hxxps://click[.]discord[.]com/ls/click?upn=qDOo8cnwIoKzt0aLL1cBeFE1RlVCKJFF5zAq8ml-2BFh1dq-2FeX22E9yMPFmLMSO5CYgCqmr54DCjgRmTX1MkIKYsh5Pm9GIapWKHVaOpvguITur-2FIfcLF-2BlNhvkfwz17hiOJTYSS5m4Rj9lpldMlm-2FsihFRFh25SV2dVNn-2F0ng3u-2FhQKKKQ-2B2xXuUel-2FMf0T25yxOzuzpvHBfKh-2FiqXHrtEw-3D-3D_8Jh_hke5huqzHo2yFGKhTAn3zIHJ52q9YdT47ELxlGQISwbtm40QJi3-2BROPYSU0acq3RS-2Bmd9vRMKx6bgBpQir2Sr-2B0Lv0IzWbOoFhw56TJygBdwavLzNWDwBGgx0QpS-2FUnnpmwGxxjNaCQjKeKSw76illfFznr9fAp8a9A2YhLwlucEirPlx66MCnEgocod3e9Pr3qHlt0lIyPTQBkk4tYAXoFzCLmL8xAi0ss-2FQZY5EW-2Fk5LL5hG5-2FIsqMHafNTtY7

Analysis

max time kernel
20s
max time network
22s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
21/02/2024, 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://click.discord.com/ls/click?upn=qDOo8cnwIoKzt0aLL1cBeFE1RlVCKJFF5zAq8ml-2BFh1dq-2FeX22E9yMPFmLMSO5CYgCqmr54DCjgRmTX1MkIKYsh5Pm9GIapWKHVaOpvguITur-2FIfcLF-2BlNhvkfwz17hiOJTYSS5m4Rj9lpldMlm-2FsihFRFh25SV2dVNn-2F0ng3u-2FhQKKKQ-2B2xXuUel-2FMf0T25yxOzuzpvHBfKh-2FiqXHrtEw-3D-3D_8Jh_hke5huqzHo2yFGKhTAn3zIHJ52q9YdT47ELxlGQISwbtm40QJi3-2BROPYSU0acq3RS-2Bmd9vRMKx6bgBpQir2Sr-2B0Lv0IzWbOoFhw56TJygBdwavLzNWDwBGgx0QpS-2FUnnpmwGxxjNaCQjKeKSw76illfFznr9fAp8a9A2YhLwlucEirPlx66MCnEgocod3e9Pr3qHlt0lIyPTQBkk4tYAXoFzCLmL8xAi0ss-2FQZY5EW-2Fk5LL5hG5-2FIsqMHafNTtY7

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529772003960976"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1473553098-1580226532-3330220195-1000\{DBFF1A74-4C86-47D5-A3ED-57C55ABA8261}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
488	chrome.exe
488	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: 33	4804	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4804	AUDIODG.EXE
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe
Token: SeShutdownPrivilege	488	chrome.exe
Token: SeCreatePagefilePrivilege	488	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe
488	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 488 wrote to memory of 4988	488	chrome.exe	38
PID 488 wrote to memory of 4988	488	chrome.exe	38
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 1736	488	chrome.exe	81
PID 488 wrote to memory of 2100	488	chrome.exe	85
PID 488 wrote to memory of 2100	488	chrome.exe	85
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82
PID 488 wrote to memory of 2028	488	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://click.discord.com/ls/click?upn=qDOo8cnwIoKzt0aLL1cBeFE1RlVCKJFF5zAq8ml-2BFh1dq-2FeX22E9yMPFmLMSO5CYgCqmr54DCjgRmTX1MkIKYsh5Pm9GIapWKHVaOpvguITur-2FIfcLF-2BlNhvkfwz17hiOJTYSS5m4Rj9lpldMlm-2FsihFRFh25SV2dVNn-2F0ng3u-2FhQKKKQ-2B2xXuUel-2FMf0T25yxOzuzpvHBfKh-2FiqXHrtEw-3D-3D_8Jh_hke5huqzHo2yFGKhTAn3zIHJ52q9YdT47ELxlGQISwbtm40QJi3-2BROPYSU0acq3RS-2Bmd9vRMKx6bgBpQir2Sr-2B0Lv0IzWbOoFhw56TJygBdwavLzNWDwBGgx0QpS-2FUnnpmwGxxjNaCQjKeKSw76illfFznr9fAp8a9A2YhLwlucEirPlx66MCnEgocod3e9Pr3qHlt0lIyPTQBkk4tYAXoFzCLmL8xAi0ss-2FQZY5EW-2Fk5LL5hG5-2FIsqMHafNTtY7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa4e789758,0x7ffa4e789768,0x7ffa4e789778
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:2
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4620 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4964 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:8
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4568 --field-trial-handle=1780,i,11914823536599461024,14039755159824585202,131072 /prefetch:1
  2⤵
  PID:2476

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4016

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
78bfa8a2e1a8e884bfd67764fe80ce94

SHA1
5f03c541428943acc2ece4f1e867a1ceb37bbef1

SHA256
ab85320ccf0954d27da5ac2985825aa628fb508cd7dc3961e0dc556cc0f04ab6

SHA512
5602dee3b7c711597e4d6ba3663fc31db20e8c57e3dccb7b3a4df44e0c0579851740adbde1b7aa935799ef1165b0ce796cf28f0b56317ce0754b72fdb02048e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5cfcf682f5a840fae8fd4747a7905b2c

SHA1
7247c42b38c3d5a79fc9521a27fd38fa1489ca9b

SHA256
2176ed115b78acb6be3e4f15972d3d263cab85a446e5513d399ae8ed1904585e

SHA512
032c7c1a6fd0a79ef68d8a54d4c95ad822c6a765cdb512045ba85bff94a9d4625b189b5d99cc6814fd2dc7221e2179d17bc85f39115d25778359cb7f84f40da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4320cd080a67ca5f1c1d53f19fdbf941

SHA1
ef53b834b91c7967861206dddfe64ff88d65a7c1

SHA256
608bf2e02743b816510b24d1093ff6093c24ab1d513562af41ce8d09aafd07a4

SHA512
24fd0f172d0b568a0436acf6dc433dcef19f9e80f4dc4eab0bac0d07eec694de940706e2d3cc3c62aeaed8e569355b55f53acc97794d8b83e99a82a951415c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a79b8d66d5dee22fe553e350c87e36c2

SHA1
905bc5a0f51102434f284989c9256b1e7e3cc14f

SHA256
cfafe436179a88c426002e7e106d7fca319f5fd7896b8ed823849996ef0ff3fe

SHA512
f42665be6dea3afbabc3348f9be072e58502ef64d8e115e7a30598ec5392e152dbbd241bb13e592e76e85c3cf2e7161d2d60498bfeb3ba5d43b8481d3f58d254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
19155a5be983963499e2fd53d404231e

SHA1
5c8a6ab09d11f8054777eab7db8facc2ffa2a2eb

SHA256
574df8bf95a33431d0319371def315fb443c975b2de62cbb83127fbc37f630b9

SHA512
df0ceb22d94cd5cd7fba6ec128f4dde4cc79c0cfdde3f58b922426c26ec9a6444ef9d777e7130fe092fed6de76327a981df3807890046cafebfef6707e89cdce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c762259c9d8c1a68e2ebec3c2ea57b4b

SHA1
ce58d321fd004452dfaff66217268c65d3c95b54

SHA256
11f2b1259132b5b2a8905ee9c0dcb0cc97c4245055ab2298e8bf36451fafc2ce

SHA512
5bb7e25389bed579647133055b2f0167a15fdb041a9f9aa4180ab42de852382fc27a16eb10e9261b88425f1ffaf2de1e1576c95588176f13235b337dc743e417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c3c790268ed9a790d73c837fa1eacce6

SHA1
b0186d4bfa5ce3dfc63b49eaf2fd8693f2884103

SHA256
ebfb2b8dc4e07ea24c3978cd767377f015856bd7a2b5f23fc83a61cf3bd99b38

SHA512
a66de49781e11488a1902d6dcb5e756d357d5b4af5d0c7e37f0cc1d791b8875c3605f26204d1aef0ef5ecd496e2261a4e49c0020c4e0ed3417d7817f508829de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
a3c83c203466e820d4e2d312af98933e

SHA1
b88b6bd66c24b130c570ee468b8228d38fa2f750

SHA256
d7a8afeb1a49ee3eb7440bfc637f2b59bb408e73f489f1473e1b5305dff7e8c0

SHA512
092cc23a8b5d5b63d53f6b85c464e2770941fca2f35b3b11050fd04fe63863e264241f610f4923ba5640bf7f8fda234d1ea3ac98b39bfcab248578cd2c78c341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
3d645ea2fbce505e9f5dc02c20ed702a

SHA1
b5e440cebd5e77cbc5184ead5171f7d9a23b36db

SHA256
b4985b07255d33732627f6c97409fc22310937d7b77776ca541a8f2cb9b6749b

SHA512
89783089fcae26b9acea00d20f13c0151f948416b749e7eb0419bf6ae773736cda849c4b321b693125e4fb4ddeaea6816aea9011cefa0e4d01b5df79a116449d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit