hxxps://cdn[.]discordapp[.]com/attachments/1260646969827655813/1266753334573006981/Opti_Loader[.]exe?ex=66b228fa&is=66b0d77a&hm=500353a6d1ceda8fc39d429700beb5f314461d2f61a6c72a6460d3616c2cbfa5&

Analysis

max time kernel
599s
max time network
484s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05-08-2024 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1260646969827655813/1266753334573006981/Opti_Loader.exe?ex=66b228fa&is=66b0d77a&hm=500353a6d1ceda8fc39d429700beb5f314461d2f61a6c72a6460d3616c2cbfa5&

Score

8^/10

discovery themida

Malware Config

Signatures

Downloads MZ/PE file

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000800000001ab1c-37.dat	themida

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673757956932591"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3692	chrome.exe
3692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 220	3692	chrome.exe	74
PID 3692 wrote to memory of 220	3692	chrome.exe	74
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 4368	3692	chrome.exe	77
PID 3692 wrote to memory of 4368	3692	chrome.exe	77
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78
PID 3692 wrote to memory of 32	3692	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1260646969827655813/1266753334573006981/Opti_Loader.exe?ex=66b228fa&is=66b0d77a&hm=500353a6d1ceda8fc39d429700beb5f314461d2f61a6c72a6460d3616c2cbfa5&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffca53b9758,0x7ffca53b9768,0x7ffca53b9778
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:2
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:8
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5316 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 --field-trial-handle=1856,i,3611837304396438380,10900355054717325290,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
871B

MD5
af5d09bd961b53756a745a0beb83b282

SHA1
4a4be936924d70ce47b6dd87e5d16df19ef769fc

SHA256
bd17fe60aa0a2f584b9ca7afd84a6f5a76eabb374487ffa0c8dcbe916c9f5cbf

SHA512
53938e2787e126ce92017015a570298981ea02a7a025fa417cf9de0cbf6555b17859f08dc21ada2d6af8a8cca6453b3c881589919506138e46324c445dbef02d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fde65ee2b645b80b5bc0f1aba0104148

SHA1
487fba75f7bf97bae9da4984429ffacd548e5c35

SHA256
c695cca1af28ab2eb3bb6d98ebe6fccfb67ef051abd0f2dc1d4e9998b599dbf9

SHA512
cea38fb6a1ad4c110044ad83a6a21708cd1881473c8dd6672e15c1b9eb9085f42d6e91b16d70403a9c9e69e1db4ee38c6a38df0417b530a56ea86c06f0a61ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1473664f565ec800d58c71e8df535d1

SHA1
ea08db4739d4b65ebb77838d7bf4214a74a1a3ba

SHA256
4265e5f2c881edca9aaf45f06de9a8f5dc2187906c126293e3597ca18a8a4875

SHA512
a302942b7c758309b25b2a75451a610c9431eff1cf685a20af3a5e700652472ac29ed6386596fc36fbd59b2655eb973696493c289a0705ae028807b7a2e79118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7841d10c8fdeb7a53d7a482372592e5f

SHA1
5f0f88cd1ebe99182fb06dcd2b49e233dee15d6e

SHA256
47e2ac1e2523de2be6848c54161bee4dc367520240fc8aab41947be1a89bc810

SHA512
b5239f8828486e5cfc4d3c4592c9dc8cc1fe1fc30790549b555ec0cff0e04f2e7a0abaeba332adb7d6af9cf25d13ca8fc18a28b3f3a30289287fe2066ba6f1e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
8603a448f6447dc29b749914251fe678

SHA1
fe167c868d3b2d499cafbf15ec1db16891c95e94

SHA256
610178d2fc431afe17a1c68e79440e8bf6bbdf0ae2fbe7a4ea50918366f2acb7

SHA512
f2e10aba1cbc41232a0c235641ebebfc4bae1510d87bb4349f0f079293b72c89bf931fa367bd444bfc3d3a979a921f830ee82ec9a0c67771dba7ef65d392087b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
52bd2e9286b2e0e1b882082e8ea54fb0

SHA1
de49bf172314eac7b86ae2a394c7f8db61968c38

SHA256
0e51f8dddb72b680bcb45ed283d60e1ee51ba509fe180887fee8065d7bbdca22

SHA512
72947023ac6f8273312174b16c108573f9d4c4e393b25ed629787319d89286e41cd19e31f1409ccf59e1a60f396f99227019266f52b67ab847eeb93ad6314e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
1994cf5599d4817f692c1ddf5f6befd0

SHA1
3cbdc8774817fc71ce280c58bca02233cac4247d

SHA256
ec47d69cae195047b6239656146af8501ed5fe5689996ebba65548cad0635e86

SHA512
825214c0c9d8e70ff74f1db69210a66e1d0580d136ce7f16607f7e3401dfd90452e3dd99ad7a4a0b6af28f99e99313c4d394b395c67409e346481ef81f66c05b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 148549.crdownload

Filesize
5.4MB

MD5
4e81cc43ff21582b7068af73baf91cad

SHA1
38de2e8983be686a9388c55d10f70a9bd2916aaf

SHA256
d0aaee10a6723de6e76d0c337b0bb3547c427d3f17b067fb570501ee7fce9063

SHA512
00cc6b34d64f918c86a087235d7dcae33e9d78a9a4b9cac6478a2e04ceab5aac01543f09e85a8b66885bc2b052dd7e60304685796e2b5e8ffb0db2de105fa489

Download Submit