hxxp://mega[.]nz/file/92kSULQQ#qgUT85fJUfvKpONla3M5sPSwbd0Wrxm3koChFdUd_l8

Analysis

max time kernel
109s
max time network
113s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
05/08/2024, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mega.nz/file/92kSULQQ#qgUT85fJUfvKpONla3M5sPSwbd0Wrxm3koChFdUd_l8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673570979691289"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: 33	4896	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4896	AUDIODG.EXE
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 4260	1392	chrome.exe	71
PID 1392 wrote to memory of 4260	1392	chrome.exe	71
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 1888	1392	chrome.exe	73
PID 1392 wrote to memory of 3160	1392	chrome.exe	74
PID 1392 wrote to memory of 3160	1392	chrome.exe	74
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75
PID 1392 wrote to memory of 4624	1392	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mega.nz/file/92kSULQQ#qgUT85fJUfvKpONla3M5sPSwbd0Wrxm3koChFdUd_l8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff59469758,0x7fff59469768,0x7fff59469778
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:2
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2748 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2764 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:8
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5276 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3004 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1856,i,14329268358891211077,17062575677481035616,131072 /prefetch:8
  2⤵
  PID:2320

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4524

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
59bfb6961c85a367665eaed26e3b245a

SHA1
ec104c3e09d7dba33474f56ebfaaf05df5d374c1

SHA256
cb73218f67423481857f1445ee77915f83f2c13df0d37734270058e36696e76b

SHA512
51e0d80db18ed8dbf7edbd7623b3d5d1a117f6ef225ed5f6b9fd47b8f4cd993073dc43ff874ad6777118a11014eb1b526bfce728a17d6655bc5151737bf360f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
686B

MD5
0da8203967c640d2d30cc12134799ff7

SHA1
29b4553a7d5aa4bb89a63ab24cdbc9a77f59ef3e

SHA256
8804ad1c879fa3c1a1b29c7807769d99a1bd014f5d33fcb7894a530f7b10ee0b

SHA512
875d053345b9645a4a8234c4321d0285658a78db04f3f2dd5ea8f8b35d75b73998e70e7dd7bd7bf19d10fa57598189e383813b74067e71a659f90a13a9cbf373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
dbd76ff44c68b369e47ee5bd794455dd

SHA1
624aaf4f736bfa372e573674f4fb0039f08a553d

SHA256
a313f78d1381de1f5908c9d18f81b8f83ed778cb2850e2b3653342895e17ded4

SHA512
5245b02618d3b26d66a0873d51927803fbe3192bc6c0ec43accec8698a52aa9d1023bb43ee45d774c82a120d8066c0637cbc9fc32146064e20e0ecf0d02a373b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
76df8f5ea8bfc81ee275428cde2167bc

SHA1
556fc6d3b69d362b703bd6e695746278493c83ed

SHA256
12cad3e084dcda83b67b0cfe9d9e91e3cf562e067ad95fb59f812fc59c985b3b

SHA512
73ba8d12dc31f46bd80de41ff9f00b7b1f080fa9f25580b022fd496a3a33fab6ca88f16d7b4717374434e2e52124294a513d4e915d7e88fd2d124d9af94ff987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8701f583a54d1d3eb56c9d3478737ad0

SHA1
e3612ee8fe43d8c51c819438b91ab2dbb20c748f

SHA256
9b1ab7e1ab78c6da38d053ef4f212fb0c49d3dbc6ffd08ddee4218a0abc24b43

SHA512
17ba20b4a26abf211e596fa2232f2721398113fb3c03fb1c1e38ea5888eec7d090c308412c2327dfd5710341bb7c33222b571b311ec35b5ce6ce6fc0b7871555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75d43dcc5048ac50e8e29f19a293ee40

SHA1
47ffa2f03857724e2faf8516b8c8a0145854691c

SHA256
3ea99656561b60403b225007565cb4c3c297ba818263b006dae0da30bafaf8c6

SHA512
906f8dcbfc0be63b3a651eac0ece509205291421b7eb0aa350811b397754574ee3ac65305065f246394d310a1b9745e33b7e2f08f04aaf3bdb6d37e3a1066722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b005f130d3c1b2660662bf2a47583677

SHA1
f7a21d9164becdbc99360eadcabcc02370859ae6

SHA256
0b687da18c8a5bc6aa861525d6c5dc27d1eb473e2f4a23bc08ad4296392cc00b

SHA512
88c257d47f0c1809ac0561fc279ec1fdff47244cd64630bc23bcd7575d41a1cc7a32d3effa01b4492f54f019a35f7e8f7be1ddac8be40d5f79fb042629952d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0fecbccabf20c4d47015700738df875d

