hxxps://mega[.]nz/folder/WmAyxRaC#J76wNbsVS9RlhD0k7bjJbQ

Resubmissions

08/04/2025, 20:25

250408-y7hvpa1jx8 7

07/04/2025, 12:12

07/04/2025, 06:52

07/04/2025, 06:37

07/04/2025, 06:24

07/04/2025, 06:14

07/04/2025, 05:55

Analysis

max time kernel
82s
max time network
82s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
08/04/2025, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/WmAyxRaC#J76wNbsVS9RlhD0k7bjJbQ

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
684	Nova.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Nova.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133886175483927253"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings\MuiCache	GameBar.exe
Key created	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2081498128-3109241912-2948996266-1000\{49DD32BE-B305-4792-88D8-0F939095AFDD}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2081498128-3109241912-2948996266-1000\{A081A68E-A03B-44E2-A778-16F2C922B07F}	svchost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Nova.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe
684	Nova.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: 33	2700	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2700	AUDIODG.EXE
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	3344	chrome.exe
Token: SeCreatePagefilePrivilege	3344	chrome.exe
Token: SeShutdownPrivilege	3344	chrome.exe
Token: SeCreatePagefilePrivilege	3344	chrome.exe
Token: SeShutdownPrivilege	3344	chrome.exe
Token: SeCreatePagefilePrivilege	3344	chrome.exe
Token: SeShutdownPrivilege	3344	chrome.exe
Token: SeCreatePagefilePrivilege	3344	chrome.exe
Token: SeShutdownPrivilege	3344	chrome.exe
Token: SeCreatePagefilePrivilege	3344	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe
3344	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4224	GameBar.exe
956	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 1196	2724	chrome.exe	80
PID 2724 wrote to memory of 1196	2724	chrome.exe	80
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2108	2724	chrome.exe	81
PID 2724 wrote to memory of 2824	2724	chrome.exe	82
PID 2724 wrote to memory of 2824	2724	chrome.exe	82
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84
PID 2724 wrote to memory of 1732	2724	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/folder/WmAyxRaC#J76wNbsVS9RlhD0k7bjJbQ
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb579dcf8,0x7ffbb579dd04,0x7ffbb579dd10
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1944,i,1276865371625238341,1535951452522160607,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1436,i,1276865371625238341,1535951452522160607,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2212 /prefetch:11
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,1276865371625238341,1535951452522160607,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2376 /prefetch:13
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,1276865371625238341,1535951452522160607,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,1276865371625238341,1535951452522160607,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4132,i,1276865371625238341,1535951452522160607,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4184 /prefetch:9
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5124,i,1276865371625238341,1535951452522160607,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5136 /prefetch:14
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5416,i,1276865371625238341,1535951452522160607,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5428 /prefetch:12
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5992,i,1276865371625238341,1535951452522160607,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5460 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4048

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5108

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3740

C:\Users\Admin\Downloads\Nova.exe
"C:\Users\Admin\Downloads\Nova.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:684

C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.50.24002.0_x64__8wekyb3d8bbwe\GameBar.exe
"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.50.24002.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:2484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb579dcf8,0x7ffbb579dd04,0x7ffbb579dd10
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1780,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2036 /prefetch:11
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2008,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2288,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2304 /prefetch:13
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5092,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5104 /prefetch:14
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5176,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5192 /prefetch:14
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5104,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5184 /prefetch:14
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5616,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5108 /prefetch:14
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5356,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5504 /prefetch:14
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5492,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5132 /prefetch:14
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5852,i,13518228585401258585,5402780990500377049,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5828 /prefetch:9
  2⤵
  PID:1808

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4456

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
b0366599d64b0fc1adb2a712dcd02ee1

SHA1
b7a1c09ccd2846664cab5f76bd80b8e9f107acb0

SHA256
ae1bddb9e2cc97b0c9cd78ef3cd17553be6e5204677bd67e0b8f7fa27007f189

SHA512
d7de6d48285018f8b709c81ca01688126db7893ce9f48829524ee3122aa6f2200c7f78186b5a558d0b1ecf8157ee78a20064b63b45ab89f7aa0835b8409435d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d6a3e20228de6a7837d1d3ec6d2d4dd7

