hxxps://mega[.]nz/file/6UxjlYTY#6BXyAeAlMBxEHoaVVq9Q5cIR7we2mYV74qx7L5rEcRY

Analysis

max time kernel
149s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-10-2024 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/6UxjlYTY#6BXyAeAlMBxEHoaVVq9Q5cIR7we2mYV74qx7L5rEcRY

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733112610043122"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 4160	3512	chrome.exe	80
PID 3512 wrote to memory of 4160	3512	chrome.exe	80
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 1568	3512	chrome.exe	81
PID 3512 wrote to memory of 4428	3512	chrome.exe	82
PID 3512 wrote to memory of 4428	3512	chrome.exe	82
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83
PID 3512 wrote to memory of 2868	3512	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/6UxjlYTY#6BXyAeAlMBxEHoaVVq9Q5cIR7we2mYV74qx7L5rEcRY
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5e1dcc40,0x7fff5e1dcc4c,0x7fff5e1dcc58
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,12850567639114246358,3177448134187055988,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1816,i,12850567639114246358,3177448134187055988,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1836 /prefetch:3
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2100,i,12850567639114246358,3177448134187055988,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,12850567639114246358,3177448134187055988,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,12850567639114246358,3177448134187055988,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,12850567639114246358,3177448134187055988,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=736,i,12850567639114246358,3177448134187055988,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
120B

MD5
efe8a471084a8424f2a433ddd702e9c9

SHA1
148943d7dea3e2202a387fbd899146bfaa32a8d4

SHA256
35a7a8aacb7fd90df25ae8484e9552a2f6eed14b8f3204a0c1f1700476fc22b7

SHA512
a193e28c37b307b0186e44d187ca1e479584d834c789e99daad54083643f4f1bdee01f53538c702bf51d9bb6988bc74886765dbb8a46e7caf21965dd36f43811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
eeb243a067ae38637195d88a5f36eec7

SHA1
099118b9f397a0aaeea2396dabc78efbe36ef8a3

SHA256
51a9ed6aa82216ca74bb95a46dd67975853dbcd6161f1614b50c48b017730656

SHA512
124937e531e4842cd7d9ac775c42b90b6913b39427f728c05cc079cf4ce6af9bdc3458d823ed522bb3552c7dac9473ad9405788a5e487d80e71e819d12a955ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
4186e040a549bf7ebedb3c356afb9ac2

SHA1
025a7857ea29a6bea97a07369262a37d44eaf20e

SHA256
325befe9008aa16bdc813c4ea6272049ab873e1ea457b62dfa6250d0e9a8c5e0

SHA512
76c85903c3103fab7b671d0e7171d59e974a261400123418688c049d8c69cd90685683ae2fc6108e205ab4294e977e84f80e2f5ab492493b702698a312f6204c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f169a4e0ebb2c538a90ff976b056776c

SHA1
46a5b7cc6f27761f4cd1f966d3ec407056d3d1eb

SHA256
7847b3c4ba98b457f4b080c0e8b675fa68a8eb9ce10b2b9f90ad8c140d786c6a

SHA512
5e9ad929bb87b9315d89a8f001397849cdc739ae51e088e4731c37ca4522c47fa788f8785514b0394659c1fce118c1f5740be0d69ff2c329e2afb688464eb871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe77267c4c3f4d3d8a603e886b34aa41

SHA1
c0b9a50ae649b1602e3834a5ab7e509f387e2991

SHA256
82850bc3eb207a398feb9b25902b5cdde8e1d3fe79cf8495a32beaddca56d452

SHA512
5a422952801bb3a878bdb45540368bb88125c16168bfe16a6be76bbb708105404e59fa331bf690d32a7a1575970b863555f2931f67741bbe1ade79cfe290abc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0fe535d9c9f5aea9ade8815fb2a29dfa

SHA1
d91edba62146629813d820a4a1d35df7586d9248

SHA256
20a681069cc93fb9a6a74f1555f97cd77c0662f32f08b66c14176d2a398c742d

SHA512
ae4ed0b51260176bfc59db15fc3140de802c2881349f7f95eac38fea96d85cf0a52c4a2beb40826d826847c1f6a4ce5ddea83e06ad20caf9ae51eb10d67b9700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a60f928b69932b0336ac9ed6a7e3f064

SHA1
52314211f259b973851e98d38c397ac90da8aff7

SHA256
4297e6eb0cf6219f0b14d85ce3ad4467c26f647bd2e1d70817fb096dafc0fac6

SHA512
edffcdb61457295a4f53da1d22cbe3c7c598e164d9cd3ff46d1021ca4e8a283c11627a7b32df520ea7d36fdbadebbdc8bc7990b1cbd65f0930940c7b0db2c816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e948a40f83ebb033af38aad4dc11ea0b

SHA1
cebaf3ca3832eb87a61abb42eaf33da24fbbecb7

SHA256
2993c8b8c7202dc5c5974837f2e9a46b8266e2068da0016560529b326bb95fa8

SHA512
dcb38206b709a6c56d0126f9562e86727bc1aea69c45d60a52375018aee83e62685fef05aa255d555f1bee5123bca7b143160452730d09d6e62c3d7a602ba37f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6415bd6e9566d0dbee60238bfea5e497

SHA1
0f8ad11f6e246a2a17fe1e17db2e1ceb824dd1f7

SHA256
bea65b34313b81c1840354bd6a1e94da78b0627230378533a14f8793b29ce731

SHA512
8b9e8012e450a03885eae785f45dcbfbfe585edbd73ea7e6bbcea937bcccf3cc8cd67a1b04f18e1948dca2d104a02febf036386acd6c3f4c097407399d4a825b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
adee7abe65fb9432fced8eaa686f5a9a

SHA1
671edb3a370df450a18fc61ddb88a1b5a23a8371

SHA256
26f33a4607e814cdf0b4874b9de5d83bdc0b1b5c70613d1db7071467b2dc6247

SHA512
250e4b032758b324730d82bfc1a664dcc8edf879ce2bf60826b2d90ceeb01c4c5b279c200736db2fea09945b6561d3f2b46ec458ce4038abd219cd149ec8fb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4251f3d3ebe891d42c6f212fb85dbe16

SHA1
8828d4c738705c159b579d60ba4080d3d2c70c66

SHA256
6d89956086b071da208cf11dcfb34f6470924f066c3b839a6fec5291eebd988e

SHA512
873e0d4c0fa1557f8d0f1fb3dee665b7bf60a3b88f96e68912e0ec8bfb99f42df38e93a490d104899abb48b6473557870594a309864174da94d69860ff5de167

Download Submit