hxxps://cdn[.]discordapp[.]com/attachments/1273711853750456350/1274140884224704564/Union_Client_V1_Remastered_1[.]dll?ex=66c12bab&is=66bfda2b&hm=bbd44ac996a27dda588542a19a65f6fb5107702a20038bdb21f578d6eefecb58&

Analysis

max time kernel
600s
max time network
485s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
16-08-2024 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1273711853750456350/1274140884224704564/Union_Client_V1_Remastered_1.dll?ex=66c12bab&is=66bfda2b&hm=bbd44ac996a27dda588542a19a65f6fb5107702a20038bdb21f578d6eefecb58&

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683233827363118"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Union Client V1 Remastered (1).dll:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 932	1840	chrome.exe	82
PID 1840 wrote to memory of 932	1840	chrome.exe	82
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2408	1840	chrome.exe	83
PID 1840 wrote to memory of 2836	1840	chrome.exe	84
PID 1840 wrote to memory of 2836	1840	chrome.exe	84
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85
PID 1840 wrote to memory of 4272	1840	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1273711853750456350/1274140884224704564/Union_Client_V1_Remastered_1.dll?ex=66c12bab&is=66bfda2b&hm=bbd44ac996a27dda588542a19a65f6fb5107702a20038bdb21f578d6eefecb58&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb135bcc40,0x7ffb135bcc4c,0x7ffb135bcc58
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1708,i,10034197822770192949,14872150084045676593,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,10034197822770192949,14872150084045676593,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2148,i,10034197822770192949,14872150084045676593,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2164 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,10034197822770192949,14872150084045676593,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,10034197822770192949,14872150084045676593,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4632,i,10034197822770192949,14872150084045676593,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4688,i,10034197822770192949,14872150084045676593,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5136,i,10034197822770192949,14872150084045676593,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5004,i,10034197822770192949,14872150084045676593,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - NTFS ADS
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4236,i,10034197822770192949,14872150084045676593,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3116

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4364

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4f858fa1-fc77-4324-9b06-7d0ee105c6e2.tmp

Filesize
9KB

MD5
86e363f6425ebe31c3ca79dd0867b89f

SHA1
96da9262a0ef50802d119b89494f5e162779e52b

SHA256
2b2a651ea3189c729299ca61da88dc46613c96028e79d661a4438a97b7da911f

SHA512
4646c7ea2bd468b86ac4023a49796afaa1060912152029379f3fe3a654530da6aca13cfed174a26459bd460fbb5991bb40dfe8b458a24cbd0f6c8d0f248fe0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
609bed43b9f08db36a9cac78069c8cda

SHA1
afc0063cbf05425484208ea881c08be53f5c74e3

SHA256
0147d8dd035456f4c3604eec0ad2000bb026b476139fdc2289c5252d51f0b67e

SHA512
ae9eb620b2ab3d368c0c5e6a8b7bba7b17e2611079a9ca0165534a6a08bd024907d4855109f2d696f120a897f78549dd4be72260637994184c45e8bd891a2deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9b84acb5645441bbcaa61413bea71900

SHA1
eb246189bf66545487a694b82d1587d081bb1745

SHA256
1292c26a8eb6c63c1da967a05057f34a818a5e443dbb2e5650bb8cccfc399d3f

SHA512
d3d166169116f291a3fe3d941fb994f309a37f27ec17422eead8daadddaf6b40c839d9d6116aacb2010eb0d32f8be7969468f973b03999c6fdc93597abb89023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b889cd752d878105168643a84fabdc70

SHA1
5ab1c8e2b7c3786e163b95b0ed636b67f2dada42

SHA256
45e1b68e8c1a9929f7223bfbe44ec82bdacc90bfc480f87907d16ee02a36a05c

SHA512
845c48766859784b18903006616a7960ae7d89e0484486f174677548d3151326ab9e379f0995197596fe95c3befe42aa99e1b0cbcc0c71aa2381ba9a7e6c3053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1b979d7e864f7a76ad3f6f87cb4ce3b1

SHA1
5dcafdba6b2b0fc4fb6115fb8a49ee1c64b5447a

SHA256
dda0329809ed077e3e0b1875246457599ccfda687b61e1ac8b59e402ad4848be

SHA512
3ff2cd4189d8596c3addcd490b8175487361034db9074b9c4e9973830647df236fd1df524d5082dead4d0565476030791aff8181c633ef0fae82704327f406df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c6f6bd7ecbf63d7ad397e4f2f404dd3c

SHA1
ea36fb88024db11748f33c02722ccffb25992f98

SHA256
05d310c80feb67ad106b783687e4a3a2fff7f1a83ff7750908f0609ffaff9ae7

SHA512
237b04425c51574421df75d92bd42a4916d1ea3b8618e94d6f62600a6e652beff0ffe5e57c02b0d67026572114ac3801819f20d0c7fddd757d8261316e1d73ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90c1eeb2f2e1a4e17a705021add3e9cf

SHA1
81175edb7ba263a389fe1efb9c92202e3bd995d0

SHA256
ab335c382211efe2d04a7329cc7f9e22713d32c9d702a6b30de1f62ef6b35305

SHA512
297db6be1efe5f28ef486bf874419b6a75fa685f7ea8647436af9ab1edc13863933dfc51b7b56f5acfe5faff91e92fa6b1e7024fb0a37fc492472f481d7f4902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
69302f3528089e8f52f4a95dc7e503f8

SHA1
26fde14d4f9ea416d512327fc5e3f6eaec769de4

SHA256
9744e067cdb65358ae47c72dc70f9783c224b20727ee52ac9bbf4ff236b03e7e

SHA512
26f348b056e946171ca9405e1877835065fb036f8915a910829d7e401a0f9feaa4908b862d64b6a64e57140900b2af7269c41948f178da1c324c8b2f22b6af01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6763d772a2d38de675daf806b0695991

SHA1
42d0b708946d06e57112f62a36af47560778fba4

SHA256
e4f8ac8f9b75110d534612ed2686c6e2ef5c91a6eeb833d576c077a0f2221cbf

SHA512
4e1c9c6f0753a2e2177c3db434789c2e904119074ae59ec2d13909c00cb438ddf5893056902a7ab8784c6552a4b0b3536bacf84352f201861b3d81cfab7b9234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9d5c4eba6753d2915d4e078a1a362fc8

SHA1
d5f302d5856c11336683b7f6604de8d7085ac68c

SHA256
402c078b5450f7cc10435b35fcac889946727a936dcbd88eb5abe91a4c27eef8

SHA512
86e9c234dccc4948f9144667e6267c8e104e9e6da63fa23f6416cb7846abd8158956a866fe2044141657bcef50ef41a79e0c347c070686f22c77e0b8bd56a407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25726482fe55e26e386237969360b1e8

SHA1
7621b9bbb886ee432fb8cc0554328f95ddd93943

SHA256
b666701ae7c6c2cfb11ef6fe4df4140aae7958fab9ece6c873bebadeb1f2cf92

SHA512
5d9816f30b13f5a1e04eb21df1fc186116dd2dbf62504c2bddc42d47a66c945c803cfadb0dc90bb371ad93f7e4c49e0744114e279314ac9efcce459ee4ce7168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d24f17b2856853de41d7bb5718c82a9b

SHA1
b14f5e6071ea49b3b38cc3ead35a8ce8cfeff074

SHA256
74640deb4126ff690cfa24b2cbc287beecd65e5f5ac2682810f16619c76d628f

SHA512
128f3edc1c9afa11ef926f06a182a00611bcd2f6ac3596dadf27ca547241fd87d4b4061b90c2205f675f173bce941992e83286de91195701866409ae9ccbfaa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b51cca26ff771344810dc3f617a0d9db

SHA1
ab4017990809055d21b54cae5936dbedb66f0d7f

SHA256
2cfe509487b2cf8e67ace081279ef56365bfcaee8aa98006bedefcbb0d3e5cce

SHA512
41b98b8821d0c3e1695f37e328cff3d6e21f6a27c9b2707f38e2190a7b919c2b583c2c5e853dcddf7894ae291e27e1785639c462f96cb5fba6b53f501a84b254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d527165a8e9bed16774e2bf6a8e113ec

SHA1
02aa3ffd701d2cee98274b615b38d97611febffc

SHA256
565c4f1d11a8e77463cd976f2736a50e53f12a335249aeebd53793bae2e17a36

SHA512
632d38aece24a1c4aeb3f29a418228939489b92698b1574934bebd20fcc3d61914959d7ed02844c8840ecae90b6f72d1581929b90d103591e5c98f8290742ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2a766881b39369895a7042d1df53df7

SHA1
b868db3009b1d8da9303db84e04f178f4f2e1538

SHA256
e6d089dda62a0f6f5f8cb0499b87f5a230f6f4a0670d0dc8c30bd2a4062019b3

SHA512
e6ca853c04a9cf5770930b0451ab4a83ccc97b135adb7232f4b0762b17dd0f473d18b03351ce90eae340ef5f6f394981eafec66c4aaa21aa1ac3f23e0a2d4452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
165d53ac9e496626a578009668050d7c

SHA1
dfe866712b99428347ae2a0a7a676e86bd1e961a

SHA256
525b2c3a16130efc939bc234b3e58ffcc4a0a12c8c9264dde52d1cac5c2fb5f4

SHA512
472d0c06ec21239b5ceeb575b6a8a030d5bb81191892e4b0601c2a6fcefaa4b24034a4a7af4fdc837c115bf2436b9b9d372508b1304f3f424dc45d0bd203f690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27026b8f4a755233ebdffc1bd07e78e1

SHA1
cdffb183f9f55b94a216fb9a70194a4ed438a1a9

SHA256
647ee7ece8cd452abfba1e3bded6956a5f5731ea30010a5fb103da3ea81d1b64

SHA512
76f93e30012e2815ef2282d70104870ce48c6cdd7212fd8a73c8e8aab4aa516cb193b334d9975183b7399c7248c618c5ba8b34f47fcf6d459d595db7a38e1372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29e33a3e84c7c6c0d5edf0d8e2011103

SHA1
7195ec25b03e7309e7ed39314b45cb40fc1e2645

SHA256
cde1ac4ccafd75c7c35d54fc1fb261c1d1c69d0d3b85dcd85b517dc65224a2ff

SHA512
a45c159587bc743c70b2d8ca7457d81862c2e662a22c0bd98d4b05f587b34caf1137bca20d0d969021b70ee17bb8d0f5fb535ae8d5fcb15c5ca4fe5338c825f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
684a1e9454e7ee2f9ebddcf41013e8f2

SHA1
911ac6c6787f76d9d5d1e0aefe7509e982be85ab

SHA256
afd9229cf1376d90f2162016cc2609c5a2d482d2ba0e88867207e1b00b55f91f

SHA512
d0cef7ff8adfe8187fec8cbe2a6715d0d3dcf8a0730ba4e1cba67090fa22d374179aee84cc7b6675e728ffcdb5ceb4a68ff34cf552d314987e6b3f6861889c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
898bed990dd4584af4cd58d62d4d57f0

SHA1
7ef6b3e878f6ffa1f3950feefa7ab583100c2a6d

SHA256
2ae12e935ce26b6c6c8ee994535d22d467304abf45cde33095ea5b5c0e336d6d

SHA512
fbe4eb03f8565dc3d74a883ea394061d1441ebe0d57269187ec1f91f9608993146f8e575b2f21fd811329b270f0045d3955c98e912b2099360df4ece9c6252a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
14bf1c07ecbdc7e5440e047d657a6cf0

SHA1
f47dc98cf0525b1b91bd3f7244e0ee05c6431cf0

SHA256
8b2b3aab4a54dd12cdb8c4543001e7ea649a128b3fc05b55ddaed354cceb6b03

SHA512
913993412107b22b5bc85f09ffb95dbd4b66b7b2b5f9d4635a1e3f0cb5cdaa492f62c9efc98e7fb557436f717652f28e4f3607c8738898fedb8a204177a74903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d73d7410d1f0dc2565b6994ac2d9264b

SHA1
b6fecaf7147d6db971a2ad2f5b662655a6e73d0c

SHA256
2e8cfd61fa1ecd7523e56bb876ccc851d3506292c33742000f59fd4511a5e24f

SHA512
eebc51277af726063d98dd7f53f7c29c4bf3dfd75eb735f86728d80beee1b4d7c328a62562da100a35c918dad1daaceea3ef2c7bbd89b857db00ff96ecc8bf1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39f06ad821c67d0a3c65d7a29fb329f5

SHA1
6e8190b5a1b5711f9af8e784dd208e3a51e31d3e

SHA256
3dbbfa6a9a8588c12a691a399ef226c393e458872918dd0c353571788922eb66

SHA512
2741d03222277f1a5ca815224688e04a30263cdc8af6726d7a319b478e86d66f3308fc7dae5f3234a0c419e5ed0f1367ae1255a9c8b5adba8fc7bef57f76bab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
053c9698bd731eb21f2179d36e13963b

SHA1
f94b99b5b7b5fe67849822dd50d689c8c731c418

SHA256
b030d73ebb2b1185290bfb11b4a29df8cc12e79f643d5a969027b27671420694

SHA512
eaeb7ace54faf7a7bccb76184dfac650de0b0604bcbecd21a030eb049c345d2b215ea82c7a7d092ada6dd94f3b41abd08817197618d1f3d7ee2e1db77d8b21cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91a812a3fea30254bbec28d58f75453f

SHA1
17ee8dcea80b4cce7e01128a4edf6ca87ec80891

SHA256
cb53faec28a1ec47447932b2914ce197729f0a45cee9e526c532bd154549caf4

SHA512
1b5bb0eb07216ad1eb3c1696015d74ad5174175eb299742d92786b32cce5c0b635467ae15c6e7e4a5e8053e7a2d8c240a4179bb9076773091e4bfbf9dc21d734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae1d695fbeaf6311d4b4735c052cb90d

SHA1
f05887fd2e430bdc17aa91dd641f4ed27577f1bb

SHA256
dd9ea03569253fd6ac77a293f4e3d6fc63c95f1d07e80692372359418385ca6b

SHA512
0834a4a8712606f7b8ecb007449d7cf8514a6e855d5dc3352541d507f1896ce6bd0753a38a318ca9ef3534f1e6271cf11200366d04c8323539f5225bb4ab79f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95278ccf7db6871fcce85c25e2d2d714

SHA1
eb77df44cfc112425c66da5512fc59f076167e74

SHA256
88507a66bcfc7f602e5122787e680e1d52c76b27e7f536843c7167ae6849f99d

SHA512
6da6915e7a9a920a41fe30c340d96afe56ae6404a3996241e9afea279468bdf86c0244dbd925b3d8ebe22d3442d160d937dafa2b376fce54ddeb73e0818226f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a13653e5ba9ae01b876d9bba2a8ecea

SHA1
1f4b704aab42090b38affe3ae0a9e1593a64622c

SHA256
b60fd4488f3bbae9f07e4d26cf0beb242f7f8432fd8a6b3c1435e91303dc70cc

SHA512
b8c7dcd8733181b22a214be18a18b290118e8ea3c4d1b783f827a19fb7f17be0ae13a59655c749db576d65b090d68c8b079338ec76e41cd24e9dbf419838f6c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a54ae1c86f64f2d410baf0e2884ac915

SHA1
c6c46ca372e830ce21ed14dfa8ddeb746d3a0132

SHA256
5f8a9f1ded6dbb9225fbbf9653ff15ed6014736dbebe39049735d5715716a18f

SHA512
df91b12bd73747e1677669b98cce65452a8ef2ddd7ced0afc55a359cc324c3eea54cb39581f8c70c74f8cb828d38edb3ee809dcadb34db4505f3ac8d1d74bc27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe9b8166acb8a73ad71c348e654e094d

SHA1
3772c7360385fcd449ad8e7f275e5aceef641e91

SHA256
aeb689050b7edb3b657bbfebd89cd73a9cf79dfc07e913857876210ab1099c9b

SHA512
8c665ff255ecc611fcb18237b183aa7d802c91608e0b5ac1c0d50c6b337f5d1f73c6668224af06bffa5534b85c3360b79711e8cf6c4d562b078c45e3171516e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0dc35d1217857bc1c9de5bd5c90c914a

SHA1
93064ac8e9ed043946b57a3d9582c6fac3a6f7f8

SHA256
717b24271c353ed0b7d2ddfcaf048f28fbfc887d896c08c5b3cec5f6dd9843cf

SHA512
7ecf347874bd08b88e6a5ccd36589af95c8351ae2e3cf39308941bf07d8c44a19663fc81ae3a66ded63d432614380b1b88eed22d9c93c0ee131e7474a355c05b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3633df24dc3c16bcd5750fedd715f60

SHA1
8b26df796a8d7c802ddcf34aafbea54a4e1f5083

SHA256
1ca570ea554191227f22e07f98d81fbba5d1cb2e3fcd800f3c46469527ad893e

SHA512
c976cd9145b8c5ec11360a6e5b378f7c7cb62de944cf62f05451fae45502f3a75502ffdc867a89904900e9580893972e8ffdaa3e3bdbe3759cf41f4a2e15bfce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1063ed36457f2126007133dd336dc2a6

SHA1
d8205cbe209eca7296beab78a7ee86eb658e5295

SHA256
9edb7d30f41b389cb49828a28b2f42bc688cc342a5951af64fd44caf1d137343

SHA512
39da832c32974c01d2f1ece26b4382da4381c602bde05c29c9589215f8ba1fdb37e42263758b6a59f93172b69de00cbf875a0b59cd5bcbba1381008a34f0cf60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5e06eb42ba3317cad891c30edca361b

SHA1
ad988f2c480ab0048af98b99df7d0a0590198354

SHA256
487878b3630ec37b0972da027fd2356486051b5a53d031d447712913ee452429

SHA512
ab5435cf4f1ef3d7f1f14601c47b0c23286aa7e9f9d0b8deb67ffabe45e2a12f2652796cbcbecc4b219531d70ecac9e83a305c267e65b3d52e80df9df7cc9d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
8801a50f428def86634362d2a30418c3

SHA1
e104b3c2c7b27a1e02f915ccb88ab45fadd311d3

SHA256
93df2f10a1650fe827fa0e24a815bf327e3b26596a364773a2af5211a6301097

SHA512
0bfc3d08422441ab7ec31af5df049231dd793fd4e458d7fea4b16f8b130228acdd6809b9dbb4668399d5bd4140d34a97718b24c660ca85dc9eca678d3e6f06de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4538c389bad97bd73776db0dbca4f6cb

SHA1
f5504f5c02b4ee48d9b8de8c2fdece3df22a708d

SHA256
5b8bc458eb676cc32302fe369e4a261e0adf31f8b93391a56ca055349e8981f8

SHA512
0a9a062468d67d5d95c02e328f52cf149bc2a69ca52b3a107c49617bfcd8b8ab49df5be30a78a8c1d5ae172ddde299eabfce37094e083c2dffadce1b4a118bad

Download Submit
C:\Users\Admin\Downloads\Union Client V1 Remastered (1).dll

Filesize
61KB

MD5
4aae29010d0ea0ae5218f6529179ba1b

SHA1
84cf91f53a92582ca279163737d53fa04ba19291

SHA256
617752eb71742244a371a914bbe5e65e07ee49e9bc71081a0fd91384aabdbed1

SHA512
e8d47bfd50fcf1ca43ec2c69ab1f615417ea3eb5189bf51493b9a94d6c1b06769dfb17ab69b518e704b5130369d03bec6f162cbdd8a0009a3884c3e5f13ccfbc

Download Submit
C:\Users\Admin\Downloads\Union Client V1 Remastered (1).dll:Zone.Identifier

Filesize
240B

MD5
cdac73af316685a59f71e40c2bdb23dc

SHA1
632cc6f9a05f7ae9640d8c31e5da24234af4763d

SHA256
f2806bb51d894c2f93594ecb7ac40b1feab039d7a4944c1fd76839028c2a69e8

SHA512
87ec59906d694c2cae6d206825ce8826dff066f56ed94e3bc4dc26b8ab654ec4a6b7e6abfb54eca3055805354ddf86a2e51df87a9d0c9d3224c7f783ef11a246

Download Submit