SHA1
4af444b3f5fb37489133770d66b6cead774d76ea

SHA256
06aa88f478fc12473549e4bd08eec82c99504ef43369865efefbcafb034ff48a

SHA512
d1627d8750bae1669ce221b711f76c44d0c12d2c98c1ecfe48b82ed892884344d9fdda7eaf880629d90670f7f5ac888489fad7a2dedd8e734a2b1200b3144f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1f84b5ea60fa7258ae50fbafa2510e61

SHA1
35d840b4321e0f0d86f669c91d9f693c3552867c

SHA256
e79a823f3c5131aa02e1147c77b8672606c4d8827cc8f33ee7f38ffabd921b03

SHA512
efa00080a2d53ed5b7eef656c1bc0de27f6f730f970613c5a81d4de5d339f507a276ee983c4a999e21c3d5409a50958f3f34840e95d4ceac93a4e973a6d5734f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
a8739171988219c715ebcab58b06bd80

SHA1
b0e0c9db17e13dc416ec6523e88206234c92579d

SHA256
62022204310156c9cacf9e1ee04a32e23c0c9fa535d0b4e219f84558d723d586

SHA512
c8fc45574e15fd760804d9705bea9738660f61f816c30bb8fef84da2a6490ebd0f00eebe8d6742c9984b03457b9825a41ee69140d2b023351b167c4e7b21917a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
2139be179bb79d2dea8532d2f615875e

SHA1
fbfd8593375ae2fedb6a0ca05979a90f40f39240

SHA256
5c9409f03aef8494aed012b6affc01d1297e43cfc118c344431650bce50992b8

SHA512
f636f31cf5e4b36acae3a2d44f44d8172a337bb71ad600f512076e6aa8de4d751f89cc8fa57b9c7b30104cf935efcde2a0ca50b1f82e0f148f4191faf57e6fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
bf27cec463e4517fc4374ea79547874c

SHA1
4dd4eb46b230f88d1ff52afd6256c0c272260810

SHA256
ef92828b66984f01e1a1ef517f4783a318fcbb40653a34db57402e61e0c4ca0d

SHA512
19293db0385d948ef6545cbd06c5703b11acda4509224bf71eb5f770e98a1f6919613ba84fe5fc243cbeccb739c4fd9b304afd4631001d1e7aa530a72ab2e195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
301c0bb9aecc29e6d2c9713500e6ec02

SHA1
52c24e6b9c7932d415c8212fcbbd5b74811c3a63

SHA256
fd651cffd140bf376a8328997ca0c6b14b5f6482bdc2aadea58092dbb2b01daa

SHA512
f9bcf813646239231cad4c7e7effed014b11f8dde45f61cc7213dd66166ec4ef8368dc14e9b14ea8652fcf5be39f7c391a1a5957d9923c176e86202aad9fc603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
364KB

MD5
1bbfe828f62ef9bfe3c8dd5279b49471

SHA1
2e9c9c488c85afbfb9d51bf4f7f600c75454769c

SHA256
e98b842917b22e3412227373252bcdc18b281bf6583e7ddd3da75ac31daa7f68

SHA512
3653e238dd881c1449d64f11f357a59f54147a84e1b7c61e756ddf0847c23385b718108d99299c54b6bdd5fdff1e55b38725d72a5f4bd507208e4be037bdf583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
399KB

MD5
60a49d2550bc927366cd7893d2d9c4d2

SHA1
1b2dc9079a8353fdd95154bc01b2b9842cb86a53

SHA256
b39fd96caac37a89d3815985b6eb07f97244e21773e8aa399e7cfb4b714b2b30

SHA512
22de5d7d36ca7b612fc5c1be5958bf1bd660d1d7d3255374764ff2971718f6dc7d1631e64c65700e0acafa39f6ac14efcc0d54c32b3bbd63e1364c8a91433859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
444KB

MD5
4bd5656982ef46de3263d991427f05a5

SHA1
e99d9b8ade67fe8535465bb539a66d9acfe65e45

SHA256
f965e4026bab7f54cedd13f0d798eeac7e323f65ab4e1a09333f9cb015560f68

SHA512
da98fcdf0f15ba5e76d87dc352069121f9dd03fd325d591de10b159e72ffcba8ca0962d44ba6777453daf45454254284f1543a6ab07c6bbe1f8fe507ed03a0aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
377KB

MD5
9b61b5fd9677652844c45f36e71abb4f

SHA1
25219861a0cc1affeefb59c0040a74e38d4593c1

SHA256
826ffdd92e741b069bab63b4f138ba29a62692770120da66d1ed3ba72957b6c9

SHA512
cce39dba82f0ff066f71cb371e31d2a820f82338f37a8c82f7b3709f42cc8bfe7ef5cff1cdabfd0825a2cc1a5ffa5ce51c01e1891b1be29c18eb2e9a07fb0ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
403KB

MD5
714e7ed8d4cc38013db0d5c9fbff48bf

SHA1
352486e56f14b395edf4c1ee0bf7c50f224a3ff2

SHA256
37d6113cc70d1717825af31a4568f4765f23ac6be8e1f69afa2d7e0e0c8fa1f2

SHA512
0a320952e85822e6ba2d63671661861c4fc4a723b5dcdc65c225369c6ec0d257ae9404648447758ee2eab87c335acce5ca7e89799b017bd0f2564497ae6c291f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
498KB

MD5
94a27146ad61d47571b898e0c7ee6793

SHA1
6049a720ff5459fd850d61a93297262cf01cb2bb

SHA256
b09669b3c22022066a86a94c93e6a26311d85d350094cda6b2732abfc74a375d

SHA512
f914e87fc4545c3339788e959c688e9b49743f10a08a0ffcb36993111f8b0dff09dc6877e33e821bd05e0bf6b4c473583a00b8f8fe9e72acf7c399dae894420a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
456KB

MD5
7b2d782ba1fbe2c2e0d5082fcc3d57bb

SHA1
814f05fe003859b961dc13c402bd8fa854f7e41f

SHA256
ee44c33712ce7280a97b5ef46305aff9e351ff5ce57c7e26502fd3e302ae7554

SHA512
c7438ef2b40080c5b0fe28ca76ebefd0291b27241533b04beca38e98c2d88f51b1e43922c3a4cee491db2b89f5e2a4cb007ed7241eea746d57b86f5d7b3b064d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
502KB

MD5
331bac563ff64febf1e84f01437e7019

SHA1
0fcc408fc4ea6d79f4613bdb66bdec2a517bf2f4

SHA256
3e31a0e2f72da10e914fd68d2dcff71a5856071abaf4b6f78f104075bdf0f127

SHA512
94ba11ca7c857c6b0a034e452f8614213f9f7582e7a6ab0d06d59dcd0068054ad046955375a2b6ed7cb39d26ea0bce91a37c5d5e412f37fc1998ca9de93a450a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
500KB

MD5
d0f0df51a9328880a20171d669130bab

SHA1
1935f8f05f64455ad9e06b9df596d62dc01c79f3

SHA256
a0082c5e8d8e6201eb87ce0682c67866b56264f0266fdf62559a27336fdde668

SHA512
1da7d06cff119cfc6d9566d747e166ba8d388ae97110763d5d7a02bc7084e85e19f242bcc98561fedd76a32fb4dc83b787830dcc90058c208b6cc89fc0a176dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
685KB

MD5
114d38110825fef3484ecf4d966498fd

SHA1
1d57351678bef9e8472a3bb1d73813fd583ae18f

SHA256
ec4da54ef2951b117b270de896e3396c73e6023e27c1888190f8531fce71f112

SHA512
ed497c73dfdd398f114c636f97c491903a695c03d9bced749cd9b759a2c1376c4b21576b7c410e097738d253dfd2d2eb020790c499fddec389ecba0bb85ed44d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
153KB

