hxxps://lolz[.]live/proxy[.]php?link=https%3A%2F%2Fdrive[.]google[.]com%2Ffile%2Fd%2F13fERtmN7XAyMv-V1UJovy1JuH58D6w_p%2Fview%3Fusp%3Ddrive_link&hash=cda654e9677bb9605a1fd2a2f2ac4ac4

Resubmissions

11/06/2024, 16:47

240611-vayyvstgnm 7

11/06/2024, 16:47

240611-vap1ystekc 1

Analysis

max time kernel
94s
max time network
94s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
11/06/2024, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lolz.live/proxy.php?link=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F13fERtmN7XAyMv-V1UJovy1JuH58D6w_p%2Fview%3Fusp%3Ddrive_link&hash=cda654e9677bb9605a1fd2a2f2ac4ac4

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	chrome.exe

Executes dropped EXE 14 IoCs

pid	Process
1748	chrome.exe
4536	chrome.exe
1612	chrome.exe
520	chrome.exe
4156	chrome.exe
4384	chrome.exe
944	chrome.exe
4692	chrome.exe
424	chrome.exe
4752	chrome.exe
5696	chrome.exe
5804	chrome.exe
5420	chrome.exe
5004	chrome.exe

Loads dropped DLL 31 IoCs

pid	Process
1748	chrome.exe
4536	chrome.exe
1748	chrome.exe
1612	chrome.exe
520	chrome.exe
4156	chrome.exe
1612	chrome.exe
4156	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
520	chrome.exe
4384	chrome.exe
4384	chrome.exe
944	chrome.exe
1612	chrome.exe
944	chrome.exe
4692	chrome.exe
424	chrome.exe
4692	chrome.exe
424	chrome.exe
4752	chrome.exe
4752	chrome.exe
5696	chrome.exe
5696	chrome.exe
5804	chrome.exe
5804	chrome.exe
5420	chrome.exe
5420	chrome.exe
5004	chrome.exe
5004	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
40	drive.google.com
242	raw.githubusercontent.com
243	raw.githubusercontent.com
38	drive.google.com
39	drive.google.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
145	whoer.net
143	whoer.net

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625980845745566"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
1748	chrome.exe
1748	chrome.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
1748	chrome.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe
2604	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 3888	1496	chrome.exe	72
PID 1496 wrote to memory of 3888	1496	chrome.exe	72
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 4920	1496	chrome.exe	74
PID 1496 wrote to memory of 5052	1496	chrome.exe	75
PID 1496 wrote to memory of 5052	1496	chrome.exe	75
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76
PID 1496 wrote to memory of 4184	1496	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://lolz.live/proxy.php?link=https%3A%2F%2Fdrive.google.com%2Ffile%2Fd%2F13fERtmN7XAyMv-V1UJovy1JuH58D6w_p%2Fview%3Fusp%3Ddrive_link&hash=cda654e9677bb9605a1fd2a2f2ac4ac4
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdc6339758,0x7ffdc6339768,0x7ffdc6339778
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:2
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2804 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2812 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4824 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5116 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3552 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3056 --field-trial-handle=1348,i,17352337060845808716,626976214437557224,131072 /prefetch:8
  2⤵
  PID:4224

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4388

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2076

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap28880:82:7zEvent5299
1⤵
PID:4452

C:\Users\Admin\Desktop\chrome.exe
"C:\Users\Admin\Desktop\chrome.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:1748
- C:\Users\Admin\Desktop\chrome.exe
  C:\Users\Admin\Desktop\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\Desktop\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\Desktop\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=Cent Browser" --annotation=ver=5.1.1130.82 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdb2e55830,0x7ffdb2e55840,0x7ffdb2e55850
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4536
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=gpu-process --enable-gpu-rasterization --disable-breakpad --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAcAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1916 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1612
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-direct-write --enable-quic --start-stack-profiler --mojo-platform-channel-handle=1772 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:520
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-direct-write --enable-quic --mojo-platform-channel-handle=1576 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4156
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=renderer --disable-nacl --first-renderer-process --disable-direct-write --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2972 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4384
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=renderer --disable-nacl --start-stack-profiler --disable-direct-write --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3112 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:944
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=renderer --extension-process --disable-nacl --disable-direct-write --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3868 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4692
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=renderer --extension-process --disable-nacl --disable-direct-write --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4272 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:424
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=renderer --extension-process --disable-nacl --disable-direct-write --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4752
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --disable-direct-write --enable-quic --mojo-platform-channel-handle=5132 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5696
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-direct-write --enable-quic --mojo-platform-channel-handle=5304 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5804
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-direct-write --enable-quic --mojo-platform-channel-handle=5136 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5420
- C:\Users\Admin\Desktop\chrome.exe
  "C:\Users\Admin\Desktop\chrome.exe" --type=renderer --disable-nacl --disable-direct-write --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-zero-copy --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5652 --field-trial-handle=1920,i,16298191686821519801,11142098160512954806,262144 --enable-features=FluentScrollbar,ParallelDownloading,ScrollableTabStrip,Windows11MicaTitlebar,WindowsScrollingPersonality --disable-features=FontSrcLocalMatching,GlobalMediaControls,LegacyWindowsDWriteFontFallback,OmniboxSteadyStateHeight,RendererCodeIntegrity,WinSboxForceRendererCodeIntegrity /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5004

