hxxp://discord[.]com

Analysis

max time kernel
58s
max time network
57s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
21/02/2024, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	discord.com
7	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529818681020969"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1473553098-1580226532-3330220195-1000\{B41B0274-09CC-4B85-9AB9-548BA971A2B6}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1473553098-1580226532-3330220195-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4472	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 656	4684	chrome.exe	65
PID 4684 wrote to memory of 656	4684	chrome.exe	65
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 3536	4684	chrome.exe	80
PID 4684 wrote to memory of 1284	4684	chrome.exe	82
PID 4684 wrote to memory of 1284	4684	chrome.exe	82
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81
PID 4684 wrote to memory of 3440	4684	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc94cb9758,0x7ffc94cb9768,0x7ffc94cb9778
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:2
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5044 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5544 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5588 --field-trial-handle=1808,i,2690615217674695830,5943154408034468625,131072 /prefetch:1
  2⤵
  PID:3348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4772

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
27ab6bb604ba1f8a313915f4f99ff514

SHA1
801dce11a6e8904799e5f437afdd679b3306f56f

SHA256
5ba94774acd6d8e87cac211e8c5ab8e5845f79a8b15da91184efe061c9aae198

SHA512
e875e7d5bef686904aa8a15f10b3e506ac4bd7cd34dfe49d40611eb019aa4474633be96ccd9c28db3ca0d8686be851049ecad074817ed91ae6f06c3cba941adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4750609cb811c874fecdc78af791fcae

SHA1
70069c0bcc35b6a6f12bf0b55783a20ff0ca9ddb

SHA256
7a35a211d7c1973e36fead58de474c339ef7a55cb95c0f19eac7701d82c223fa

SHA512
ebb3431f54d738a240c102aed146752b867c25e63c9421d0b7c7308f2284f0fa2f2524c37ed9aa5080ae51897bb2aec8ed1be6a290f8c2d795b001d785864050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0fb7ceb9a94b325296f6db48d7b4ce8b

SHA1
d32e7f7632d21f28b7c31402f2e3d5b19b63ad54

SHA256
ba20b2f5cf1b3a8bea2feae5c23fd06abf6efba6da001b557d5071b988946ef6

SHA512
37f90da19f5f3571f3f62beb31d3f03f8a3e591c3fa6f9faa886a46246a888e66fb809294765e7f9cef380185508d128ba08f25d7f266866eec9920b870a7a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1e602592ca3514d9b8dc16e78ad1d35f

SHA1
9e6deda2e561e05da055f25ff685b257fee98607

SHA256
96d49818f4c6ddaacc304658afe00d749bcda86fddbca7213ba18ae3e125bdc8

SHA512
f467f0de6072580a8636ecdf6f9eeb25eebc507cc06e0fce1a721b0f08975e52f26ef732837a61b8199b532d246d6cd0f515618d4f8f5b8781c8475a008baf8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
61f9113f7e4d9b53824401f84bc44f43

SHA1
b75c08dc28504840a32868bddb5c5bafb7f362ec

SHA256
8e8282c536bbd41bd8911671617751a0a96f0aba2603b3e1bdf990bc11d44eb2

SHA512
42e8cd80bc18fbd6e6486186f02cc418b91203cd2b0ca7bf8809f5c50985dcc59f669f1fc4a5ee5e60ce40233c1171c3a81aafcc59e00316be5fd67e095263f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f1dbb06bf910c01631405614bc794696

SHA1
6e354b7fef81d84bdb16fbcd2ccf4edee030b273

SHA256
eaf1ae919497755a07b1ce8a9f6d9b21aded6e40a5fdcddccaa21160a2204ab0

SHA512
ae79d9c959a0295278afffe69f13682a7d4f4f28b791a04c737e5871623adb1ed0e3c36ce17b46e503fd143e4704f31681760c7389d5956e00fc98be4260ab18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e9de815f848d314023b2da14c54987a0

SHA1
d286a0be87396792340b86edd9514a7bdf092f92

SHA256
e4439bbbc11cdf510131af327f443b7e9a6dfecb8cf0938f64c28fdd68001cf2

SHA512
e5b30fffa9e2589c9a9adedac735e2734b328cf7c999d921dcfd634808509e398fc473b37106840a82c52d558eef94e6e1b2bafc965eeddc5df77aa7588cf03e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
daad4dc052951a97b5e0ff9f65c9905c

SHA1
62e7e88e72d1d4c90a5f4f6973a81320c2e4ccd1

SHA256
cf9c87504e7a9cb7771e678f1314909ae63aafba2602e7e77925506ce5d982cb

SHA512
45f5c8f473a093f4f378af9a4247989b70e0fb22d5ab9333447dad459c3ff273d97b0aee0839d04cec219fe3a983a522af5666ea47be7e0fc3398c8e435d5a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
f0222e08ab0ed8da9d236c6b7611acb4

SHA1
c6f9c77a579ae41ff27dae86947c93d1ec165529

SHA256
da7aa6fb773945e648b9d3e6752f6cf7a87e2468a329f8b6c5e579fd8d8b391a

SHA512
f81898d3617cd4934de56febedd735d1542dd7595c465248f1d78dff96f609711a2404c7cca6822b3112cdeb3ef009030857ccfb4cc3d4ba754c84c808f6be58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b3ce700cb7f05a02eff939e0604be6e8

SHA1
0c43ee3e41a4d8385a3acbfcb7fc41ede4b3d679

SHA256
c1ec3a422062410f6a0beb62e712caf752ee99eba58e64c4a860ee0899e3b040

SHA512
6df16406ac579bed825b03d773eec505ac1f84873c33cfba3d8340a6b030bf41dd4184758edbf1cf96847e3ec2c5c6acfd85204aa1fa85fc430eacb2db732cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
4eb025b759543bc6f0cec1275698484c

SHA1
f727615cec616e2b6da251924b26d76add4850f3

SHA256
1088b12b75609c42f44c01174868d08a74fb1cb1ba8cfff1e36ff2812866d84e

SHA512
a767b6495128c9b49d38dfa4e99cdbc74528946a0402917900433f50ffc8e24f5da026bba59485d7b8d8ac7e9d3f7015410502dbec57f5192c669d5410116767

Download Submit