hxxps://click[.]discord[.]com/ls/click?upn=qDOo8cnwIoKzt0aLL1cBeFE1RlVCKJFF5zAq8ml-2BFh1dq-2FeX22E9yMPFmLMSO5CYgCqmr54DCjgRmTX1MkIKYsh5Pm9GIapWKHVaOpvguITur-2FIfcLF-2BlNhvkfwz17hiOJTYSS5m4Rj9lpldMlm-2FsihFRFh25SV2dVNn-2F0ng3u-2FhQKKKQ-2B2xXuUel-2FMf0T25yxOzuzpvHBfKh-2FiqXHrtEw-3D-3D_8Jh_hke5huqzHo2yFGKhTAn3zIHJ52q9YdT47ELxlGQISwbtm40QJi3-2BROPYSU0acq3RS-2Bmd9vRMKx6bgBpQir2Sr-2B0Lv0IzWbOoFhw56TJygBdwavLzNWDwBGgx0QpS-2FUnnpmwGxxjNaCQjKeKSw76illfFznr9fAp8a9A2YhLwlucEirPlx66MCnEgocod3e9Pr3qHlt0lIyPTQBkk4tYAXoFzCLmL8xAi0ss-2FQZY5EW-2Fk5LL5hG5-2FIsqMHafNTtY7

Analysis

max time kernel
21s
max time network
26s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://click.discord.com/ls/click?upn=qDOo8cnwIoKzt0aLL1cBeFE1RlVCKJFF5zAq8ml-2BFh1dq-2FeX22E9yMPFmLMSO5CYgCqmr54DCjgRmTX1MkIKYsh5Pm9GIapWKHVaOpvguITur-2FIfcLF-2BlNhvkfwz17hiOJTYSS5m4Rj9lpldMlm-2FsihFRFh25SV2dVNn-2F0ng3u-2FhQKKKQ-2B2xXuUel-2FMf0T25yxOzuzpvHBfKh-2FiqXHrtEw-3D-3D_8Jh_hke5huqzHo2yFGKhTAn3zIHJ52q9YdT47ELxlGQISwbtm40QJi3-2BROPYSU0acq3RS-2Bmd9vRMKx6bgBpQir2Sr-2B0Lv0IzWbOoFhw56TJygBdwavLzNWDwBGgx0QpS-2FUnnpmwGxxjNaCQjKeKSw76illfFznr9fAp8a9A2YhLwlucEirPlx66MCnEgocod3e9Pr3qHlt0lIyPTQBkk4tYAXoFzCLmL8xAi0ss-2FQZY5EW-2Fk5LL5hG5-2FIsqMHafNTtY7

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
22	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529772066399753"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{C39C4BD8-D734-4DC8-AD68-C7A2528578A9}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 4728	1520	chrome.exe	59
PID 1520 wrote to memory of 4728	1520	chrome.exe	59
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4680	1520	chrome.exe	86
PID 1520 wrote to memory of 4752	1520	chrome.exe	87
PID 1520 wrote to memory of 4752	1520	chrome.exe	87
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88
PID 1520 wrote to memory of 3520	1520	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://click.discord.com/ls/click?upn=qDOo8cnwIoKzt0aLL1cBeFE1RlVCKJFF5zAq8ml-2BFh1dq-2FeX22E9yMPFmLMSO5CYgCqmr54DCjgRmTX1MkIKYsh5Pm9GIapWKHVaOpvguITur-2FIfcLF-2BlNhvkfwz17hiOJTYSS5m4Rj9lpldMlm-2FsihFRFh25SV2dVNn-2F0ng3u-2FhQKKKQ-2B2xXuUel-2FMf0T25yxOzuzpvHBfKh-2FiqXHrtEw-3D-3D_8Jh_hke5huqzHo2yFGKhTAn3zIHJ52q9YdT47ELxlGQISwbtm40QJi3-2BROPYSU0acq3RS-2Bmd9vRMKx6bgBpQir2Sr-2B0Lv0IzWbOoFhw56TJygBdwavLzNWDwBGgx0QpS-2FUnnpmwGxxjNaCQjKeKSw76illfFznr9fAp8a9A2YhLwlucEirPlx66MCnEgocod3e9Pr3qHlt0lIyPTQBkk4tYAXoFzCLmL8xAi0ss-2FQZY5EW-2Fk5LL5hG5-2FIsqMHafNTtY7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a39b9758,0x7ff8a39b9768,0x7ff8a39b9778
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2992 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2832 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5392 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1892,i,4147845983054991748,3538220635003696496,131072 /prefetch:8
  2⤵
  PID:4044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
16bd19e6e493a6e85a86167b8c7088af

