hxxps://drive[.]google[.]com/file/d/1Rc1cJJLpKGwdRwPvn2c6ARt-BVkr62xw/view?pli=1

Analysis

max time kernel
106s
max time network
104s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22-09-2024 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Rc1cJJLpKGwdRwPvn2c6ARt-BVkr62xw/view?pli=1

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com
4	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714760217431838"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4920	chrome.exe
4920	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4300	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4300	OpenWith.exe
4300	OpenWith.exe
4300	OpenWith.exe
4300	OpenWith.exe
4300	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 360	4920	chrome.exe	75
PID 4920 wrote to memory of 360	4920	chrome.exe	75
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 1328	4920	chrome.exe	77
PID 4920 wrote to memory of 4748	4920	chrome.exe	78
PID 4920 wrote to memory of 4748	4920	chrome.exe	78
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79
PID 4920 wrote to memory of 1844	4920	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1Rc1cJJLpKGwdRwPvn2c6ARt-BVkr62xw/view?pli=1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa4be19758,0x7ffa4be19768,0x7ffa4be19778
  2⤵
  PID:360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1780,i,1134514988268986618,14968048146811287242,131072 /prefetch:2
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1780,i,1134514988268986618,14968048146811287242,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1780,i,1134514988268986618,14968048146811287242,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1780,i,1134514988268986618,14968048146811287242,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1780,i,1134514988268986618,14968048146811287242,131072 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1780,i,1134514988268986618,14968048146811287242,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1780,i,1134514988268986618,14968048146811287242,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1780,i,1134514988268986618,14968048146811287242,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1780,i,1134514988268986618,14968048146811287242,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1780,i,1134514988268986618,14968048146811287242,131072 /prefetch:8
  2⤵
  PID:1848

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
a7de016dae730a419829512b0fbf867e

SHA1
90c5402c2d00e7aff44b712678cabf92fb102368

SHA256
f38652aa2f04b65399e34273ed8f05c6479f38e9288b7b2872ae58f281913d9b

SHA512
7de41fc109244c0c2f41dba84a40721b99301257c6c17a6c2e122543f16a7c4ae59db039921e1962c600a39a7faac9e29180b432fcfb43ae16f7acbb3c3eefe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
aac21c572dd4afc04bacb5f473ab5dd2

SHA1
e571ecf6b26e4a43175633692fdeeb5f5e831740

SHA256
e11c0b856b7c4c976fe7ba757f65f965d2e762a40fc869eb18797efa9e8511c0

SHA512
8257c449b65ef5a7cdb8017c655c9dceed403d72091b7c84bcb350627007a05368e9952f22ec2d9fb2f039807ac2d94346bdd9834d3fa4d10b1370c848fce1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
518b649fff3599baaf249a7ceb968782

SHA1
f94dffcddab10da1bdc8b4cec46b353b32c03b90

SHA256
0c4a041dcb8e45aa13658913baca6ba2dcbee54051037d55821ae431ac69850b

SHA512
889fd2ae9bed04c9231eaa69d1ef62493aa6025160bd08a545a079116abf7a83b95db522bd315a6553e933785028df2cfbfb681bc09d8d4fa70f24f4de450708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1bd738187e3e71d39c699ff90ee087df

SHA1
ba02e24f95c8d582208623efb9e98f42191b0f97

SHA256
de8fece83db559158aebeb874a4848ce4734575dd85115576e665c2f17afb817

SHA512
b285c938dfbcbbb02d8b4b0c11b947dd6da7ed20175642d9a2294aa141817e74f4c511ff3a55c7bce1fd092dfec18035571dc6f03accdd0f7abede8918fda8bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0dd79ddc038d86414616fb1e5cdcd893

SHA1
c421bd740a64a4f095615efc8b1556a563387694

SHA256
4c498b4ddbbb301511e1b70c6b898d5c56d8689b43c1b650358eeee0e54821e4

SHA512
957ba3cdae8c744e7ae9748fbeb3adc2f54efdc7123312b5ba9923bff1f126958c3cf27c55a6813095facda3189b21b8a185b6348a9beb955621bd2f9c5925eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2f68687aaf0c34ccc8e991e551eff15c

SHA1
fcf8b7abd41790e227ce8d2a5ebca462987f25db

SHA256
d2e2f1d6e45932e41b108933ef936926f0bc7be4666d0e9f3f0e368b3fdd62ab

SHA512
c16084fd8402431610b6467b9f99b2dd724c3d54a0107e9fdb1ec0fa65fb0435735dd2e661e96ec5a31d268a5769d5293effa7e49b579d67e020bcba4a05156f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
99739513ea658c2183f8e0e004fcdd89

SHA1
f8f9223912960920bd57a66c4c48ed1f4d8f047b

SHA256
4f6ac8c8e285ec7589cb46bad567d3904925aa0cd94f04d015056e6139e740c4

SHA512
3d2255d3456eb26785971c60f5f7cecab178bbe63be37e6109d880a449221f9ac0f4855be08622683825abb7064eb0173a29a54288de7ff5555441776049990c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
745a215349f0b4e54af4d8b47dc6aa8c

SHA1
468eefb278173443626d7f9919738d3bd36d5784

SHA256
527b58bfefea0cd466ac4858208fb1206bebe923ef0d2846e181d8a38e50a3bd

SHA512
c5437167eba1edfd20de39ec7817c0ca588971ebd08456e154588873c7133f95676bb8c2154f3a4010c53066fb707f1744547561512b3ce44e038b9e1228a003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
338ebbfbef39c907b02e3e5c17011289

SHA1
26a2c40887a6fcdb34a47515ecf07e16285aa64d

SHA256
6a0d91f10b2a180ac364950f0fbabaad6244443d6e86995b45d1bfe34b82139a

SHA512
704d42f9586d2745afb56ca95bc4221e7417a90db06085dc5b61520c0eb16b46009bcfdfb4d66e95eabb490a8ce6ef4f221d62e9297ddb65043efd370c976335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
3d63ff8cf106dc96e0410e602bba5a80

SHA1
50f1dc46e666ecfb839b7d265747515ddd871061

SHA256
4081ff4926ac06e69d162786e64055d8bfd61f6df4ca3fb51f61ca898ad7d7b7

SHA512
b113f7961201841159f7683bdc6dd265dd7d47d9092f9ef48590ee399aa05186ecd5577044d7640fd3ed0295dcc2aec21681941828d0db82eab5a0b6eb6c4fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
a0a6eb614e092a6215bc5237aa65c38b

SHA1
d1b6774b417e076de3f2f5ffe315037727e6dfe9

SHA256
3cdca90925cd8eb4eb383660160f8ddbcac783aee48c01aa6b289a16c8332607

SHA512
806460996a0808c243e6320cdee16c72879c6c715040a2339fbfbae0792d4fd3132322b87ccaf733e2fb98259f4bc7f02518582eb27294c83a1a83fb96f5a8d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d81b.TMP

Filesize
93KB

MD5
fa2dca3105d77a7381c36e67251f0a4a

SHA1
886b73f2fcf296ee890ca5729cc2ac18aed271ce

SHA256
2ed2d570aacaeebc122953d3ebd2098d348fdba2ab71c96d220326646fa54e14

SHA512
8cc21b3a977a3d9204c48ad48bbe054bdd9321707a0b0e77e8b8eeb0ee7ccacafbb2f1b8d1e4936c054c177dc5f651f4c9fc4c17fc00e41c22d8e44f1422fb9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Arquivos Minecraft.rar.crdownload

Filesize
1006KB

MD5
5cfaf5a38fadcf14e292a4b720b5d2d1

SHA1
791b5d1c6fb03ce617ccc8f5717f8b01361e1a3c

SHA256
5e4385231db33873c5304ddbbfcbed62bb4c09989dce4159a0da53b68b5bcfa9

SHA512
8780642d8b7cf00138dda0046fabec61029f0c8608c00d899880dedf3491c438b137f4df759f277fcabcc7e2052e898865ca95c2147b46417733bb7a26c58fd3

Download Submit