ad212475295a4285484488c17a79199c6

SHA256
2e8168e6b8b49e3aa6b9302328cbc88bde7b01f701010361ad7f723613f6f878

SHA512
cd0f0b17fbdde93cc060be76851d31e840200bf13210d2d628bbb7c56ca8bf6f71a1b932392ec94bbacbe0c153a180aaa0b662d9f50be8e78aa957520dddcd98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
42a2344b0a97dec24796e50a4d4024eb

SHA1
cf9d1fdb9131c3a6eb0be4e21760fe41f5720f37

SHA256
20ad2b613f5b4052dc56561242083f1047dd83ab5198a150113f3069538075ff

SHA512
9895fb39a7f0321f1a691b46c6634b7bd0e8afc492641af6eb722be3930e42b2bfb544fefe4bdd14a4ebbc41bca0413e4f4a139c8169daa225bef6f988db8154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
593780fffc3081c78d6beab80f3b86fe

SHA1
b0b805436b5767c6adf281d41c8fcd2f1f12fb03

SHA256
b5064d011fab69eb703d60935746de96ff686f2264c0f4bd1890ff4d193cc588

SHA512
ebc7db591e1e2454939111468ceb432c247f4c1d0fcced55a60d56f21144aff1dff1040f4c98f97cc149104b84f8300504decc78e6d1b5fdebcb59f291eaef00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
2c73ec46a8273ac3205072fa0020d145

SHA1
806d0256fb9fd41036f2753537fdda7643c9bba5

SHA256
e7e1461e6be6f1f486ce53542486b4a7bced05994c8aa7084de6edf0bc45e196

SHA512
c27c279b6c027d44ca6eb500a8532680c20991a3248956b39c48a6fd77fedea3fe9d56219b67b75b784ea54d2b07ae3750344810517cb24c810c22f04bd1d2e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e5bc.TMP

Filesize
88KB

MD5
d19010f04df4ffd21aa9cbba2afc89ab

SHA1
d2ff1e71ed58dc5dea37a10167866994f004e0a9

SHA256
0256f80c7b7428ba5faf411ebb3998d8a2beb2f25ddba95af0ac9644ef0d848f

SHA512
3be60c68c56c1a238f0ffc23da21478dc4cfd8a080f5604c33f81f89157628296b8411ddacb90a75047e8da592860349d893803b220ad861c902458822346dd7

Download Submit
\??\pipe\crashpad_4928_OPPOZVPQRUFWAEXZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit