hxxps://mega[.]nz/folder/WmAyxRaC#J76wNbsVS9RlhD0k7bjJbQ

Resubmissions

08/04/2025, 20:25

250408-y7hvpa1jx8 7

07/04/2025, 12:12

07/04/2025, 06:52

07/04/2025, 06:37

07/04/2025, 06:24

07/04/2025, 06:14

07/04/2025, 05:55

Analysis

max time kernel
1019s
max time network
991s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
07/04/2025, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/WmAyxRaC#J76wNbsVS9RlhD0k7bjJbQ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133884825500455420"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 720	2100	chrome.exe	81
PID 2100 wrote to memory of 720	2100	chrome.exe	81
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 616	2100	chrome.exe	82
PID 2100 wrote to memory of 964	2100	chrome.exe	83
PID 2100 wrote to memory of 964	2100	chrome.exe	83
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85
PID 2100 wrote to memory of 4672	2100	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/folder/WmAyxRaC#J76wNbsVS9RlhD0k7bjJbQ
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff940d4dcf8,0x7ff940d4dd04,0x7ff940d4dd10
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1900,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1468,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2224 /prefetch:11
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2340,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2512 /prefetch:13
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4192,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4168 /prefetch:9
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5620,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5636 /prefetch:14
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5724 /prefetch:14
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5756,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5652 /prefetch:14
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5760,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4876 /prefetch:14
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4248,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=744 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3728,i,12761483924744954475,5037020019605656048,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5724 /prefetch:14
  2⤵
  PID:1696

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
152875f1255d5d1f73a1f49b87088733

SHA1
2e08c6d9abfe16a0f4ac97ec7d3b5fa03706b3a0

SHA256
16d01ab8ba4aae75fe781ba96e0c064952db3b094207dccb73c8707c5fc3f0e2

SHA512
12b0d328897db9a60b35b1e7e39bb71a9ccc0d1ff6a4eff6903ac33885ee09f6ce449a054e0e44b7230c310e158c044af95841cc8de42dcbbb9e0558c657ddf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
273ff0c45b1d8c04afef9d9d2bfe7545

SHA1
512661c01d3fe23953aca3b1932e4d18bb97c14d

SHA256
f619c9c9c52fe1a02490c00089af832777fd8bc99b4d8825b9b6521922a87a2a

SHA512
946ad4517292eaf578dfb16aca56f47399f2efea7337dec3930749262e03068ec7877c817622b8d337df969d14946a6cb49fbc660ed77d7619c1d49d2e04371b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
856b6b55e975540c3fd7c9264b4f5a0b

SHA1
aff01e230df1a57bd8b84c731216dbae2c3c5b55

SHA256
0cf409f1998c153661064d05c3bf0316c774ada79fe2e20418656c27219e6781

SHA512
9cfc03d590dda2848ff3e3202f9f6969a8beeebeba2cf9062cf93067654b07f958f4031412f3a27a6667c95ad97414debcbed427ccd357a17022643b080c620a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
fc24aa7a38454147476c321102d00958

SHA1
c27a95e6a0b8e3ac917f6029f7562e62ef7cd9bf

SHA256
f1b26fb50e3bb8adffab1e3939d37762b8284b311c48dbe936dd1533ddc4f0cc

SHA512
2f2382fe38beaf0f63a60453515cce635ce7063ca00afd03b4f74af5c423b461afc19e09f201375243319f4918ee09d59b3c6d780535a6808cbdc387bba5e309

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1e577866f487f5e2671f8d01672af932

SHA1
a1ce8a2d88f1e399ea71b956ecf8367f166ae1ae

SHA256
3fe54d8e3c52d4b9ea7354cd89f2d1a40f1882a6ee06532ff401ee596cfd440f

SHA512
473f3390bb8be66f534c19181b699124776db5922643a628e5c6c494c2b125c2972137b0867d8d436826813061ac6b3d6abba037a93c1899ceb817c941afacf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5bbf68d6a51ff913c790b58d7fb8391a

SHA1
81a04607ce81e489eff708f1cfe3911f1cc37d51

SHA256
47bf9ea678682240b3254340e5c17a369fd30dbd7826e460e5eaf87745b1e705

SHA512
46a39bf1fc1fbe1e5f0c022ded7133b1d44bf2aa5d8687281b1df39bd649210931739ec7b1a3e6b6aa2a096cfa15dbbd6172579286b92b8e17a1731452dfb920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
63bf0acdaf757d77f1e8673a723bd742

SHA1
506d6c09d06a343e192fe9ac7cbc4d5577e67d57

SHA256
56c733463b5666f79532de486ea1f685b1b80ee6ab4456f921acc0f74c158060

SHA512
8334bd91527e19239360facf748a156c2ea5490de9a7cd6ba17e2a6446d5cdd6baa69017e390e9a118fc7ae36ad23454d9b5ca8bc429376e645f3e936d9a7753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579ea1.TMP

Filesize
48B

MD5
8d1ae293c86f79730476e4614d056cc8

SHA1
5a8f9c41e53dc535fe0273aeb8d1766e00ba5dda

SHA256
6e5ffe5a5b9642a5a49512105747fe9e1d0baf63c86ad9af922c1213ae788529

SHA512
35fccc5711b7d1df7470134f6c2b22847f72b33f60e7c0990be157e939f00a67f672ed59be35c98f424c730ac8eedfd9e17015cd14e1a6edf4db9f6c60bd0e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c2fd3a38d782e7cff6d1c46b479c0b77

SHA1
149061b681a158c6bfc06083dc32b9f98c6dacf0

SHA256
af3632c1d04ce4d409b997d24e9f5740416024da9d07923b227fddc2cc0c775b

SHA512
9bc57706939c12e1c8e15c4f6ef4ef5b1ef22861a6d5c1b3882988da248c357d18d78143d800aecd82a2ae1c8d461fb3bcbdfa6ad6fa87913060567c5738e230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e96ae0b0a9ca77132fce1e0aa6770d2d

SHA1
c52dbbaecf97a9c83e423f42794edbdcea671f17

SHA256
914ce4d920bcf9206196a367450c29a860996e85e34466dc6556984c9265f471

SHA512
c970e993d37a2be2e8896bec25d19e77161a27ef4ca259573677aa50fde163cfc680b18b9d90fc0759862c895da830a2f26189db8e79819c50e05579b93b82d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
0ed453ebc62eaa390421eafb94b88272

SHA1
1b708c0685a713b9040dd85d454080d1f95dc1c0

SHA256
d6ded419d7bd217e79713719ece275803ced4c3e6a504203354a37239e919afc

SHA512
a9a686e929a442074e4aa5ce1bd569dd729560958ec8473b072d48fe07b70303be86f5969875d8504cb04cea1858b97d312f1cfb1f60d46776929a79d8661d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
3abea4f5dc6b33ff56b138808102d2de

SHA1
b1091fdff1828872836945e5f2f7cd138bef9848

SHA256
9a9f385ed560579041bea49ca22dfab76115129cd5497609682cb20c45affd10

SHA512
69f9e93981b7fa35226a7dfe188cba262765bb20257ef9a3ccaf0e31ac614e66618a3aa7d876ed671e3cba884d02f1a3a2f6dd03f2086b3a2435305b75fa6080

Download Submit