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
478b14a13b46a28d9e61ea79c5c3f0cd

SHA1
54b8a237f20dc8243dba447277ce14d18dd045c5

SHA256
51520a6e3c3785d56bab2e7a740659e46558c1c743f5b7c9153016bb415fa450

SHA512
d27b017fc0054dbec4a7a588c1f7eeb4ab4f0ae1ce4c96153fedebf521106be125ff6192625c127e839714b3eb5f5a2f5b1b7f6938ef39b39fb7b8b8dc94b05d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
efbeb7c51762aa4ba81e63546a722cd7

SHA1
29f966ec51c45b3ccbe8f47053b3defc90e98676

SHA256
0c6db23b150d00d91c3719f27d588386a1b0e09cdb55d59bd45630e80c570e27

SHA512
a144fc288283608017bd1dc83dc83051635a62218cb6804bec73698f6e7fbce5a5d123e3c33d4ec8b39379fffe5f642b1a1a3b3aec2f51814299bd82972862d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
789767d45d0dbd9c7f1f237d5bb2ee6d

SHA1
a208e00974317a616659177e07c27733a8ecd9e5

SHA256
4ea631e6587cbfc79923b6922ba0c78b106cb12dca7767ace30843a2e80deee3

SHA512
8d8927718d76333045ddee9c84e4d5c20514a79ee2a85cac3af9994bd2e2cc7b795b77609cd2c9b4f9d3bd2b75bfce16f3add919d08b02d9070e3f6ae1a13752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7652e73c5fcd94dd194d833b31903a74

SHA1
1beef36e17e588ce249ac0e6464dff0a000ac4ff

SHA256
197c62c65124893a1d203b9fcfbdb9e30f4167f2acedbb8d7aac22cd80731564

SHA512
282ce76d653c10336171fc5f9fcc118b52ec03f5d085749f2444b41b48157e38a590e84b750d55d8795d1cedc5f971b28e11a63a61616f1bef26d790c2a767cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
886ebba7f9a2d2b8af000a97f4a39374

SHA1
0f0c8c50c0efa51625f9ccb1f836ab5694d3930e

SHA256
2732d7bffbbca81064bb0cd27c3e1bb081bfdde30e16f410dca09ef903f648d7

SHA512
554f8b26d1fa139fafef531d399c9c4d8fe7b50a50a64bef1aea399526448f7ef74254d960d15208234738c87bbeae90fe0662e5886d4561e8b705914949ffdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b16ea7abed0095f533013c4c4a113e6

SHA1
6f13c7755ba81f281d440c0befafc5aaff6e9215

SHA256
5104aea87c20aec4f8ca03485a8ce1838818759e2769833257755c8cee2d9b83

SHA512
323a3b35ba79e26f1bd9fe94d9fe84028606fba07797c6a0132d98620f3b1d3ab2274d010492481c4a0f7cfbd13c20d5079179fe22937dac383fbda3609c43ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
df3543ad93b9ab0b44bcaa0edd3de4e7

SHA1
d34ddeed4612ba4987a3309bb09c0c2f005917e4

SHA256
b0fa87b20b4f7d154c40317183949c11c66b7b139a5586edb77308449f575697

SHA512
23d4d5b848318ac84ba9e7b2101b3356dd42480c59b59304dae0b1530fc8f80791df3f17063a1ca0e13c65faf560f1fecb003e6875674514ba8e2051d0eb75e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
97bdaeed7b7c0a4039d0c805fc3318c4