MD5
b21ae2d5e8560a73f9dd3f99860e8972

SHA1
62647382f48913a4dd72f9e710fafe4de0f80d35

SHA256
5e429dba28746a75411f1a306a96420243ac7aa8750d23c114ac83dc5d1099ea

SHA512
21edb99e59637c795ca32a366a74ad805bc5104408e62472f1d6ace1a210ae49e7bae88a01096f6e93e1a9b1dee75a482459f78fa46a657e974de1fac97c672f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
495KB

MD5
cfd87a846ee4ece608a2d02038d5a7fd

SHA1
f215e4547c148f6c0bc2925761ce64e509fe8b7b

SHA256
214440fc09b81311a6d9f2e7c30bc89b0dfd8ded9eadda8d29e9d65b8dda2cb9

SHA512
00e848fe3452ea566b890575d9adc00c57f6abdb5f966a43a29f973c7b3ce745bac87ffd6ade0622fb39a67ae3d6e9e8728fc47a37d790f923ca9917b953d67b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
80KB

MD5
fd31097abf125b373646d5cf220be0b5

SHA1
affc0d5132791a45cfad8cc01f8c71528310cda5

SHA256
959c11fb4e3fac24b3248e78f67b64efe0a74b1472c5071699f1ce5dcf953e4f

SHA512
cb755ca94d23539d6f899929b7d2306a5e79694aaacd220cf9e94769c4b8e2832a441d3ce9ab96beb15294c1a1e23e3f40452d42b58395a64400217a36d228f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
22KB

MD5
40b5b51a00af1046d4711f3d9d45f815

SHA1
eaf88f767f95377b413328abc14199a000be47a2

SHA256
b15cb3079d7ff134d729fb84746fc8e1a34da3bc1d7c8f7c904b94e58fdaf23f

SHA512
e52c5efadabc8ef22a08b7682ef71b495f5501b4315e2b535e67e7c0f7106548ee34a1a5dda84291c77ef4abf32c840296ed9a64cc7ae548f8467236c6c7e282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
503KB

MD5
89aa0091de84d819c706f14ed503fe95

SHA1
9c8257458933c82574f6f6d207f14aa71be89edf

SHA256
25a7441bfaebd778731913d6ffaa846b10433ca1648b10aebe9e3c7e0ee40640

SHA512
d010ed568c9fa8fe64d3a9dba244d4c768aa924742c0f2011a33a10acea0d48fbfbe7b6a5fc71115b38950e74782aaedcfdfbafd790c4556d9600f4b646dde40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
274KB

MD5
cdd41575bb5d534d7170f15ad4a0ff58

SHA1
91d7e79d862b25a75c8c956901668f3376bb522d

SHA256
c0d3f4189df7576175e6d4751237b1753956c894b72e1ff161371f9eecef6d98

SHA512
060f9af264c39e092225589f2e3df390fdd88e918106a121cf43e50c49bd939669987fd4dfb4e06c9cba324d3be27c94e5bce4dddcdb28e5d7daf90ebbc751c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
491KB

MD5
4c160f68d587d67a625fa2413f4c7f06

SHA1
1b7846a56b75e75b16b09655da6e526d539a08d9

SHA256
205f0fee8431de9d631998cf6fcfd7d8bd8658e9f29afedfb52ba65747cf16f7

SHA512
229eb1add9933ea10a18955a68d767d9fc8649ea646f505d918fb8c5b88076ff380f95ca5a06dc458540a67625d015db936a1ed9756cee854cf9b22a02e4259f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
511KB

MD5
9b51024792471a053e5cc6cf05a97a08

SHA1
909a184fed43e027a7bd794feaf5997fee5dfd60

SHA256
04e1f3083850f9b23b8d95c5d759b7e13676e424111ceaed5b0fa1919ed1bb62

SHA512
2e90986f2863aa6ff4da80dda46a3f2d2fa06829e38ee7e33e2e87be2cda3444f59a7b80b3533c809c1ff4986c5ab7a09664486173fcf52693a5aa16fb19cf9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
125KB

MD5
0ca44ade64feced07cb91c8fff23c1e4

SHA1
f5c277b63c93bece53fd4ed2984a7fb9974b9e74

SHA256
eeaf7de7edffc5538629df507b8ef15d369f29ef019e8551c953cc1a70939984

SHA512
fbcbdf6b262166ffcf48f42ae6d407b544e7920d33749b96ac63b045411bb792e285dc449c820da2d13536d6c4218527c73b13f36235c70a38280c8d9ea479ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
698KB

MD5
b7078f35984e5926c15d2a0844b45ef9

SHA1
e6858c9f09c35b97227efe7973a8761ee14246b0

SHA256
4d3d1c91ca5ad6365630d1043563afaec02930ad53c79200f142fbb3604a6da8

SHA512
684ab21e55c68c377de4cd53c9b4f1859457a91b6202b4edadd0dcca47aae5f5fa17d006425a396a00f6efe68bffd7784227251221b127244d9d2c04edb04773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
474KB

MD5
ca39ec6333e52e1582d08b4e65d769c2

SHA1
f719c98e70a40284b28e1588503bb04d492d6447

SHA256
18a90310f39face59e085ebf31a6199dc5383ef9e4b36fd5e64bd6b5ec06b376

SHA512
109ffd4e6c283e2d852a6de0231ea79c1914bde1567f7a6122667e0cc1203b9e8b4815ea933bd935cb44aaaea16e859715088de506423e59be8ccaf546a727a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
507KB

MD5
242f60d7f933122abdb7b6f81fbb16ca

SHA1
8fc76cd71988ac767dc76ab1e66cfea877d09231

SHA256
c148f95de443b360d32e3f2fa905a018188f4ecd8ea24376d37e1d99dc9b90b7

SHA512
a38f626d9e24fb8c17144e1ec6dd04749734a5297fef3c55fda5da857f202b3b2312702ed6590ba1388ef7b22bded4fdcb9edce7e5fb310359ef7418ac06d5a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
481KB

MD5
40c2f83f65fd06e07a4a502f71af9c44

SHA1
d56170c7107d3a40c2816892a3058e80d74e3f51

SHA256
96bbd0f32d6177c7e7ec00ba80c1a366e75e6ca66f1c22dc393bd90a9a6d2cb0

SHA512
611fcda4c0c319484196ed2219d939f6eb04e44cd8cabd285d56e7ac4f1033053a3ebf3de62de1fa85bdde1e22b7ae98eaef9e4a91b66e8ee30af1a5781d7d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
297KB

MD5
c11904453f03f3229a8bd9a151fb4db9

SHA1
fa419ab632d8a533b6332aa85abbf90b90151080

SHA256
75e8b95891e7ae11b4f42753e720a7ba9245f2f86c26fe7d48b5eea2afc9b910

SHA512
688abf15586a6c3ccd6fb7128116b17de16563b1e0a47d7f14df06e63b43b5f7c013730384454ce7c641e31581651ddd7f393df3dfc343fc747bf7876d4a20f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
61KB

MD5
91bcca5caeb9a77498d7db77c1ded823

SHA1
83a511e1c8eddd07de5f878a46eea284fefe3949

SHA256
bb0ead5666707cbfc7af8c4228a902965c9e3a9f801368b2ed086a890b380dc9

SHA512
a604874e3cbf4b2e28e7776867279dabfa8a6bad51278ea9af010f49b1f939a03ce4d8050186ff5c414214921f5fd7187537a5fac3924efef64ef886459fd135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
387KB

MD5
89c43e2621f433cf8874a1c349afed7f

SHA1
e164dd05e49f445107435bfc8a72f30cc3285b35

SHA256
3ca69b212aea1a473463d641a5031d2b38321534dd33edc492f8c64ffc58b762

SHA512
279552ae7ec98475fa0c3845d3bab46688ef80452fe5c0ef6a9657314177dc65d2dfdbcbd2ba4ccb6b81b634a9ad74d113b6672461ffd750c6e21b28ded1a0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
396KB

