0b075f305bfc50ccd0a145c3247781a82aed12382a63f53bc00f0efd74ad7927

Analysis

max time kernel
147s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

oculus-go-adb-driver-2.0/usb_driver/source.properties
Size

64B
MD5

bb36297203862d63b52d1b8089e7f988
SHA1

eae39dc118bf5db8319290f3f6c2a20a1cca0b9c
SHA256

91aa523f69c2291348787a296e3acfa435be7ca3b6dc70a4a4ebfd1f8a3211a2
SHA512

fdebdb92b96243d97fbd2708b0d4e4bac83a05b869828f83b57c338b8c0221af6db9ff88b13712a034577c6417f38e6cab630fb33249236e190cfc83cb53e11c

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3616	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeCreatePagefilePrivilege	3588	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3616	OpenWith.exe
4812	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 1144	3588	chrome.exe	89
PID 3588 wrote to memory of 1144	3588	chrome.exe	89
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 2532	3588	chrome.exe	90
PID 3588 wrote to memory of 1536	3588	chrome.exe	91
PID 3588 wrote to memory of 1536	3588	chrome.exe	91
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92
PID 3588 wrote to memory of 1552	3588	chrome.exe	92

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\oculus-go-adb-driver-2.0\usb_driver\source.properties
1⤵
- Modifies registry class
PID:5352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7fffd7dccc40,0x7fffd7dccc4c,0x7fffd7dccc58
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1400,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4808,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3112,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3460,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3484,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4724,i,7411765868857796522,14595373033611452591,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1672

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1864

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2596

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4558a1ba58939d442f4a25761079e0d9

SHA1
1b659b4d6d2439c91ad540094dada30842cae517

SHA256
1dad6a0e59edae4c26f279b78ecddddf1487b84bedefd3d1e119eee7792cde9c

SHA512
be2975a763c003226804f6cfa5ad495976464ab090f1d67fcc95c794cbdc90ed106fc48e6e8093cf5ba04171df55dcc3060d2a07c73885e95fcd0aa7deda00b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
63ad0af4482405891edc2de4587c416e

SHA1
495ee60a49a4353e54436cd48bc055caa991644c

SHA256
4607e5a83eea69bf78eeb04a8843c8d5d68981529490a106712579477b1be9b2

SHA512
b6b6b25574f7eaefefb416c49154fa58a53e43956d61519c704f3700e273f6208da6c64f8faf916e17cc0acff121f75246e5b17c6ba3fe0c3e83a9b30b69d5f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
eccedc094c05fde7ec1c7d80d2b22dad

SHA1
dabe8ea2d0e06d9c660a82d1f7477c20a3722d76

SHA256
de790211e228c3d8d4764772df64872372cc4fb006b0f0fc58f9bcc7aa7ca7cc

SHA512
b2ffdb4e0ae2221ff0948054c60f91d35b1a594fea0ff374eba59988ed364a7a80d4813147d28d30fe409aad7241f1bcfe87f245baf7b950d7cc612dc94b8eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
40797a5d60c70d69bdc3b6ae259c9883

SHA1
ea3473126a35b9607193c33a8ef9e7d14a7bc6ab

SHA256
f233d8acbd803697823817e8d0f323026bc99d4c9fe94e5ad33b4f506154bff0

SHA512
72d98545d00b957168efb3b3d9d360ca9bef549bc6ce8d14aa6b759c8da9fe32c08a5f5a31d7d8b50e1b3e1636a6bbf1c628afd51079f0ffffd857398020833c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c37c209a-9d21-434b-9302-37af905c120f.tmp

Filesize
356B

MD5
8fed3192bddf8f0f4dbf4be476b8d7a9

SHA1
6fd71e11c34a4e4d77d6cf2ca5d0ed4ac212709f

SHA256
38593ca350f170398c00bdff23e42ae7437f056ad655c3ab5a2134cbd1434910

SHA512
8e6bacec3bdc9018d653e4a82ccede4957bf68bc9b4b46425b4bb0aed7cc3c31e5d5bde8380e2b699ffa495778d0ff412259476c7651ea661b43d635cd49f4f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
14e13a07dbd173fe14ec8bcd722c252a

SHA1
b7fefddc1ffee9859f5669f00c43169ccd05436d

SHA256
8c878b4adcc43203c03b219350b916308aece942dc7fd504eca638c96a03f8db

SHA512
0fc62ec2334f96d19c81d524f8c8537c6c84bef95c5c131d8e966262a62aec13aab5b0d1f82ead737dd5d1a9743c34ae3a01f5dab066ad16622564011e2618c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0793164349b1dbcc7743df146712d3ca