SHA1
b9cbc45cd5193078adc30768beea6c843a0b4e5d

SHA256
a33c6f371f97e44d728e171a45fe3f9f22810f859a80dfa469718ffa4c1ec06e

SHA512
a25627adb736d117bca2dd29586c7564ea627f7b3649aa1d595847ba8060139a16a6f2f1973453f5221c02e4e88244a422aaa55fb256444f7978c4640cd9cf24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2c5e5532-33eb-41b0-aab2-90a80c10bdb7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_url_fetcher_1748_550220784\CLDMEMDNLLNCCHFAHBCNJIJHEAOLEMFK_2_0_1_0.crx

Filesize
557KB

MD5
91221e322ff385c6c824a8f5c84e485e

SHA1
89a051acbc8290df85a5489aae15ccb3e1284f4f

SHA256
1e8cf0a67aa8ac083121150acb8b08d5310542a1e45d0e17ea7e3f92698ee318

SHA512
ef7e372c87f294fb79abcb391a8fc5c05614cfb8994af8db0e95268ff29802268d0445f8a8a0dad70c4471dbcb6a9a393d70a2cb4b5cbb35407217aa04186b97

Download Submit
C:\Users\Admin\Desktop\5.1.1130.82\chrome_100_percent.pak

Filesize
844KB

MD5
239ff37ec3aa673857239e6687af85ce

SHA1
d26291697577b36e988ae6e7a5fb3fec8916270e

SHA256
a4d7f37bc4f1b41fe5b1853c7b6d065838ca44d92d1570d69d8999283c24953a

SHA512
294a26fc6a23db03186a2c89378dad2b3fcaba00440504f7411a7446465ee6351158cb16c7cdab84fb9f974fd16644a033b7ffa09026118a10d7414c7585213e

Download Submit
C:\Users\Admin\Desktop\5.1.1130.82\chrome_200_percent.pak

Filesize
1.2MB

MD5
200398ecc8b8854f1eb57e20cb8695b0

SHA1
8068bf1e2cd87d8e35ce997a24c0dc0f94f10d38

SHA256
d975001ea65e0c5af927d78f95d43123152d354f3f7085f1d538200800faa187

SHA512
0089de406eb51f96a28defe1fa1d8bf6afa4e3161c9c298114f4b2048934f711c9a545f5c471ba39643e69c236db66f713dfa69cae46028862cd0191e13e3086

Download Submit
C:\Users\Admin\Desktop\5.1.1130.82\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\Desktop\5.1.1130.82\locales\en-US.pak

Filesize
441KB

MD5
10b94a6aa27ff3790be0f48a27b45111

SHA1
a2ca8161038976a84e39da05eb0aca2fa18ab410

SHA256
ca0a04e67fc0e3a80a004d668f5a4ddf97761dd2d01c9e1b90522c3d09cb56e1

SHA512
da0849d8c61e6944976a35ba49cab826e09999c320b1db859cc5f6067dd5c7e4f65b197ef211808008361507276b3dd251aa4f8b9903b4afe5b44b1f1feb26c3

Download Submit
C:\Users\Admin\Desktop\5.1.1130.82\resources.pak

Filesize
9.2MB

MD5
1ddd126fb578931b94854c5d06466281

SHA1
6a1e3a86b8d8e889d29f715baadb6a58cbc8721d

SHA256
520513cf253c76aabf503227625378328e3793873d469bf20dae00709fe81887

SHA512
65931bc9eb929659faecd6a524c49fd4a17eb3f9333e01f3e63420c2c524779679d4320ce63084d2a6a6a158d682a3b15b6077884a7c8752ba83979e74c75ad7

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Affiliation Database

Filesize
44KB

MD5
00af4a50b4e83413600c40be126b17b1

SHA1
d6c2aac58f581c4ea3b45c997a922dd99b2396cd

SHA256
95a77058925fc8dc392e2a4cf51d60ee41ffa49967a6e3bd4f34efe3f0473e0e

SHA512
8b95ee2efca34efe82a7e53e3c9ef68b481f174a5545c6a0af9bb104ab43ef9554e2fb439522d4308886a8b04c9bc912472e82af1e0964a5ca89906f0c646a02