SHA1
a5697b876639ba218fdae7067f875eedd9ccc9e5

SHA256
3ac655dc37a7c914858e2facc4963fe1130bedd4d4bba7037925773c9d8bd4c9

SHA512
61089aa4f14ce6efd871f9c4178f04a63dae584ba1564d9b96ed8aeec729f3b40c803be6f868cc59883c7749dec93a0b05a91fdff36ecdc921a7d6514237118a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b394b69f9f9cf0f245756874ea5f1e9c

SHA1
be65c5c408964cdadbbe4f027923a7a3dd4fc3f3

SHA256
5d33bebef544a39d6bd619e048c48fcc30fae74b159b52b382e7804f28f179d9

SHA512
c8f12760100147c9a9cb0c350a036ce86daf36060f71c4f6b4ebd78e49044347202a3f3d7e98843f90406cb273dc4427e2650f906acf943d7c72360f76d42abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584188.TMP

Filesize
48B

MD5
c545089a251ce05b7622b2359210f515

SHA1
766857c57c5bf25f5e8e8ba78ce41beaf1938f67

SHA256
25b64134cc0a67e143abc0c2e5f2b5e6276e54316458d52cd3834758e9141977

SHA512
a5b246b85d8f96cf3191b263c631d723f327d59098f2e01b8031ccee3559ed191d5955183c6002e31a65da2c616c7c2fd0e5a8948d3770567217226c620f1221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
c66da4cbd1e6d159b80b3e965660f8dd

SHA1
374d3ab395c84bc41aff37bda774cb8d80db48df

SHA256
003ae59d05c2c1223649c1b729085e253e458e8ce8a8be952154fcc88f5c6067

SHA512
d0834cc6a4cd6fc5ce453bd2353d8bbb127d9cee46fc63f0cb53f43f00ec078a10d021cbbfa6324af17143f29754de727fff09e1e284f6e8052772484d51d535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
094b3577005a80f36d93c9e67c297d08

SHA1
17dc0941d66f45e0276e9087f7646b037d395857

SHA256
787a54d00734ce6b53e33e836637091035760ae1538bcd18e6108a0b9e5b243c

SHA512
e563e83da84ab58d2aad9490df6fa515699dd9ce4c7e22dfb218aaa37dfd718faf48f8e53f9b8db08c56f138bf66ee8b78cc75f35d2a1d061b039c71c3bf5c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
71a825be6f25466506801405a854c3fb

SHA1
d74f0bd78219b9ef2207aabf8a74c23c0acd0cf1

SHA256
5e02c826152932b4c0213fa42c4ae54d6fac77a244362a062990bae4e19b55a3

SHA512
537709fbad61bc03ad71e95117bb4c3ce2affdf798f823c9adab711c8f7b7648117fea6bfbd8a08bce966247904387514a825e4fbc5ceb6baeda6a3714bc2c57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
57d9a3b4f0c7f9f8b9f525f3d2f74e0f

SHA1
2b67ee28cb77a44542eec05ae07fba2f942776a3

SHA256
b8d512d7cbdfaa8d37bb91891768fb61edb3798895d600b57e7d233aaf17bf32

SHA512
7b24416db6b75f2b1e9b72b046c05343bbd6c040eadd50cc1cdec1e15d11f254c2026bbbd96e3a011e78fabb29964f14b160ccf796b523703a13d1f2c937219a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
8b31deeef344d86d8ed993fce36a0cee

SHA1
7f7544b2b076e42ef782638735e1ed17e84c0cc8

SHA256
db983aafc321b6c74234d810e930d795daebd68faaec4d6ffe2e8a598670a1dd

SHA512
c73061beb1a1310bc645446bb2e4b2421d4b901c847800575b55d9a82f0402c18ed138f18c04039b5b09f1f18637064f541c671c57a186f1ecf0b4e8499f1450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b800.TMP

Filesize
98KB

MD5
7a7079fc30c91005b3f2c4e8e9669d16

SHA1
221b535eaa1279e5a780159e732ead6275ccc271

SHA256
e80a4b50743ff6778615fa5f557ef160313692835e69b583f1cf5c953f34f1e1

SHA512
f748b9177beb8f278432fcadb72b42578ec2044afe7c8d12f7949ac2eb45ba86ac17df2cfed0dfe49f6b384da1834308e041b6590ad75d6ac50bd307d5dce2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit