hxxps://mediafire[.]com/file/3nfa6p4pxkve92c/Ui-Dropped[.]jar/file

Resubmissions

04-10-2024 20:19

241004-y3zmmstgrr 8

04-10-2024 20:16

241004-y145catgkl 6

04-10-2024 19:53

241004-yl145sshpq 8

Analysis

max time kernel
303s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	Discord.exe

Executes dropped EXE 7 IoCs

pid	Process
1156	DiscordSetup.exe
1100	Update.exe
2756	Discord.exe
2588	Discord.exe
32	Update.exe
4872	Discord.exe
4308	Discord.exe

Loads dropped DLL 8 IoCs

pid	Process
2756	Discord.exe
2588	Discord.exe
4872	Discord.exe
4308	Discord.exe
4872	Discord.exe
4872	Discord.exe
4872	Discord.exe
4872	Discord.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
423	discord.com
5	mediafire.com
8	mediafire.com
9	mediafire.com
421	discord.com
422	discord.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DiscordSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Update.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725452190435830"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord\shell\open	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9166\\Discord.exe\" --url -- \"%1\""	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord\URL Protocol	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9166\\Discord.exe\",-1"	reg.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
1852	reg.exe
2252	reg.exe
4412	reg.exe
4420	reg.exe
1664	reg.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1672	chrome.exe
1672	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeCreatePagefilePrivilege	1672	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 4424	1672	chrome.exe	82
PID 1672 wrote to memory of 4424	1672	chrome.exe	82
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 4684	1672	chrome.exe	83
PID 1672 wrote to memory of 2384	1672	chrome.exe	84
PID 1672 wrote to memory of 2384	1672	chrome.exe	84
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85
PID 1672 wrote to memory of 4804	1672	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe8dfecc40,0x7ffe8dfecc4c,0x7ffe8dfecc58
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4560,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4972,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4848,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5152,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5172,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5432,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5472,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5732,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5760,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5624,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6236,i,1666669917312345331,13580886066186798754,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6608 /prefetch:8
  2⤵
  PID:1084

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3748

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe8dfecc40,0x7ffe8dfecc4c,0x7ffe8dfecc58
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3712,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1556
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7023a4698,0x7ff7023a46a4,0x7ff7023a46b0
    3⤵
    - Drops file in Program Files directory
    PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4916,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3284,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5272,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5284,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5276,i,10803346995060241752,16404092884013746525,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:8
  2⤵
  PID:1632

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1292

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x3a0
1⤵
PID:1720

C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1156
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1100
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9166\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9166\Discord.exe" --squirrel-install 1.0.9166
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2756
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9166\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-1.0.9166\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9166 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=32.0.0 --initial-client-data=0x52c,0x534,0x538,0x51c,0x53c,0x7ff7200ea538,0x7ff7200ea544,0x7ff7200ea550
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2588
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:32
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9166\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9166\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2136,i,11087362497805196952,7647128112740077305,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2128 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4872
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9166\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9166\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --field-trial-handle=2268,i,11087362497805196952,7647128112740077305,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4308
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:1664
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:1852
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:2252
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9166\Discord.exe\",-1" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4412
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9166\Discord.exe\" --url -- \"%1\"" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4420

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Ui-Dropped.jar"
1⤵
PID:1432

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Ui-Dropped.jar"
1⤵
PID:3048

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Ui-Dropped\" -ad -an -ai#7zMap28807:82:7zEvent30392
1⤵
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
eb942bdb6305f3315f94ae3c05f48dbb

SHA1
7674299d7f21d68d74ebbcb1de993f2c99ea6a1a

SHA256
e306a68470836c921619dbbd8ec7c697a25625402fc95add71250d41231787dc

SHA512
1509991d75b19506b3c4fbee4b75b5caee8e5f1ec7c810d4cbe21ef9ffc32b472851c25da616fcf8cdd9a4b4e57bc5625eafa3d1803f2e41c888d449a2972c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1393c90d5846579164eb735bd795fc5f

SHA1
ac12566f7820e3975f8e54d2ec1202bf632308a0

SHA256
6f05a6419dc27d6e4a568158903ac41f1cf57b75e7a2f9e2624bf3fb6534576f

SHA512
edb6b02b1e957eb1d825ca5820308a186f2ce3208b0264188e82f7d73f009962f6bc9e13111fd030804fd50cebc332ea5945a26393ebd9645c4747c1bfd428b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8ce3889725ad5e33643a01b7da31bb00

SHA1
771d7f2a842e7ba521f1d6e71a91f969e506abdf

SHA256
f2a45d565adc7c24b158b0b1109fe066947e73102d2f2dc252c899c2d70fb10d

SHA512
ffcfba50e31d78df06f2759c548f73e623b20863de2d0c3f3e202a8995e63dab39ac5b5e456810264ae393b9c9419e8d49c454022429a83ca9a4237caaabba77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d688bbb228c07b775f4bb1b9b0e7dad5

SHA1
20cacb7aab3ec8138998772181b4730a8861edb9

SHA256
a3837b6e3fdd52575e3efad7b8d69746b6852441efe1131a72beb86281965386

SHA512
63ad8e85fa75e11516d3bb5f5ac1c286b860bf67ce57a04c4e8436f85324bc8a76bba9f4cafc6e980b07a4552a6036b103e1ef0b47d5206589ef9b50e8e59081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
bf49ec473672b28a7d4134e1ac28165b

SHA1
2c5c4cc7a471de749207d9706aadfb95829348a9

SHA256
2639c8bbe347aeee10c1b80733a7523dadd3eba3cc993e340a258070aa08be23

SHA512
ea21c4c4ce83924d66cf1676c96e5b1a1b105906828cfad63816c0f27818d9225338919be97c8c172b38909362a50519a932f1ff4a884892c1874eaedaa23a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
2765f3d1a2ff0c225cfee8b2a09f6019

SHA1
dc247de2c847c0ab6e37bd2746985311b7579a4d

SHA256
71d96b8b6b8f2a79d57bfa8865fc8fc708cb80561991e56680ecb342caa1a50c

SHA512
24d7902cba5887bc0171958069aa6be1e7c5aa5207c49970cff3ac0c5f1cb1c89c314aec0c87b9fca9998f7c951ab3bf1d0cac4be8d3bdcb986cce9fd95e73ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
72KB

MD5
1a8344e7ee4a541a2faaacaee9d3bb47

SHA1
fa87e2561c0705431da913f418686569c66f7e2d

SHA256
9b06c6a74a249296219735bc8414c98402653743cc7f18579a621ad4056f761d

SHA512
71d9305eda908e86cb98e60e3af9e2b1d169336e430cf209f1cc2dc153e575a87546508c0b042aee4b4282594613f0853b95a06b8595ae48f0f20502d8811e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
19KB

MD5
4a16f187304032b0f4ce790c8028b3ad

SHA1
9cd01d66eed91a7efa273d2e1df7ef9908d15cdc

SHA256
641067fca9fbe6daa4838507c4776c14217999c8ca800f5b968841db84fc431b

SHA512
1bf96f3798ca57789cfc9ebffd30d28f3e68d5a02f48be8c4945341fa05f9a0b12bbcf1312c278622adef358b6804b0d0fc38db07585194bfad824edaca1febf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
84KB

MD5
84cd42057bc6f8108d664845ebad4bdb

SHA1
70fe6390ba87ff8a454a77b71599eb775a47c43e

SHA256
6b400554a82421d9f3c77cdbe022897f850fa08b2b328a6986ec79bffe61945c

SHA512
b7c92b4f05af07ce855cf0c33184de8bf0bcb15e84a448f214572532cea0dbde85604a90b95f12b0599407c5ee38e74f590d1e8af44ce8c34b833ff4a5193cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
109KB