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Bookmarks

Filesize
1KB

MD5
615d8acfd009853ac09b14d2d7f9a20d

SHA1
edc9fcd8c758d00bb2afe6209906c660cb6f3c57

SHA256
b3cea11d8c7941ce81ed389753213b363b426e913ca0fdc428ea786016f599db

SHA512
6ef172083e8d6f6e07c749ca1e99f6714c77843aea7f2993c52d67da640e2db16ffd6a537823d98eeb65c59f803da8378ba3e3f15923033b1ad669b3166f00f5

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\_locales\en\messages.json

Filesize
49KB

MD5
6be99a08a5931054a4df155a5806231a

SHA1
6bdf138299dd254838a0c3925f2089b6b6b1ef28

SHA256
58e15e329e8c1d69dc53cea3fc7c1a0e0a20ab66f469274286645a5b48009ddd

SHA512
0d1063501807f72bb8d604d248f34c7f442fbb5166461d2ba19fbd60c3d5ef7c603d7f1a58b4f2dbbc7c6a2497d200248624e8952e2646237f0a0966326c7ebb

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\img\flags-of-the-world\sj.png

Filesize
122B

MD5
738f193e16e354a4f9d70cdf4c6f5ebd

SHA1
b0a5a5ddfb3d04273d884bba12e9bf96452cb763

SHA256
638e1624f582db031b322834adb6b294e2166f0d1c79cb9e46240f6141693af3

SHA512
deb0e4118cfc30f8b1ef87388bdc3436f8c709879e18a5c5c5f4749164b0f0376ad9454b1224993dfb6e13e284ac211ebd3697319e05e34dbc04a3116c02b599

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\contentscript.js

Filesize
44KB

MD5
773227a77c8a87ec29f618ad9fb0102d

SHA1
75523cff78341fd2bdde5ce810d4fae4a695073f

SHA256
dbfffbb7a3c11dfb24bd6c8eb81204d64ce06af20a32231992e41b1b32ac1081

SHA512
1b36fdf96d52bc41553eccca0b50cb8ed472d1afaade1e8cb973742fed2fb66e533f372cb05230e04ebb08c892cdb47b83c42695a4ce6f70b6ef2cc0eadca1e8

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\scriptlets\subscriber.js

Filesize
3KB

MD5
0b135e77296c6b70a0b54451cd136e09

SHA1
b5bd5bf9e718c68364e1fd04f29b79e36ea9186f

SHA256
6cbfc36497c6c93b21973a69181828c90d2679a93a896bd2a10d4ce2bd1c00ca

SHA512
6adbf2c762be9fccc1ebfcd53eb1f67a3f67c259e6cf1f816b5fc643d834db063eaf5bda245942e8ee4dd828f8f52fc2c7e865e6c9601f0862ad3720a2f2aca6

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\scriptlets\updater.js

Filesize
3KB

MD5
41c0dcd58154221038c0a7c227adf816

SHA1
264f14633f719433ab2d01dc390c2ad23f07aaaa

SHA256
3f07ead6d8fb2e684eb9e19b60a1fcdee160b3e695f744ef54ba19ebe3005b21

SHA512
8f57df59051bf00e1fb1adec1dfb311f960f30ccb495aadfdc34ffae42a15f72e9b22c1b063349bb2f356a1942ecf9667adcb1a703ce39dffef1fa8e9027c0d6

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\vapi-client.js

Filesize
7KB

MD5
ad3940c6be89d0144e26c76a78779486

SHA1
99331f60bbe8181517fb81f0e51e8327719e171e

SHA256
30ea26df3ec1227d7426eff3c4d1ca13d8ad98295f50c5ac9b3292f3a99bfaa3

SHA512
f07b3c793cba25850714029b0bcf737744c0cc8e94070c3242e8dcd52f65bf3adf5750fb0963750331f8f6cbd9706582f501b6cf764e3f8b6aac1b1f91512130

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\js\vapi.js

Filesize
2KB

MD5
84421b0122e2d19a0d91c27db88a9bef

SHA1
4fa7f3add09053be3eb4193dd379cc03d86d3d2d

SHA256
31e664456e8d53aa89a49830f48d44afc124ba8cb81323fe3a0e876f0ba4de0f

SHA512
2308419a1062cec6d4046db4cdebeec3cfd0415d242f54a65951c032bf9c1441d51bfd1bda90d2cb89bbc3621d738c09b6876aab7d59ffab4dc2fec9ea49a255

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\managed_storage.json

Filesize
2KB

MD5
f9e4dff2d4310f806158f8eb8d4150af

SHA1
acf14dbbd2cb1eb45975354c8479e36fd9b46e1b

SHA256
31e8dff3dfd799867da68254685a3ae817460dbffc551f2b20e75fc8454a209d

SHA512
b8b44ff23775da44f9be52790b6d9cf2a620d2b054a960a0b876e981eabdd93fd1f42d97947103eb26561b809627cfa1555ee80bd1531c50991f3e6bcddab375

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.58.0_0\manifest.json

Filesize
3KB

MD5
87475bd19748506bf5a68218b4848067

SHA1
d10e4859f5655a31213635be204af891034c8c18

SHA256
d950a2ce6a5b31be08f03d2524ea5481a09e2f84018c2bd0e4300557b305d880

SHA512
6299213d9ef01f22f156e5cb962add18ab65675c2946c5b39ea3d0b09216e94a1cbae203ab4366e2396da96ebcdd44bdb81116f3a1b9591cbec4e32ef3e7cfd6

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cldmemdnllncchfahbcnjijheaolemfk\1.2.2_0\_locales\en\messages.json

Filesize
3KB

MD5
77e9fe07c0dcb49500001c886c5b5d8e

SHA1
15e2f09083796a9df208cd7418f897115af7ea82

SHA256
9b02e78a348894d8628064a5b9ada6d22d10243b7dd55a1b2cf6d3fc727161da

SHA512
60f61740c28f98420dbe7ca9f4d04a8629e9c085ad31a3b575d33ffd8339e730a31e6df96e30db4c62b4956b0f9113f3d9969b8bd17cfefa6c5a30599c2ee35a

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\cldmemdnllncchfahbcnjijheaolemfk\1.2.2_0\manifest.json

Filesize
1KB

MD5
42f6e523ea611a93ac7333a95842edc4

SHA1
926a555836a5535f3a234f71f5f38a54efd3d963

SHA256
0c8f774b19a318b3e14ab803ce997166a7b4d6310d725b294caa5e20d5543d59

SHA512
bf162ea92b847a1db92e415606bdfbfd2c119562fe989e27642d1d9fb6d86879eaa0bca6ba9d6c5b757846b0b417a0b9af6aa1a91aaef375bab8c3f551b2735a

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh\4.9.85_0\_locales\en_US\messages.json

Filesize
5KB

MD5
97b32ace306545522a4cce27dc6e8178

SHA1
b31594c2b01aad31703f385ec81320f651fef3ca

SHA256
99b1b61df8e1a136539a5f12c5cf827a38291c379a18bd63b9033f94084a589a

SHA512
a6c0fbdd12aaa5b7d57c401af21c66641c09ae9b25f4465ae83d4e12800d5808ae197dbc74e65c54ee394368c6c28e68059a1229614fe101e1b2e648bbea8f91

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh\4.9.85_0\ui\popup\style.css

Filesize
66KB

MD5
7928e2712af33db45b62fe04517875bc

SHA1
553511d2bf910db51aa921f833c41d8b766ac934

SHA256
9b79c6b469f8cb3d3630cb30e759003174f915b81dcec14feb85b92698a2a662

SHA512
9acbc02f2de38b3716cddaf2409ae7c639e670fe8a82d5e5f76bbe8e94b9ab6786dfee7ad9d3d5edcc64cef92b30c890e20e3eb154718d0a524d17ed8cb9bffa

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh\4.9.85_0\ui\stylesheet-editor\index.js

Filesize
99KB

MD5
a8162d458e42082c8434a3e96df0a36a

SHA1
44b298e8ba47c6a24e0b9ab8634ecd31e4e8b3e7

SHA256
065bab905bafbd8f3cc11371ab007aa10e5e7e3cae1c95add7072d141ef49621

SHA512
9b2e73c68f05173d1cf99d6c8a9c0a091be038c3496fbbe8374f6ff15682388f8c63b52380d8cbbe8140c9ad1c11cd853b7ab7d81aef39a9ef88fb52d322ffd3

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Favicons

Filesize
20KB

MD5
0f27f07b86e5b6e4a37f80cdafa95716

SHA1
983618346a162072bbc047f2d1d8f6a10a2cb169

SHA256
d7464391a9a5c3342af7459316e32caff4c88c5705b76086f20b178d0ffbbaeb

SHA512
9f33495d375a535cf0e3dcfde5df69d7b97f3f6141425128a8a655754ac56683cf1d989305644e0f58f11e3d6cc2ea61ad9a5f52dff2c19abecb1f1bb841b482

Download Submit
C:\Users\Admin\Desktop\User Data\Default\History

Filesize
192KB

MD5
27636bb0251fb9a86c6cb9d1adfd8069

SHA1
709a739aea6f93171239baea5b2d1451088e906b

SHA256
62bf82c95425a28cd9b8cf8d1472ea522f20ec3adbe28e944691002b82705cc1

SHA512
317df5ca65cfd2a82753869a5f69c8250efc1d9c6eb7cdd4e2d08ebcdf2f564e3b57c345a94208e9fb4b1e8fdef024c437947af1d64e8c511e624b5e7d28fb3c

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Login Data For Account

Filesize
40KB

MD5
a1877ca6fef34566af96af105f154dee

SHA1
8df5bee9f7e2ece02f854056a3cc1dfdadc7a298

SHA256
ba40b8eb55aeaf252fd740bfed6b2c99b057110f9fe1f684c9694ec0b7bd80f0

SHA512
d82f9fa88583b07df5309086056bab6308304dd4f75f63ca8e769a9938f4fcc8214efc1f7aad78dd437121e1e32829e25e0c2259c28cea385dc0f5a9ba1d9e69

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Network\616c4b19-65e1-4850-b859-54541c59f0ce.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
71af97cdf3ff1b3d1d8aa31c2594af91

SHA1
e3c235653352a2d4a2ac7194a8d5dd3af4641b79

SHA256
6e150d716419810d2f70015950a70420e3ca9975cce020f329678744b25a9da9

SHA512
bd319188dd57114e0cd68e634f191fc12fd2ffeaf8527dcbd53d184aae656041a80abc48b59fca12a8a3bf5c2205fe6a9948516f0be6623a031a6db8471622bf

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
adec1427524c010a0cd4f4c3bc79cfec

SHA1
a81399dc37436bd6d7fb577801594823a1aa584c

SHA256
29e21e06d419752487b755d4bdfc983ac2dfba7ca813dada0d08818038eef3d5

SHA512
77af227652323a2250413c2802908b334d97318511569e1304b17ae9a8fc9de5f5ed0295d6da2445c924f63852d3ab0f30f7c327c283e7e6e5ef964c2d476a96

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Preferences

Filesize
32KB

MD5
39d4839022b9d2f8bb38118e356e96fd

SHA1
3457817647541281ce5f2e984b05f01940149fc9

SHA256
0fe453639f2e4289c201f1fc3c4a14baad548b432e6428d99a61fc534a946850

SHA512
dc0efe05efbee009b3e06b985d10efb086cffffa1c8446a179ce1bb2098c32029cc691fd7f381e24116d41b69fa5dfc0bd69ccdfce79c349b5137a7281c4b5a1

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Preferences

Filesize
32KB

MD5
73ac08db5e88126cc30f15e98e30e1e3

SHA1
962227ce0831d251ab264dcd892bca6e1287a900

SHA256
22776d3a645fb7c3b1608b08dd31e693b4269c7d8629e0398552415369107aa6

SHA512
c9f41b464730ea4a2a97c365d62b3c9cbf8077624d95add0ac42355cbdfa3d9ca2495a85f02c0ad00a5ae62c488225ebfc609c8deb5504d545cc15a79439b1b0

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Secure Preferences

Filesize
95B

MD5
64bc6d81238c06e266660bf67b9cfa1b

SHA1
f76685e9d20554c027657ba58e24d67a8fcf4db4

SHA256
c808e4fdc69da98e3e1969be07be77f2248607be7247797e335d2d95533ea3fd

SHA512
ab58d1525fcd1adc5fd8e7142bde6d2705e2c4f9a81973dbe2fcffeae6a35b27ba7a15ab97bf7c00e22e8b318271bb456ac5a13b770ba46cfb2789b801b4de64

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Secure Preferences

Filesize
95B

MD5
49f73978ab9bfc95e4d14dd1fae23367

SHA1
7eecfec001c5fbf9375236cdcf70128b18605fe0

SHA256
0b3d87f7c03362bc72ef2a6ac6d7d24000cdfcb1e39637747cc329666d2fd0d5

SHA512
38ef9fef1036b31baba911faa4ee57bd2d530491707ad54b068abc7a01ce0530d4d5d1c23aff185ef9605ef3cfeab2072dcc8e15ceabebe48be9771e0d7ce9cc

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Site Characteristics Database\000001.dbtmp

Filesize
41B

MD5
952569ae5a5ab83e15be1ae33384a65a

SHA1
8082888bd3674721aedc363231193dc543d0e176

SHA256
16b1a9752f51bc660c3854d258bc084ad8f00bd8a99d5e65ba38e7a3d08fd8e0

SHA512
4bda222bac027fa52463a4619a693dffa7756f9527a684ace66374258b6bfebcee9fde0478ce83a308bb3c2965920d597e5262e06a14ba421c9b070aa9ef72ab

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Site Characteristics Database\LOG

Filesize
263B

MD5
892ad7ab987d49f591aa2df5ef69c6e8

SHA1
0018cfd5467f444a4457045fc810ba01ddd700d8

SHA256
fefcf3af8f13cadb0fd356cb3db3c9114632a856e47a82cab1e41dde081be4fd

SHA512
d4fbf1f2eb68196c4dc28b9964856083630a9269c49fa1102c2fb87ac195c9dd52b5fe944f9dd7e20d6c43deb958f6909a985ad9f56f542c0cfb988b37e804d2

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Sync Data\LevelDB\LOG

Filesize
280B

MD5
41a6ceb2f5b8c97866660796e92f8bfe

SHA1
c91b9bf658c7617d357a03356f989bbe8945137f

SHA256
9b4a02defed22dd99287a8813653bee24364cf648e602db668a17d4b42afde79

SHA512
6e5f2de9f539972730017b2331599f490c08472086ccda23fe8a08e10532c8ebd4a44286f65bd5892d46c24367290bcdd5997a2e2935004a29ff48b5c73e6c63

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Sync Data\LevelDB\LOG.old

Filesize
280B

MD5
ff16160dc124b045eb78864ed0c6b6fc

SHA1
46b6a39cf8ffa74db608e70008b3b286cf1ca4b7

SHA256
75a56d9a76382aa182c74036caa48664b7674d0c31d5f8c984f1834fdd8eeff7

SHA512
f561733b99ca5d32605af9e72ee918cbc9a714ac9e33bfbc0beaa6c546269c3eae34dc4f975c06a6eef53b9b6b70d638d9008e379eabaa59111af809b63c7d09

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Visited Links

Filesize
128KB

MD5
d481019b84c5c35116192a1db454602d

SHA1
ef4465ef7dc3ccb0b7553b2ccafa65d0eb55e2b2

SHA256
e85bc7f34cde8b9a0497add648d08a3a51a297778f714e6750d38da33e82ca72

SHA512
5963f547292112de84b8f456fc6292968c0a0fecdc0d27160344e55dc16451eb9be107814eb55dbe6d3d44c349318c6ba19b39a77287f42ab9dc6ddddbbe8ba4

Download Submit
C:\Users\Admin\Desktop\User Data\Default\Web Data

Filesize
104KB

MD5
258499194e817c9700ea6490c8af816c

SHA1
acbe0ac058b2bbb73b9ac83fe98285ae55a48cf5

SHA256
e5f25bb677430b2e3cc9de73c4cb181107741ffbfe3584d830ea428ca55264e2

SHA512
daf12e232a351e249d5672027cc6888021bda82f35aec6a055960ee34c883aa5fdc078d71ba0d9cb6d79c552f5193aba8d0b85938055c9f0b1e7b9b55d9336bf

Download Submit
C:\Users\Admin\Desktop\User Data\Default\trusted_vault.pb

Filesize
38B

MD5
3433ccf3e03fc35b634cd0627833b0ad

SHA1
789a43382e88905d6eb739ada3a8ba8c479ede02

SHA256
f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d

SHA512
21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

Download Submit
C:\Users\Admin\Desktop\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Desktop\User Data\Last Version

Filesize
11B

MD5
f8990e0e782b68f47a61dc4a13b7aaa7

SHA1
4b52945537fa453744ba14fca26e095680d78617

SHA256
4d1d1f7e757b746f5ef2e8109e40c7b18dad11aec6daea9f7163f2a3a07bb7d3

SHA512
e7d8f6ece1b2f6da989e5e32dde5706e2333f962371327c6480a4ba82cbbfc3679fa536bef3209e3e5c34d6873e87662d5b2203d064be24031250620508b3581

Download Submit
C:\Users\Admin\Desktop\User Data\Local State

Filesize
11KB

MD5
93e259445db85e0cdd698a06475b802a

SHA1
a17f7dd7bd83e3e873a14a69354b4d8c97952c2b

SHA256
c7f578d0f5068bcafeb15387945b0d515c37d6ca00243dff826589fe9a97c2a4

SHA512
3d79953ef2722035d0e452913689af0216fcd4af06a3d1d929af46e0a2da19cbe70a05597351846d47a4f4c141a2272967fd124c2784d89f9a308c2d67019959

Download Submit
C:\Users\Admin\Desktop\User Data\Local State

Filesize
11KB

MD5
57ad926cd7dd22bf60cdfd2a48f3c9f0

SHA1
9a5f04384144c05810814a570f7b25e2276c03cc

SHA256
bf95de370ff512d274b1579a8ed51b80ed16514240956a59b789f1169c335fdb

SHA512
fe1c906582003499c4cc9ddb16cd4510ebaea6996029f852682ca147e9ae558aa38ecd15fbbcb4cc60e3b02f5b908d2695b2d8c8ba83576f852a94cb09baedda

Download Submit
C:\Users\Admin\Desktop\User Data\PnaclTranslationCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Desktop\User Data\PnaclTranslationCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Desktop\User Data\PnaclTranslationCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Desktop\User Data\ShaderCache\data_1

Filesize
264KB

MD5
18d7cab9f4cc364756a5b5bbf8444d8e

SHA1
70265367c6654f830606da978dae5a0707006ec0

SHA256
137d139fff35b7e87a508a2b5bb1bd20779020df9fe3c95ba106bd8d6b0396a8

SHA512
1fdf9d6815fcc99b23ff732f27b82486023e1504c78bd5583553cd1a6ab3c7773a1264a878857304c2ac24c34365ab0eac9b4c9333c7657b63d7516af413a230

Download Submit
C:\Users\Admin\Desktop\User Data\ShaderCache\index

Filesize
256KB

MD5
a52ba976dbe6eb23ed244d2749f123fa

SHA1
2fe0ed97d37df520e96150ac226dfe9d1dd5eead

SHA256
89eb1e626256a44dd2711a58adfdc9332e2222498b2ab8c870c7d3d87d32a682

SHA512
53f8b7a160be9ea632516ab29f5db8bc505bf6547404db6e74c96f80524bce46118957d2edfd8e3eccae2c26f481d3cf8def466fdeff8b11806286529f899476

Download Submit
C:\Users\Admin\Desktop\User Data\TrustTokenKeyCommitments\2024.5.3.1\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Users\Admin\Desktop\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\Desktop\cb_config.ini

Filesize
103B

MD5
5f239d40006d2dccf8ee7fb23897f75c

SHA1
eb0790d4eb22cad04514a9484ca67b113fd80b0c

SHA256
2acd75c3ad1067e910db141f4a502b3a4e45079af76d138eafdfedded3b0d934

SHA512
ef733e6ad0e5db97225a1b267174d3885e624c1781e64ba8c432d8e9632d9356e04ab082cd2c9a588f63bfb3766e410d3bea06d1e6d0b2400b38b58845f07ab8

Download Submit
C:\Users\Admin\Desktop\chrome.exe

Filesize
2.8MB

MD5
8d7a43e88fd4dc5866c389c50f5b9a1f

SHA1
55ebb3db3a2013adb5e14c5e05db28d2160a3de3

SHA256
931f87d80b3b5489445a8de5641ad9b9caa5c8edf531b30dffced4b4e3381421

SHA512
69ecf7ebc6de72d225884e6f2a75ce45054f646088ed56617256c1efb83e3eadcb7b19f6c18f3647e70d9dbe180e09eb3a9d0911ebe08f5dd454b056a0c49635

Download Submit
\Users\Admin\Desktop\5.1.1130.82\chrome_elf.dll

Filesize
1.3MB

MD5
53ac834817c28e28d78e68d5a2221c5b

SHA1
a9a736aab6596d0e3b4b91c308dfe67c7691a372

SHA256
b33a9392140204944ff6843db529f0e3de27281282530dda6cfde547b085fe5f

SHA512
a0248eb053e80e18c53dd4aca4bfb699a4d2d444e35c04b750ff6ce1787d988bbac63fc3bd37f6cebebc221d7d4d5e4969529cab7c39a51ca76f7c4c0a1e661b

Download Submit