e7c86a734df3942463079883b96930f223b3cd40b501d32c3d143687d546d444

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NXOV4.2.dll
Size

1.5MB
MD5

2fd3f4348ffc36ed2edb18c1c204bd3e
SHA1

1295a7987084a4c31a561518b4ea936ba05701eb
SHA256

e7c86a734df3942463079883b96930f223b3cd40b501d32c3d143687d546d444
SHA512

97fc477cd153ad811ceadc60443af544137fd5197c7ba99f6dc05e19aff3d8d364ab41efdeb87b067327d2f4b331173efe1daed3804d8594bf62e046f5399d73
SSDEEP

12288:jWcvWYVU2jcnUh2+gkE+sPIdAfBXjvtQ2U1YMGI:yzUh2+gT+fMfQgI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2796	2720	chrome.exe	31
PID 2720 wrote to memory of 2796	2720	chrome.exe	31
PID 2720 wrote to memory of 2796	2720	chrome.exe	31
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 2600	2720	chrome.exe	33
PID 2720 wrote to memory of 1428	2720	chrome.exe	34
PID 2720 wrote to memory of 1428	2720	chrome.exe	34
PID 2720 wrote to memory of 1428	2720	chrome.exe	34
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35
PID 2720 wrote to memory of 2336	2720	chrome.exe	35

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NXOV4.2.dll,#1
1⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7f99758,0x7fef7f99768,0x7fef7f99778
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3204 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:2
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1276 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2496
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f757688,0x13f757698,0x13f7576a8
    3⤵
    PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3756 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3704 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2336 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:1
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1464 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=1384,i,12878788366403407605,3337071886260135386,131072 /prefetch:8
  2⤵
  PID:852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3a35b8d0-396e-40eb-9d1f-9d8ebfabc3a6.tmp

Filesize
307KB

MD5
ec7f4ce4f2b696dc0913e44cb06bbc65

SHA1
0ad2669cdeaad3c9f14af16c159b03e41f73901d

SHA256
96a0d877dfe7f5568b8ef70ef214e61dc86da9391cca0a7c1bf62fa70056a0d6

SHA512
b1d1c6a66ac8fe91d1554b13bb9718ce4843b7e340044a20fac441a19bb19196783d75e13c8032dbd820e994a58b9d79f46fb1ef9d0f22e3430e1e3a3e711f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\44e30de1-9ac1-44de-8b33-056339552d73.tmp

Filesize
5KB

MD5
976691698b7f00fe2c7be37fcc21a26a

SHA1
1c05e5eafcbd2548176dfbcd048742e78af50ac8

SHA256
196891ef018cbc2c99b34742f30a4e8219eb0d3bd7c828be70286192457c07e6

SHA512
9fc8e992de462d622c6990fca6e6b575c790fac45f09d4466c2aa4c4cf2c1d8de4f54ac0b36aebc0ae198d9e8b8ce46f378f5ee88b68e41f3419e567cc867de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8f431cae8727b4d0030861a211a2dabf

SHA1
8fc211496d28285acc06139692666b252508663f

SHA256
d3c2e38b666471fe8a580b8562c98efdb6eccc835372c4ca24e2cb592f62263a

SHA512
74903c05c7e7e2e6779e5a318bf217f462a02f672321eef4a86adf1227f56501aa507660ca366e9835498e3aa6929ba8f5329e8ab3b7a7ec9ec40bb299544dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
dadbe3765475ba4901dd55c52c7932e4

SHA1
b26e10f6eaa58d90c7e838916e4b8b81b454521d

SHA256
30eb0cf2f157b0c02a25cb87f5bfd6f60a2e185f6885f8eeb9d84b289e3b3359

SHA512
52b0bb400c82d051674f7359a5ad4dc639e05403e0cd656031e4e19cfef162d78b6c7dc8bda72b53503c273239751aab594fa934127fc0d81a757ad131b5074e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
333ebe7c9a45d449871eedf4c5a81069

SHA1
9b0e6de3280ec639d6ca1c36cdded02f6698719b

SHA256
2b36969dfb91f22c70f5ac0e10e29da46611987a56213bdec15cc8d323e1e29f

SHA512
6f64ac5fdb0beaaf22b230c2294ae7cea5b782d9b6eec1be0b08159aab9840bc0f088d97c92bedb1f84f2f92aec3b67556aac1971fd1b464dd45656cb1c3b49b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
307KB

MD5
9373b0a277e9bd50af98bd9ed05cbb4c

SHA1
51ec37520e9ad7808f35d0f96246efc093f6fcf6

SHA256
98fa056af1f2d57de4246c797e4e61417836ae026bc929e6131c03ce1ff14b0c

SHA512
a6b0a7fcbf1b903b5a4bce4df9d66683f1dfb7c7563cfd39ed05dc32905af71d967aeca7078a1d0d8720dd39b72e45b5a83ac1fc608ecad5724489e1e10f16d2

Download Submit