MD5
f5980d1ed12fbb40ae768e43b7669e10

SHA1
addc2790f8710f4f7f6a5d8336fc93d757d8d6bc

SHA256
888174ba7680cf6cf9c34a497bf809131b43b31c18574ada9a93bb0813997c52

SHA512
8c76957db55de92e10ae504e1bf373f76ffc8c0395e8e22332a1bc4ef8d61db6b2f876edf50f10cde137148d5ed1d97020961968c12a12c20b952a5de32a3d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
54KB

MD5
3e2afd6771ffef9f354fff62f15a97bb

SHA1
8a2faea2ce4741cb2a92d4be313043d401c33c87

SHA256
18023b4c275231163bdfe378dd1e28b3c39ba8876d528eda2be75a99bcb5ca77

SHA512
15765121d399b7474609280d1bdb1a9672fc7b2996277cc8fd9d26d5127ae3d301177f093453cf282dc1dfc119290dde11238443925f0c1f29a82e2db8844ec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
43KB

MD5
8197298a67bab8c56526a894a0845295

SHA1
65bd3b5f7592293109aeb419a3f6fdde6a61a88a

SHA256
b033cada26a60144ed6dd748823a56014a87132aade417061c713d28a23da13e

SHA512
c248426f7dfc4d9f0a984f4e569ff1b6afe4b6ec2d5424cbb1c331d763b654d668db4699cf711a99bb86791b520d68f10a60cdd60c45b5abcbd50eb35c3390e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
27KB

MD5
5a8d071997461385403136ae56fd366c

SHA1
9687a36c53725f29b7187539aa9a1feff6ca8d30

SHA256
16f9e2a32d6b1765bf3c20209a0843c483d57c35dd35c467f6cbb6f2fc073509

SHA512
f945f45c4c6650ead4b5595ad8ded997ec42fef28e9795827dfd16bf4c850746f2f5efb28c656303e670b3bb77e75aa55fe6a061443fab02905e2d03196e7775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
207KB

MD5
75b4b7cc3178047c09aa397facaf5d7c

SHA1
9cea223d16879403a254e4465e221c2209f04d02

SHA256
626822f81f890f9d5d9fcbe1e25ed1039d9eaac45de41ab09ea0a092156726f9

SHA512
bd6d68d26b33cd0e38f0f24a41afe980a39220718ee28c0b1ab479f89f9fc3b98a16a59104578605e499f0086058b9b30808b8c3043a082acd49b03033bb71be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
22KB

MD5
87a963d8f3dd6e2c632225b555789d52

SHA1
5c4acbe1316e49bc4f19a3ef4d63d049e433558c

SHA256
13dc193bf0f7b1edda3ba73b9afd6b7450ae7764a52d8bd6a92cf87f47761703

SHA512
7bb1e781b07ba09bad1e7745266944da449e0c5da7e1b6a092bd18e4f9206c883d528b54a3ee9985616e593787ac48812e0cbe743038231c88abf5e9616f0e61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
51KB

MD5
d66d705d5e942a03f36fcd6023c3357a

SHA1
982f0a4b173db8e0c132fbac116b015a958d6f64

SHA256
3e3b862b2923f39841b2654059fa9a39bb87b961935ac34cf5f5208101b377b7

SHA512
f3858e25fdce949ba2734fc84fb98eda59d07664045e763c8748d1854a8b03272a6e38deab86296fb32a9897cc5c64aecc69537158380799bfe9ae2fbe776679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
136KB

MD5
ca5aaf77fe3549a702172ad75483f20c

SHA1
8c412e39e6639bba86ccacc402e601ef85d76e8b

SHA256
a7ff74280eccc44c97182beab45592d5097a9d054f04b78efc55a7148c45ce83

SHA512
81d34d8fbd8a7d1aed99544afe4194e9238bd4140e0149d1a85b1e8bb6ef7c260625070f6b36598674d417958f5277764b9a8925fd0babbdb04d66a631571ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
32KB