SHA1
700a0bcc420701e113e93366a638da95917085b2

SHA256
f84ab2cdc13d6cda759fbdeccd6fa183d4f258e5d033ae95ff0b52342aa86d3b

SHA512
bfaa7d0daff8515db194d232bd505fb8ef70334b6a4b24d42d483855f990d6fcd8e13efa3be08d51720d3de2b4c8d05fe1a1e4889eecebfe98a565ea72d5f355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a3d61cc30355968929afd2350584853e

SHA1
5364690ccdc8ee8f9573b9bc08e82ef00189adb8

SHA256
836c9d40400b82a71cc8b45b53068df8c9c3b5b95c801dd282e16a3f061b3d80

SHA512
6540b5d0190bd601267903186f93b74a615aa274d7ce54b1158b1f8261263e1584c0711e8acf625ad9af15158a67c7ac3961a7565e27af1c7958648f77755776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1825016e7e0e7dabc48e7d8317a3e71e

SHA1
1bcade7147a5852a4b8a86dd218e325a1e3e0b92

SHA256
201fbacd4daed6b0ae5a28ba56133844e3a6c518709e55edc64d7485fa3f30e4

SHA512
06de07ab299874f04f91f63005789bbe6d814b0d31d21f540515dfef00ed3f1235cd4de5e77130967b9667c59265850433644f0aa917a5246f730dbe0474cfcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
db8a90867ef87cca8c8294bdb3f22f3d

SHA1
40cf61626cccdf74a99c27df48953a437f8ad4c0

SHA256
109a817174e7eab0bb75d924d01229e4c39f2cd2b7fc2c3647e65058d9a9dce4

SHA512
48bfc1f3459c850ff77417df0606d0af52bc108db093837dc95a459c26269521fa40d03d057a857025e8871a96ba1c13c88840f093c32df8177d356e83a8650e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
25939e599f971dea1b0a907b9efe6473

SHA1
8ec62c6a6e8e542d258b8ca843148a3071afd058

SHA256
cf9854af28a122d7c14d67918fa9135f22ec3263156762c4b8c44204275869ec

SHA512
83934a8c15a3b286bd8d8a9743c1bc25f8037a01e90185538768bfc36aa174c2dde911c6cf0b559788456162951eb19c04e0aa823e2d90927ec4c9655547e3a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
91d83dcac06f06dc7f9e47a7fec4a3b0

SHA1
7be4da20e343d28559e8ddbd225a67051272b056

SHA256
001a8abae4f30c4fbd11d8a879db47f8056f4acaf9d77da91ce159c62a67b3bd

SHA512
d139b3981fee5bdc1f6aca69dd1c995f1a008204d66e28c85645d8d5de2b467564bb3b9379568af66d6d4f7f56ebc398e715935eba0d637878fe6873a6ee63b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
269KB

MD5
c14e053d07d2957c2f22c1e22f1f5e1c

SHA1
e40bdb7d72b88a62e1eb4a390b914364252f6178

SHA256
e6aa8c393c038013f65e2c9c4f5f10d42b8e0e31e410bd3b244a5f4665a99fb2

SHA512
2aa1c2ab8c4414767ae4c02b15ca27fbb517219c31cc3250ea8197165136ba4c0a661b1276de40340eb2e29c448e6bef855422c8ef2f63da8ccf83248e67f5a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
f5f064d1d61cc7fea1287290f93e1cf2

SHA1
e54b49b48ad403326ae983c22fe995c40bafdabc

SHA256
7f2fbbf9011d4a8b28faad7b06c011e987b6f155cf7be746515ad10eb3f18117

SHA512
4154daed16e327d972947f9f6028fb9b3c428f158b02748bb97d0ad23aff1d59e7fb074e2e1ab1ce011b195e62786da2bfbf3f1bc8edb2ed0657ff98aefe09d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
cc7e7895ef72426fbf42007a9e64797c

SHA1
2d0c298d6782e4555720ddf937b6d65779e9583d

SHA256
80cc297f0b651c7f687b0fb1fc511b158145cc3d97f530a9037ecc2e36218ec6

SHA512
a25170652a52a92f7729452493c067269f5970d0512be20b85a9d38b06f5b17f9af144f6e1d25115706e86a3616010c81686f5aa5049a21fbcbf1039dba9a8d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
27152171537c47796aa7194ac41383bc

SHA1
430c380ea885fce765a771cc40cbfe6358b4d04c

SHA256
28276ad4adb3f540918a28a722f10a63406037b96a14e05565e31ec90c605c22

SHA512
044ded8d45d2249f69ae617768398a33cf060618f1cb583aa9d9a34171de10bf3e23f6e49b3c0b8ca872f5ecbe98e841168fb3e94fdef2efbb299a3cbc01f616

Download Submit