hxxps://mega[.]nz/file/RmlSSJAb#M21iiaijJtBe4Lbo1_e8qWWdByW3vPjNSQh4oQUJ0Qo

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/RmlSSJAb#M21iiaijJtBe4Lbo1_e8qWWdByW3vPjNSQh4oQUJ0Qo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639669819172032"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: 33	4676	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4676	AUDIODG.EXE
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeRestorePrivilege	528	7zG.exe
Token: 35	528	7zG.exe
Token: SeSecurityPrivilege	528	7zG.exe
Token: SeSecurityPrivilege	528	7zG.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
528	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 4972	3608	chrome.exe	83
PID 3608 wrote to memory of 4972	3608	chrome.exe	83
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 1008	3608	chrome.exe	84
PID 3608 wrote to memory of 4452	3608	chrome.exe	85
PID 3608 wrote to memory of 4452	3608	chrome.exe	85
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86
PID 3608 wrote to memory of 2964	3608	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/RmlSSJAb#M21iiaijJtBe4Lbo1_e8qWWdByW3vPjNSQh4oQUJ0Qo
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba8aab58,0x7ffeba8aab68,0x7ffeba8aab78
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:2
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4368 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5048 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5368 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5160 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5320 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3924 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1984,i,6310211303364730970,16599896226081496472,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3544

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4108

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\DLL INJECTOR + LUA Executor\" -spe -an -ai#7zMap28052:118:7zEvent9648
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ff1e276020484bc40ccb6e1b512d7834

SHA1
15862c833f7d55f6d3438b13e022f2d27ab5463a

SHA256
0c04d2016537eb34737f626869c29268d9f98a2efc7763093d8fa7fb0381bb22

SHA512
0f824837960bf8a07c7ec56a0c133e77a19877724433dafdaaed1238d7b94a3b3869b5682d260a070ba98e48c55d5ec6e02419664b14e572868f6fcb223a9466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bda6e98d2f0352453835ad8bde6cc8c7

SHA1
32e2c0db5eecf6bd29a6ef88c1792d5a841cceb9

SHA256
02722cd760f14090b6ba4daf5b0d9930e5c768d513bc5210507c20e01f6723ef

SHA512
a0f4d4193c0b0b5a11d3f344b9f33c310294ff99e487502632e2a9bbe08cb6700a04d58a983370478cfc9446c87d784b9411b1709da4270b71b07ccf0f51df04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
944fb34d608fb7f7944fb99e20c6a992

SHA1
6b03da9f6448999f2c8591151829ed3095bb8d52

SHA256
02e1ca2a06ba36cfc95df26ec017f0b61a4c139682289265e2d95cbe5e574917

SHA512
305ffd92137371b0ab54a8f469472c57d55211ce96ffa94dfa44707dd86735b574b9edccf985faaded6b6d448579f49a7ee5b75f775e44fbdd463784a6fb5783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
4ccf48baf83de68aa47956be73b5f1ac

SHA1
3d6ee11ca58ac8a23d4aec8a4b8046ec4a5eb5f5

SHA256
9e1841c2b6e0a2bae973df79b46f1b37bdf5bd28a406dcfeef7454c0d91aaf52

SHA512
2a1920d2e60e38b16ee3df37173daa0744647b6dc63e2025699106dc8b88496ee312b67b833852d937631ec7c7f407f4674807667aeb5e47a81b95396ff89503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e1d796d69e1d8c352565b439e301dcc0

SHA1
9c2ab96b902829323610aace75ecf5e62ceb8faa

SHA256
27ca44ff6e04047a33df4e6f0c4c0510e65e04b71dc8319e0a8e860920d58500

SHA512
058197f82ae603b8427ffdbb7a58e08c1e84142c3a971877efa6cea3f9608238db77186cd22c95ae718659a45d6740b6d10e4366ac8dcf8a27a855a40a9e923c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1eb6cf698eca054e711ac7d949be64c4

SHA1
8bcf80798fb88ff2d14986e2dec789e4b5a37a87

SHA256
56b2387b6e0453b883112bda4fe6422584d008e0fc9efc371389cfc831e3d826

SHA512
3ff618b7a06be5254b4aacdaa04a8170c2b3e193523671158a31f3fee91d63ce81e4344f5af5726f6ec8b4732aca5db2bcd1198d9fe2d490eb9eba9a7202f824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e94fd64bbae68f39413a4dbc99258fa2

SHA1
c40912d982b7cf36b7ea07069e73be1f74627742

SHA256
6cc00e25c47589f7fdb02d5c357a00993f678ddd4395d967bb5e7be4062931b1

SHA512
2e339df8ef26b996ac0662186176961af5be70a6d8aed6d398fba3291f6a2e518ff843199743c41977d68059029074151d0266e6298b6cb4c0b74df977e02466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
b2abc7d8823e5bc8396c8b083033b6a4

SHA1
dafa14b4785f979a621c273bcf2d793373b98835

SHA256
09b1dcb4ed16bc45d437767f0f4d699a9c8e979d4f3f507da698a2a083d8c5e4

SHA512
fdd6ac6563fb453120cfbd9077d048e4d980899e20402e17ff30504b80e64b6cb15cfaaac37fd544768a94063ef6387b7948dbe6cd0f259e1577d6eef90d54f1

Download Submit
C:\Users\Admin\Downloads\DLL INJECTOR + LUA Executor.rar

Filesize
260KB

MD5
bc04fbbd65d5585ffb214cedde714c67

SHA1
e98bf79668e7504885e11a10dd71f5a2d19c3de8

SHA256
6203c0998f74fd183809447bc9eaffb617f2d63ffc66b687a359efaef33453be

SHA512
90ac2c82817469d876393bac6e89bff109b38ceb98dbdf730ba31f6d4997c2cf12b4f93ca852a84e53dead6406fcfe235ad4820b6e094ba8dca7729bb6d511dd

Download Submit