MD5
650d900485c017d1623358a423d8499e

SHA1
9f5e6aac683cca1a35f384eaf67096283566475d

SHA256
7da4dacbb8577696154fc70529c2f13658b5b832fa6d3201e9e3a55cc366c50c

SHA512
db6cc7d1d3c40296e56505ce9722c823e5ae10ac7862c5cbc8652feb0f6957c58ce17b80ced69362462a25d82c897a8c0ca5d39b6c462ed7969032e4d8186773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
72KB

MD5
3c8aa5cdefe5f7820691760ca2293cf4

SHA1
9a5e8a92bbfec460926851b449166a5f81ba05a0

SHA256
3eb9564708d6479dfd40462c4c0c58cbf737a7261155f3f2d7d1160d4c1edd51

SHA512
41baddb6d5865bf252f1ed08a37d6544b068ad19d02765685ca17d7144095e9d8ac6d278918f08c988917bf1f659fbdef9542db11dff3331e9c5943e09ddff0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
20KB

MD5
f730bff0cf8edaeb2843488eb25f2871

SHA1
f911d18a07b3dac9b6cbb8562e4589fb034bc31c

SHA256
e21091eeb35a537a27bdef9bfa0952083e2cc4bf8fd622b8bb5d4757f0eac12f

SHA512
6f5b0a66135b227f36cbbf4f0a2c5af95887a92ad4b59937cd1168d35fefa8860b2a08364f60f788b52c19b49bef3282edc70ec63d7b5b29a8d6909d3aea0e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
149KB

MD5
5ee744b45a0b750b00065a7b599b4c31

SHA1
5afa5d067c151144b9b1d6a9956f9f5bcebf39b8

SHA256
94b2e7cc9d12c51a05c83858fa59a828462acf00aa715ad47e24eda5bcb629ed

SHA512
f0d00a873003f39fb9b29527843b4c191e2083b5d5a5aab2bf69d1a6c057df846610a29302fb81655f3308a96191ee82ebc201609e1cf193a89929491fb7c678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
125KB

MD5
53436aca8627a49f4deaaa44dc9e3c05

SHA1
0bc0c675480d94ec7e8609dda6227f88c5d08d2c

SHA256
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

SHA512
6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
37KB

MD5
f7bb397be4dfbfa13cdd90517e93e65c

SHA1
285073b9baf7d3d79eaeeccdf77f28229857a793

SHA256
9e7cd786b811f5049e9ccf9f4189f4bf22b88803583df816b853c2e94c85f48c

SHA512
dbc5c4b823477a1820cd2ff71d64403e66b488ba466539d6c16461db7af7e6f18c756fd9a1801e5251cbe3fe95b2e61164fc45f6ddc6847e67e8e2cd6223cd0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
78KB

MD5
82e0b620c29ff043d6f2a40df177835b

SHA1
6e19d04e12a1c982d9f2ec9d05a1044f126ed93f

SHA256
14dbe3e1629f09c679c2c95313e130c8e9a26321dd68390f70c8a95229e8181a

SHA512
e11d1398e020d27ac9d59089a2cea3efa5669ccabb214028ba2400c1991e4bb79b08a0a655938e94a11f499f98c5621460952e59c05d9313c3330892c2cdb183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a8929ea40b9c5e6e230f42a88a37ae27

SHA1
5ff9770bb8e07fa66a82f92de239057713903e51

SHA256
f7139e04d6583fda3ee66a54bde763a244b9ccc33d6d22d5cccd6626ca8e718e

SHA512
15b056c60c0994baf3130708e75f52beb84fb3476b6e8a2c24d6bf3f1af3d0d43e2db49e69f41e39ef4de905cc37de9834afcb276be07f56427dceb4c297029f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
20adff4d2f664c912fcb46defa773f41

SHA1
c980a5181d4bd8cb707ac9bdbd68507b076e2ef5

SHA256
009aa86d6c11275151b432ea0f0b6ad50a86376d336df1f424867682b8e32d62

SHA512
5f23221107a80a8553b6bfefb0d2ae4d4c6b268761f6819be3c78b8747ed4b5278bed8cb41367cdbf230a9776d547620af9f684803d37a62bc054ec3ca1a25b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
679c662fd352515052be859544885f0a

SHA1
ccca1cc568e501a8a11604a3fdc5535dd328c963

SHA256
7c6c1c6ca4f75c13d5bbb1a98aa04433fa2859daac6c41699f4f155ee660582b

SHA512
9c7d51ce804b277e15772bad704bfa02265d334ea6fd7f2ba1e6b84a3217150f1b2273b9e85c9fa85d4a806569bedf028457fa5ce7960f4bf4c6d260f0034af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
4dae7ead73c3836d6177efa5a88bb7d8

SHA1
5e4bcfb16ecf3c2256fdd17a0de7edf405008a33

SHA256
3bede8185da137054aac7981a359287b78003f133fe77fc9926fb6b531556523

SHA512
03ecbda6550c8d407f85f63279c5d142adaed8366f1d53e31ad096ea2238d6931d96b387d21a0a85f2e349070327a3bd1bd9d99a313b29911ceb366d8abacba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
2KB

MD5
6074f825a4de4b02b657600993be3c7f

SHA1
b8c3c1fd49096a54b7791db2c465c332d28f6b75

SHA256
67cab47b37208e9453715a4c40610c64a261340a0d3111fcad27f46361be4ae6

SHA512
e7a5a6544cfc80726d1e43bf2365bf18c648c1993433041af358f4fe3c83dd77fbc55659e89729e4a7c6c28c3d0c00ad0b24736ffce31c388b785e34185516da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
bb491c69f88cb75af04a375a4d569673

SHA1
0667cc734c92ca019bfdaafff8257d728f32f421

SHA256
816edcf25350ea2216ba6a874a563ade86cada49358a270099fd28d68b90ca76

SHA512
ac10080c7818a7c8ab0bd63636ae8dca15966db5642d0fef913d6d8d4ab132a9825260392da590ef290372efe8fbdeff8eb93a8556515175debf07d89ef3625c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
32KB

MD5
bd551178025cd62de700bec204ed3bc5

SHA1
22adae5b109af26b9a544c86352962527f0e143a

SHA256
d712db8117a2fc9fcb1877ef32670e9b59925b29e2d34319c5531e8fb47a5967

SHA512
f73a90eef90c5eb35fde44d928ad3e2454e1ed5f293e963b501797b07a4b469cbbe81d89446fde439f2fa83a40ab8e3c6d5320c415116b5a2ff5e54cddcc6425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
e50271dba33913cff1ea4e3c80e19310

SHA1
7d6e4e25fdfe244b24521c4fa517ce0976fb6bd2

SHA256
a857d9b3a072d2b5840bb3d16e0b36740a8fd01c81413f0f68ef3ac991e8eaf5

SHA512
5b65836b6541e25f39cc6373f4262b07f2fd0bd5b720eb2bfb59f4dfa6e94fbc777dc6e2cadad1965d29366d382966175a3a9636045a07d39f8f74fb1b149277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
093b432fa307cbe0e844768db2301e0b

SHA1
4f790e65b758a5552dff65e384e1964a9caa4f4c

SHA256
7ba1a01644d15b4314e94adfdaad7ecc22397ef4d5d72365b0f9c7b2185dcbf6

SHA512
5a3d347eab60cfeb77b92af92ca182c22ec6b90b0109176a4c2318d335698ee12b761ed5bf09e64f7bfc8acf75c8fb713dd7a999752314cc423991ca123db817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
9126d2609442795bd49362deea279485

SHA1
be7f2a15d7d9f3a02312d6dfd38f1dc6b2d28ffc

SHA256
441cf5f55dc0030064383e1b08d64ac30675d5db00a37456ecebf376505b669a

SHA512
2528e03927efd57dac73da0f6108e0b2b87a4ea64d27af32f65d13e082db97072c1081f1420a4e3b7b813c62709cbf1b48c5680b0d400f3ec6096b218377d2b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
d8f831d564db9a787a7e9935f48b0726

SHA1
c69133cae95fb5b8490ccd5af3d6a221f5b84c0a

SHA256
f145067f9e0d81ff1924f3c251f9784ac5fd6cf3d950cdbe7e000c0642b25715

SHA512
5d0aaaf9c035ed704df5f1e2de78c7e70c6e93c755a31ce586122a2328a491c1f4171e858b6a3a5a3b5a43b6e1af5b8560fc631123b35edc577049efbd66dacd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
232dbfc14a6a334cd225c6f3155f0eae

SHA1
819ca0a7e459d5ac052ee14b54ec8d5ce575ec05

SHA256
087d82bbb7b58d419e3c0b9049e3365115adbc30bd4e700fafed7ca21e8bb0d6

SHA512
b76043964fd06aecca74d7e6eb284e97959d75b5721a23cd94e83088a394a8caeda257a49931b9f8660efa8cd35607479073635d4352c4200089237df94a09e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
edc4a3e76acbf27e380b7e72791fb9c7

SHA1
d258d1f1519554515b8db1a20525f70cba798227

SHA256
ce483ad769378b4e8bd90d939c311256fe07f19e59af5e0c4fbd15b0f8cd6d47

SHA512
20dab91d6b01ab4ffebe40aff7b0e9245bdf93c54da888627397aa12eac09ecc620d3a6c4a699db847dfed936eaba00e6d84353f7445d86a2b612a524b05b8b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
465f288c1d89fe9a189affe50b783e4b

SHA1
3c91aa706bee9be8ed8c9aaf8eaae4845516ad88

SHA256
75542cef9b4eb6d2da46bf57a0eaa1dd5a1d839241ad6f6fdf910aaa5d13985c

SHA512
447ba47c1974f47c0525aed1eed81d1bb3a9d656ee8537db67572b8222d4809080922e4ae22d9bb01e740145b91566d6278f2246cb685109bd4c3a06af807749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b6c164da00226c6f4505772ccd7dc7a0

SHA1
539dfaf9e10d1cfb0a9c9f0dd5fa6980dc5f7142

SHA256
216a179cfa7f8318fea8cc40cbd95fbff4255c2c38ce7119d860136f54188fab

SHA512
32e47b8405f5280d5d1bcf216a2dfa7e1757f5ae2c57700a7196f4b78eefd8291afa6fbcdce8626e6fbbf8567d87060af7570cf7ead57ce93c6d6791a08e16af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d4a6d574f759b6b33a0d9f7bc5ddbaab

SHA1
a3b0d9d6e89603553c9f6227f8d4dab9c61125ce

SHA256
f9c0e75b06ca6684e380bdeda17ae6c03077df8530a0ebf7ebc1cd5e9c0ca366

SHA512
37cfd625dcf926b03418836fb9c5abaee1545549eef1e741e984ff8aa4b84f8c8ec700a328d37ae384fa2bd8d94b206d681b32f005992f999e80ab3580aa2e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7283212328fcd0586aa4a23b8647b6aa

SHA1
c27ef8f1f7d29afcb7837b092aa863ef9cfe9dce

SHA256
9d7f124db09a418ea97fdb9957568526ec6feba4aa506827162c242ad8637e16

SHA512
a976c7f9bdc7ab8bf76ccd4906ae848f13b6a4da842e01b4d09522538a6b8acb311fee65abfe11593c2a225671e31e964fb9022eb0944e21a8633fde828a43c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b74abe5b80db2390ca7b8f0f2ebc9be6

SHA1
cd2dbb22a979c6ebd3bb94f479acd9c96b81f2a4

SHA256
60eb2e07618ad10cdd2cddf374fe2f88f96929b3b94424bce6f7a24587e5573d

SHA512
555c20cc2eb8aa16d2c967bbb4deafd276dece114d7b8a6f270e5f9919b04bd288bdc5c3be5e16724c0bb75106e4cedbc6e49b000729968d9f55286953617368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c015e4aa14b6ebbfc61cdcf19bbd18ef

SHA1
240bf2d477715149cc922572cf5f9083b983e0a8

SHA256
3f54e1c16e21ad50b62c5c6084304728c3a6134f4029288f0227460c9f86ab32

SHA512
c27a3c1d16fafdf418529149a952cd9b28bbb44e1e44f51e534536b144f61142ee93b2fae3a42c16b6e05452eee8d1e077c04654c225229dd3d3592214727997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26fd772fa9ac6bc7bc2a40d62d7ae285

SHA1
3e80d56dc23374d0bb544e790168fa7a1e185393

SHA256
8aa3095b520a2bdd517ba11ebd9824b5b4af95ba950e09d06d8440821951419d

SHA512
d69494d03fb508424d64d2008280ccfc83bce847a4053bd3de7785b02ce089d2fc3a56b2a971d94406324eb723bc38cfaad0f29b0d031b640f8a562a4edc3ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d40f54f342b90d66cfb5811210111822

SHA1
b36fb375ec3dfd8360f4419a4182d27f1325e389

SHA256
a17bed6a5d1b41193959dd25bcfd723843bb42f09690cdeaefdb6abba0665d93

SHA512
99586c2dc8677118e15039c157c4e23e0ec73055d361ab33f4357ce8424e52830a3532e806a22db08d4f9cb3a06ed86d01f6db52a5ec68e9602cda92528fe94f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5763073b7e205a63cb2056f40e6b434a

SHA1
590985a51cb7d5cc23022d69856a273c2560fa75

SHA256
09b452a207c4550304852722e6d6343b836ee5d71e2a9ff4e10819f1c54faf20

SHA512
a4eb8844589a3bdcb7ec1bd093da230953340c3ac5625fcbdafe2016e68fedb7371445cb0528cbe04a1d0c389693c47d7afbfca00291c2454327f3af86fed806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b01573ca5a66b1d72ceadea38e560dd8

SHA1
6d9dad2d7c9a15d0fef86d8f5c3bc8d4bb274013

SHA256
6bd8ddb1e1d6dfc8094040d65bb7952c0a3670c6f422f0e9b8a194d3b683f954

SHA512
6ccd6b85c13d789ca12297e7d1d8d68bd79f805702730ed7020e2946b399d77b2b8050aba11b44f0624d8f2abd3e4c65b9c63fea5c6849e80316b2b8357f6825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
a29fa5a98ff5b4abc7cda12603b72210

SHA1
aa53ba0be7b87c905dfaca43dc631a891504878a

SHA256
79bb0654397b43eec2322f5a7f9c43b43733c873c159082441aaeb44d71ab00f

SHA512
4a348d46754a15d29e75af6d98738cc48f5e9f902d9de7bc48c9458b0d8f1a8442701ecca7005974cf9a081d4e2ee882800fd1b02958b7d5e79235ad0039d17a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
c3d8820a70b56bf4a627b5de2cfbc7b6

SHA1
80ad15e8549707d3e793a6e0060a40ab774616b8

SHA256
8f327f055c98679a224bd336376dac07d4ae0e06b1350eba01786f442a63c3f2

SHA512
ebc49b0460d9da8ceff168ea6fca2adc26d8508a7a3ec4548aa2a205ddabd45d4dc2a9970774400a920274a7c43f7b6f96044b376914bf8bfcb89ec3b3866601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
67a88e2d7e81e908782c1256f4978b6e

SHA1
ef89643bfc60538fb72856a5cba3fe3c3a384865

SHA256
7c8137fdcf0a64e16ca48a9f1e9564aa1c2ac2704e64aa463c99d714274ba308

SHA512
15a240ed0a5f0f8fa5cf7c8990cc8b5772808bd2462196290ca1091acd2c3491373da7341087b84e80cb146edf53779d6ff3332d272192cb1d599fb6225941b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
0bb426a376a469c9d2e328d47c4fc63f

SHA1
663e66c7734ad8a268109d5818c5f67ee47c75f2

SHA256
6e5cda7aa1b0b2220d8fcd01583713179c6d8a3e7cf0d91ef88a18cd3310d9b5

SHA512
2b11b7b3e1cf85eb67576ecb0eb7d235d4df601adbf435f5ebf205fd48dd31999656067cbf4039d6752e7e8780a890f5ea2b32dd067b24cbdd967c9bd6a2864b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
fc8ce4e227da34f71e208aa563a9528d

SHA1
fed0cf7b7ad590415e21f97d419a9c6276d477b6

SHA256
3c1ec78263f89ec1974654a3eb30b99bb72c2bec29e00692985f01acf298e105

SHA512
344b763017d5e77328e8f50382e26c194e18329a72dc957a298f4b0766066f792ddea17a106b92d07658477c6d6dd83a434cbe27b494bdb1fc6d7029d0816c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b8a88b2a43a550abefefed5a02535815

SHA1
2cabb048f5ada10dbf66e4d6a0a8c02b580e6601

SHA256
4bd5486532201da6e58e45a1470865f6ea054bce16a0cd3bb59a15d955da38ae

SHA512
f4b05cb61d21af4fcfc5c9e15c02d8a3aa19299e8c71b0e87fc2904339bcd7548d58be21a65b919b64232c28b85d57493e8f6ad08ebd4bfe1f6e202079e07898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
c852f3a14b7778fc8fd94d00d6e7d74d

SHA1
f861d914b1d7e6bea15b6a9f082552beb4b18b08

SHA256
aa04baf55d3d340eacff5ffb572006bf446383412fa61f6e8b4c78ed877687c3

SHA512
cf51ed81f80a152a01c2659249f1de1891663591dbb0687069f7621a128057a6cca90f2e45cd282601c2c8a207b4b2d67a9ecdfdd44d06de5b15b6225c07f882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
5603e93b213387957687ab417685e2f1

SHA1
c9e36c78142f0e46e49a605dc79b7c1f57363a84

SHA256
413215ce40583452a78c1c39fab2a604ab8edf3090c61f1ca8c7133540ba20ad

SHA512
5f96ddd526126df4f34c4b7bc58466c0b700743f5e05c4c474f66d07b69812fd4c819cec1d912efe8b080b5653eae3b049ef80f36243910abbee88a8e7fa1ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
23435287b27d8827e81d522d8237fa02

SHA1
8d0eb047a607847e788646d3121c5fce68a08c16

SHA256
a88184db8b2cd01bdb42a71caa549827fed67dbbe456f20d708314b404776e8b

SHA512
c4b541b748a4c344e323414b57cadfe7a1ccd75f30dc6712d643546ddec672d80ab9694409f4f870befbeb3e57c01818d5eff4a5d9afa9753a751ac58f9db28c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
47dab7c9cf4115ccb789347ba4c46a06

SHA1
b989e26b1efba1b0c70b589f75e8eb0bae262373

SHA256
06b538424f98a66881488ea4ecd4fece5918c51bb695932c3593102f23eb1f29

SHA512
6ec05f23fdfdf502e60ad246b064d392878e957956241ae1a4caf970bccfb2d42a4365dd5ce58c8b21526e5b9b8657f447a42598c8646b6608a61db4b8c3816f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/32-952-0x0000000004EF0000-0x0000000004F10000-memory.dmp

Filesize
128KB

Download
memory/1100-933-0x0000000013CF0000-0x0000000013D28000-memory.dmp

Filesize
224KB

Download
memory/1100-934-0x0000000013CD0000-0x0000000013CDE000-memory.dmp

Filesize
56KB

Download
memory/1100-932-0x0000000013470000-0x0000000013478000-memory.dmp

Filesize
32KB

Download
memory/1100-752-0x0000000000F20000-0x0000000001096000-memory.dmp

Filesize
1.5MB

Download
memory/1432-1024-0x000001A2CB300000-0x000001A2CB301000-memory.dmp

Filesize
4KB

Download
memory/3048-1035-0x00000274CA3E0000-0x00000274CA3E1000-memory.dmp

Filesize
4KB

Download