MD5
82175a812757717bf4ac9abf0d400ca9

SHA1
fba1a663a380af15b8798d3ea009c78e2033448f

SHA256
b65644e857846d05663daed30780c6c8ddfd4a02fde86957de72c0636cd1d742

SHA512
bf4d34453b17f5fe280f742c9fd58b58e748b7de5591f7a1d92b8681d553c4db91a23a9b267f885e8700a7098ea2319a85294e3706bc07c9b1d8b669549f7a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
42KB

MD5
04fba2775d099a2b041e5557d724dc32

SHA1
d5e91cf00f2e6363274ac8d88b3a5df3372da89c

SHA256
05971fd66fdc337fd050f9cdaa88542a0d8bb23775e0b8c0064cd4af15b7d3a0

SHA512
27bfbb2e2323a53214b5eedc57264d9f9d7f50ff5742510168cb1b610b09d48d0a7483d7dec5c5c127dbf334b7c038703a4fcc0fcc96ba9587fb0b5b5dce4544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
47KB

MD5
4c011722ec94b690592d02699107f3c4

SHA1
c2b9007b7c9cfc7e99def8f851726bb1a8a584c8

SHA256
3e819a0f6d0316f065c2745ccad4bd3f59d1375605cdca0cdf80a008fab0a60c

SHA512
836b79931a58c063e7e6fd634f393cbc35651a1ae8b53eaf5a6071b8066a3a36b5031be37b415793e84b140a46519ed6b5b612526ad672a6c1b8a02c969a5601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
432KB

MD5
057852173e958810f1de0e8adbc9d462

SHA1
bd05e51244966615a9dc2b0119f7e8cfa64f22b5

SHA256
9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7

SHA512
230ec42dfcea740b4fb37e3c7559da2289b7bf2025c465bf055db75659c7f9f05ede374792b046ffb3365f8fa5dc34e23f1312984c195c32a6d42147959efc86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
88KB

MD5
94676e314a869cea8b70fc6698cb2c48

SHA1
c681f9ea637011a45fa30e4750098dee378880d5

SHA256
92090a2fc2ee13f67411a5e5778e3265e7401163c87beffa8e0392ccc765a8e8

SHA512
59bbfe9127e937271e5ac8443681dd48c7bfa882bdbfe3e340ea145ee8b6852d9a612d67f51252985fb0e11b37cafb42eb3a7e33b39c3af9aecdce3c5bd98e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
79KB

MD5
b0ba917e21bcda856e066db31f2f0e37

SHA1
786f0f9b8d6868cd32b7e82adc68214097cea280

SHA256
7e9424189ad2e25b3ce150a574fca0aad2e0406b58611c33cca52fbd8d972591

SHA512
a476f7d1c5a26c8a768f699fdd17f89c72126c437a7409998e5c4ef094d556d8c9e0b30c872dd78138f530f95c00ef6649beaf20f57f556c7f1ddb97d4958dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
96KB

MD5
a90c493e75dbd61aec1195dbb9bb6b06

SHA1
a3e3ae8b6f79820b0b393a92fc613f50fb9f03c6

SHA256
ed64c5d83f5fcc357eb8afd0a7b8d9912cae97d88dd57cccb64787bb643c7c76

SHA512
4c3bda6554b08f9378fca75fb24fc9334534f365de8ab28f83228d95871d5c25ca90ba3945c390dc41ed176f4258df86bd5db1849b7d5bc09f257d309cd66cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
107KB

MD5
762e762ce4f4f602f7936cdac9905366

SHA1
ff9442e7a5a83d28a60749d437af2d46f4f9da97

SHA256
d12f464576228dc3879b30775fafe389472bdf021d2d11cea365ccb997ca6c51

SHA512
8887b692bb3b5d286d672c1ab24fa3d85439a3b6dcd27bfefa49b92a91abb2c95414244cfe1ac73d720811e4a8ab177eabf847363ce966d3e69c8fc9d5434157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
104KB

MD5
920533ddd1d6ea543f7fc3e89b4556bb

SHA1
bc11a427dcb55d1354a5ea07bbc353c57fe9cc0b

SHA256
d6d0905419e1e821c57189396db46ffe335960bd68befedddaf9e73f3f2e7a3a

SHA512
08edf9e3b3b03eb44ec7b194468eb969e72d51b0c66946ece974d0d6c1b8b738facd155c576b8dc1302b0889a5c04924c44b91cbedb6ed0c64c72c780742a571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
40KB

MD5
7f675dc438e7e4563b51eccb03ca34de

SHA1
992a1519934c3611950e1be9629ddbca976b4015

SHA256
7ea26e7edbf14bfd5c660e16be07cf8e446e68958bbb03f3c324be033e8c5a96

SHA512
9406de7b35ea58b9493d7f717cf9ee79cfc15a65ac25ffbbce28b4217a4bd347ba0eab65fb956111d77cca85362f57a0106b9eccd1425f4f8fa77f0fdf20997f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
72a39b88e33f78df41d6824e8762c2b7

SHA1
e8536303d0715d99860e8b4e216651c83bba0028

SHA256
bf638e539645a4ea13f4f45ecb128c364b02b538ade4d06451072761dc2d27a1

SHA512
a0bb24078517e9fb6d64ced92c29161dca5a4a259c8f56eb1af0db89f65c00c15247ceb26873bce78dd01c436f4a4fc7892f96381713f49b4c053115c31457fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
fe4d531d1e71f11de58c49aec79455ea

SHA1
3506ce7351fccfc3d6c74f1e95c16db7af6b81d8

SHA256
de977b07ce4380ca849e7d3b09ac79fbda66d58141fe148e2511cb18d0ac5203

SHA512
0769e378d04f86a2f313e79bec785e7e50b7bc30429d4f1ee910ec261ff6d99c29f445bf1c957c706bd75b2585ac8a2addefa9428244de95b5a219ffa9c75790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1f13e0a1b5ebd669a55c10f0e08af160

SHA1
02d8e88f0c79748c417b7e13f56be1e9af039057

SHA256
7c3617e0ab9885c3e71196634d9bb533657f6d2096ea34dd2b4e6204dae28cfe

SHA512
18ad555f66447e89a4e6a0e24a0ac674243dc5b01c2fc5b705163e6af006f0fd955c3f128a220b7a042044bd1397d96668aab08186985d2b661f0471dde95541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
fa331bdc7a892794b57be9e6a0be5acc

SHA1
c9bdd30d0167e5a26b14355ede493be5235225b6

SHA256
cf8916aa778eefc7ffacfc49cf843cf3250f2f800811942363e6d7bb93283692

SHA512
72efa1de069c3a614ed3e84e07190f088b99e1e8ed9078ffff1f77d1da19b771d57b2b055663adcfcb04aa51f585390d718d9cf27634fd0ac92b79ea70d29ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
262772ee256ec89609eea237cf277fc4

SHA1
645d0c80349a747149a0b359786977417b9d5394

SHA256
898f3a526ba851a56a6f2e28ab0fbeb1798629b6196801b307788e71ac7785a9

SHA512
a10b2c405a97f6df01f2440d6bc9dc3aef68f43730138ac9bf503236c144e82806579bd0e09ca5dee34b3e02b3b919e39cb9df7d785e18e12c3e83f357a667d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52508c7f4b5e30933e394dcb8de9fc99

SHA1
082e7fb151224d44b7df49c0377dcbc14cf2412e

SHA256
86ee54732bbff203f9fe3801a2c51e469fb4c01afd21abd2d3448abd8da4bc48

SHA512
d8b00f4d8feecb97369a0d9becd54dca5f32734e49aff5321cedf4831902b9ce059b80ad8eb7c12cd8883f0d37206c6607dc100962ac74fdbaee6faafb4c20a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5bbf68d6a51ff913c790b58d7fb8391a

SHA1
81a04607ce81e489eff708f1cfe3911f1cc37d51

SHA256
47bf9ea678682240b3254340e5c17a369fd30dbd7826e460e5eaf87745b1e705

SHA512
46a39bf1fc1fbe1e5f0c022ded7133b1d44bf2aa5d8687281b1df39bd649210931739ec7b1a3e6b6aa2a096cfa15dbbd6172579286b92b8e17a1731452dfb920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
93704770a84a4aa2130502c0717b144c