SHA1
4e207d77b0220a71f7ef4d1870299c27e8dfef9b

SHA256
ddb953b228e9e3b4cac3e80cb5e060c2317ca132d72dbbddc3bafe250cf65513

SHA512
9a8659d5c1f8804dccf598aa29dac91b4d7bf65d5b7dcc0eb9362cd23e5b6c53677cf4004cfcd1134f5e8cb3f2a2c28c04c0216b6c04b380afcd30eabcdc5af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5d1e11cef2850d4222faa4ce55223eec

SHA1
2bd41680f0ef552037918153a36654b176dc8399

SHA256
6b79a4e1dd7b29a0cd5aebb2b05d27911233b151b0ff939afae23ae71838f27e

SHA512
c1940b8097aae1b7dfb88ae1b8308f95fa72749328128c57dde2ae92226831a37753894bc6e3538dfafca05befc6bc81a624d2e49be28fd72f79385c2d5cec22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e325204fd09a6a8f132d1827e38a6cde

SHA1
4c8b0781c183bbd175e26d816951b368afa29898

SHA256
acf430c61206d2a506e03a8b8e08d29086fc1c3f3e4398e8bb93732d646772ef

SHA512
cd1cb081ce5bebeee862f6aca8a7dfbd133afe934e20914aeffdf814beac14a7a97418ed496781a6832a627854e4b2b2f67f683a780fd70e296a5674867383c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7fd60078c397714dabba4bed2397573e

SHA1
e007ffea40cbe7afb4381cbea57d8d551be35137

SHA256
c639b898a5e4428a70c4bf2f3011bb12bc08fb2a465c82b34c5da3a315038d56

SHA512
d082a2faffdef7f93b5ff45af62f5987035e96b3675b750c2ca0615a567dde912a81e60b5da3df455a5072646f5ea4a91ce373a783751a519c9131ce229d9fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a9f7be5afda39c0df3282dd3639dc709

SHA1
3cf6bd098281809c6613c377f089389dca5ec041

SHA256
142641ee661637605561a8e7ded6c9011d0e972b22741c0125138e2bee107812

SHA512
0788e89215c287f6b4cedcf65942643a293a39711261b8aa67555f16f9b9196c81717f5ca25073d537c7a80fc96de4b3542815ca472fa715b52415a3ace039f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ac255cf881440a36e67a3e75f4247f3

SHA1
d6ebf2002039f91d3566b2efdb2130668c64ae34

SHA256
c49a39a8423ce04c3b283fb1578a502c762928c5a7986cf9d8c2d9afffee4d3c

SHA512
bfe59ef85a22613981ee4a7f8a983ad189f15702f9896ac4b91200a98a22138a25e86e4280773661beb97b75fabb43244c5067aba621a28bbf2a89966297690d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d5b7856962dfa9a186c41cb4f7a2f419

SHA1
9a4ced04cac8ae9961c69d29674ce8166c8f5a6c

SHA256
e31072d71e0776e5e3cab319646a3f7df9152c5bfb44984f00789098b99a3f1d

SHA512
eb8e44885767e21db1b9a1e59367b3edb90c8e3db6ec0858c963b2ec8412732b67f4ade79a21bc9f4ab0e2613e92dff3f6ec21125cf989d86c7dd48f8c0cc591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
304f3d0305c043fa25d7fc0b88a06ef9

SHA1
8d37819470838a6c7da042bd520788c06d9186f0

SHA256
60ca29d8b9fd5d82a320a333664340e6c655a6ea52a861ea2d31e2768803aa06

SHA512
e1365666211b4a68b1f02ba733550b2b0665174cade6e4e96b0a4f23c34c917b7cf9925f580b71415113d5197a3b4e4efaa450947b88d5733467ad268400a642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9a471bbe95e75f7784b744aa6d80fbb2

SHA1
5be70d28d682e6d4d63d0ab392217d68a671d2da

SHA256
3822ab91e052c52a42487133d412a9803e0fb7cb34e079c7243b17d87f4d46c0

SHA512
467ed889191855b46a7c3d11671cd7155f79ed6ec1587bfcaa178daa83b07e8ccb52e092295c734f5ae984da2cff8158c91edabebbc47af813c7ea56e7836e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit