hxxps://clicks[.]vidcon[.]com/f/a/rYOirXmPX_nRYFu5fSakgQ~~/AAQRxQA~/RgRoXGj8P0QbaHR0cHM6Ly92aWRjb25iYWx0aW1vcmUuY29tVwNzcGNCCmZ1_ON5ZkbYLexSGW5hdGhhbGlhLml1bmVzQG9naWx2eS5jb21YBAAAABY~

Analysis

max time kernel
299s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://clicks.vidcon.com/f/a/rYOirXmPX_nRYFu5fSakgQ~~/AAQRxQA~/RgRoXGj8P0QbaHR0cHM6Ly92aWRjb25iYWx0aW1vcmUuY29tVwNzcGNCCmZ1_ON5ZkbYLexSGW5hdGhhbGlhLml1bmVzQG9naWx2eS5jb21YBAAAABY~

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637479042040347"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4204450073-1267028356-951339405-1000\{85A84DFF-39A8-45E0-B450-593D0AA9561C}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3392	chrome.exe
3392	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe
Token: SeShutdownPrivilege	3392	chrome.exe
Token: SeCreatePagefilePrivilege	3392	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe
3392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3392 wrote to memory of 4424	3392	chrome.exe	84
PID 3392 wrote to memory of 4424	3392	chrome.exe	84
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2032	3392	chrome.exe	85
PID 3392 wrote to memory of 2368	3392	chrome.exe	86
PID 3392 wrote to memory of 2368	3392	chrome.exe	86
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87
PID 3392 wrote to memory of 3664	3392	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://clicks.vidcon.com/f/a/rYOirXmPX_nRYFu5fSakgQ~~/AAQRxQA~/RgRoXGj8P0QbaHR0cHM6Ly92aWRjb25iYWx0aW1vcmUuY29tVwNzcGNCCmZ1_ON5ZkbYLexSGW5hdGhhbGlhLml1bmVzQG9naWx2eS5jb21YBAAAABY~
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffeba8aab58,0x7ffeba8aab68,0x7ffeba8aab78
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:2
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4360 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2540 --field-trial-handle=1916,i,1273056633455794995,1324099587492690276,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5092

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x470
1⤵
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
85edf66a3861aea888bb86b4b5ca989b

SHA1
4cc8aa16c4d0805ab16769be70718f544cfda814

SHA256
342390e87440b8b68dec7f990babadf718b376412f72243f748f6064750a11d3

SHA512
0feb161aee650ec5caa0d51e614b3bbaaf693da8eb3ee193c36c90161b55c8e17463c0223c465031700b5a251a2cee946d53f6f233776cd98c32350142b88e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
257087355ab0111629f9e26d6c8e8d96

SHA1
126c1a0278e1be1f3668b8fdef0625b526f77554

SHA256
0c5c33c5369450796c4f0ecd86ca062f40a8b2d2ad7084d1f1e92f25b223bd6f

SHA512
ef55b5ff422d3831bda48383371e93b3617f0239a15a3c7521c77a27d4391d9c6de02ff4f6497cbb75dd4bae768b1f19e6a4032fdfed5536c8bc7e8059046850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
02703ff9ab59c09664acbc65453d7233

SHA1
0361b6ee4343c23ce6b9d86a26ab64f22c2d90eb

SHA256
6876d9b36238b9bf36ed6c20e9c65c772424a772132d2ba9d5c4a30a3f1c6eb3

SHA512
cfaddc5605f39c37fb062c0d0741ffa650b8202aef2131925dbcfc2f9d12af50d77874073228b7363c2fc23db5e2f5016a4b4ca324dc4b25f399cbf202ba75d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6a2539c849eeee96719e27cc046bda54

SHA1
e1420cacb4ee807b9bfea72b7c918ba2d112e95e

SHA256
ccb50e570657bd2dede180e97d60496ccd41381e3f205d54eb01e6ed0f1f9315

SHA512
da281b1bb57c555d2b3978f2c540b20b67f02f17d099d61d4e41652d08addfdbede44f1afdb723cd717ec7bbf54fa00c6729d5b1def46967fb433ab6e05cd6a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
572d9b80b02bd62201166ea0acd11408

SHA1
5f02de725160de658b848c05c2ca4d941799dbd7

SHA256
a84450f76e15bd3e6b4b8f70195b7491cb543af08304dc4f7e5efcc5cf42384f

SHA512
d16b401784990107c56543b980658743688d9a9bc25757814afdbeaa889186d03a70ffb684131e0319f6327bb7fad6685a3a5e8a537a67e39fcb26426984e54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e2eaf50a2a678d1002753fc0981d71e2

SHA1
c67fc43d4afd0a9fcd321df6d12fdcab3e383d31

SHA256
81813eea6b9586fbc76a969fd6096d84e3953f49690b4e157180cd85388611d4

SHA512
601b8e32e14c79e511158cc9e53a257811402dc71f0102e9b455d44e29602f6d6c237d8792c024700eeec02c1c8cc12e8c04176bd97e8195c696ae976a008858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
74B

MD5
87bd13eedc7b01a1f71192392a44a812

SHA1
b14c0dd59aceb96c9ba8f602df2bc489f60049f9

SHA256
bf94bfe69e25738996d13974073c7f1e5d0fb2959bd8a954eedf7a8a850c0542

SHA512
ced2d7bdb1b2eec86b8b0a9efef4f167d1789f85823f3407bd93535f34a5c38c1e781b1725b62c81f60b75cc5afa3e6fd38fe39defecbe0c45e42da164f1352f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
138B

MD5
841ee989d29edbc1b7e79fe4f35bdc15

SHA1
c3ae7dd56f371f8bb2413672d6d3f496eab40d12

SHA256
aed8fc7e148cfb4db1b1cef44350c3fe5bfeeca47afd19e5c3b317a228e9b8a7

SHA512
9a012e07d8d78c7194f80f1638f3475612852ab9c9af032453715d7403976832780f1fa07d4c818b2b9465f750c06dc3c4a610fc9823dd3e242ce930e196bb04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5750a0.TMP

Filesize
138B

MD5
61d6d1a28410b451a7c28f165026699b

SHA1
02c853e6960f88845bcdce12f96003bd30dac51e

SHA256
37c37ff01843f4f6a3909d0c6e142fec898e43c5c83fdaae11eac4eb34d5d336

SHA512
193d9770e6adb8c522ddd39d7aee1ebb69f743ef1b8ca26da4d7dd421134875e7e9f28e973077b25e58c07347b1e6eaea5495373d2fb3eb2d7cc556f7b7fe1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
5ac04c4fa5c4aecbd78015d64ec8eaa5

SHA1
361171643c5948878a4c3b7de598131498b8534b

SHA256
73b08d23fd755e93e13e9a2970302fcfff0f01cbe9a65176cb5fcad22fb98ba5

SHA512
193adc7eb70453a854e8155b9d30a433bdd01b793fbefd82d749d23c32c8028e8ad7cc695d6129596a714c0e4c20a7473cddbcd89499d28b755b623964156ba1

Download Submit