SHA1
dd49385319b8a779e4a68ca0a24768e546f5bde0

SHA256
a4eedeb37feffa085cf25313850eb5efd136d0d04864f9d2efae9a011fb58bef

SHA512
366270a4f23c37c32c937d5434f675e9f8b2768fab85226d00364dd371fcbf0f798835ab6ac4873256d8860306061d600c3a83e39b353461ac163b03f9f10c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fdeeb33a94cb663ce976b5f96ca5f304

SHA1
484ce4d3027c9be2b1a58a1f2a99fc628ba3cd24

SHA256
90dda015991295351da25b8c0a90b6246164eb8918e812c022926b48452eb11e

SHA512
03bce28d797e232f9858172612e79a3a61b175240a2452c7239fe00c03a46498cd55aae357fa9c6d0af84c8bb64774cbdabe415f3310c93f1d17041024a61532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586424.TMP

Filesize
48B

MD5
ffe03e6f3bc3600dc82709eff52b9e6b

SHA1
c26015ade6cfd6eb75b3154274a03e48d5144d0e

SHA256
100f98abcc43eea74079bd43c463bf0a3b9e0f75cef4bbddea27ebf81cfb1488

SHA512
3da2d89e6b43d4c0fee6fd85820d402e7f110f73b05287a9aa028aab816707b4440656bdcf3014756c261307e869b38989d66ce3859d7e3577d3e26e0379fd16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
52edd0cabe577d1a99139b7e97f6bf13

SHA1
572fb71496296457b8a46d07066886153aaf84e5

SHA256
81ce3b68c486c927d37105923da53859667251c348a3d66989023399b4f9f277

SHA512
f40b8d79c36fb90d8c361d6c389a6da09caa4e074074511fdf1d3620edfb4341443e1978914673bc1eaf979ae0871091b66d9fa15e44160256ea620b8cbcb0b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
d6ab658cf4b166ad2a9042582c9cf957

SHA1
8ab2a6a4177de188e4a92ee5bbcae96bc67d03bd

SHA256
23d967d83cf9e1c1a2f5572f6c66e7f21a8a9056efedbae6e1028ee0487cdffb

SHA512
bb129a59b59c83d9e69359a18bbe5a166a029268fa79aa8e0430f6fd26001453541f3c99eda2531945c944944b2df358f511ff369557038bff6b903cf14c9148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
7983ceb37026ce024e663c3755bc1364

SHA1
58782d105126912bb5ae9c0e3c7ddbcb755d970e

SHA256
4d852b15788275231ac073aa33638f41622f4a0970357e1ebccd65d45ddb62fc

SHA512
1faff3b0cc643873ebdf1f78ba9cf4315abcc557bb69bde286737e26e93aa2939ce2a85dde51ba81d4b750485d802f3f65172c78be59024f6c083de212614535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
24b8e924aaca7c9139f0817ba3636b5a

SHA1
1116b1d6ac863f51bed5acad34d5f846f190d189

SHA256
fea435c9481a233de9cc51937f76c543cfbf8e0d89d06ada7b39226098d03b76

SHA512
ae977256965c9a0f44f8c9cd725a12a93065b3db78782a7e048a9dd0d6f2369663eab9d6c54694ca3aa364fe86ee13222f2d6f00d1144670d782aa7800700fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cda71e2e-9e5a-4336-b91f-40fb59d29b50.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3344_1174285045\c21be1aa-5c65-41e3-b3f4-064ad3bea566.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\Downloads\Nova.exe

Filesize
18.4MB

MD5
3f886e3f527615eab1dfc5a54021a252

SHA1
bc6179374305b6d9d3bd3a6959336a24f8e298e1

SHA256
829af67d5ce7430ba9f3c73dd7eb406f102d4e9a94848c112f15897b31ce2a0d

SHA512
5853758a1da868082805c379c22688a9c958b3c484e119a82299afa81b7e13191f3b6b2dfdaa346463f7a7f40c73f6319860ee0855a4f7cdcee8027fe42ff7de

Download Submit
C:\Users\Admin\Downloads\Nova.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit