hxxps://u2307933[.]ct[.]sendgrid[.]net/ls/click?upn=2lv8SzjGSDMWhpuJ9sfJM4lHz3WcypqHcuUvOiQ8I40Rhj4I2yMXm-2FmrvVYUqsnQvzLHttpJH043uQHfJH80qzQ8VxqDkU7S1wtsjD665rfnM4takP2wX4CnbMTdoFkIHIaca1-2FY5dddrzz0-2FJjn9iJiQ275aUo64-2Bu-2FGlG6YTGGh3ufVazrVanFRZGWkJEIgubf_Ssv3vXkjJC0NYsncKn3B1EcRe-2Fh24f3o24ozVcZ0RegHO5Fk06Uk5FkDRBXhAq6j-2FYG9ahMFuNUNhJsnIgp5mvMJ-2B0QodEdKvouEUCoaiN-2FuacEqAxFFENdbMNxIbJi7icj6But4oAmUXk5NKnlV1Ddzle0qtq8Qo9-2FVqm-2FVMwpfZa-2Byz-2FFTnAkMPWEExy460-2FHqaD-2F5guZ4ibQokSzDlLLODDQu8xA-2B5HIem-2BjGID5Wbepfw4kUt1Lzq7y01lw3KjfhVGwKoP4aXQc2zWbF6YbnJhBAo2iIGp53VgvTLY7Hxw4rTYngK0DAXnsJd30tqEWAy5qEXxARyIEcpWfQbJABEJWnqR1VaG55id6bujk-3D

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2023, 19:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://u2307933.ct.sendgrid.net/ls/click?upn=2lv8SzjGSDMWhpuJ9sfJM4lHz3WcypqHcuUvOiQ8I40Rhj4I2yMXm-2FmrvVYUqsnQvzLHttpJH043uQHfJH80qzQ8VxqDkU7S1wtsjD665rfnM4takP2wX4CnbMTdoFkIHIaca1-2FY5dddrzz0-2FJjn9iJiQ275aUo64-2Bu-2FGlG6YTGGh3ufVazrVanFRZGWkJEIgubf_Ssv3vXkjJC0NYsncKn3B1EcRe-2Fh24f3o24ozVcZ0RegHO5Fk06Uk5FkDRBXhAq6j-2FYG9ahMFuNUNhJsnIgp5mvMJ-2B0QodEdKvouEUCoaiN-2FuacEqAxFFENdbMNxIbJi7icj6But4oAmUXk5NKnlV1Ddzle0qtq8Qo9-2FVqm-2FVMwpfZa-2Byz-2FFTnAkMPWEExy460-2FHqaD-2F5guZ4ibQokSzDlLLODDQu8xA-2B5HIem-2BjGID5Wbepfw4kUt1Lzq7y01lw3KjfhVGwKoP4aXQc2zWbF6YbnJhBAo2iIGp53VgvTLY7Hxw4rTYngK0DAXnsJd30tqEWAy5qEXxARyIEcpWfQbJABEJWnqR1VaG55id6bujk-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133258073005489309"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
1216	chrome.exe
1216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 2124	4648	chrome.exe	86
PID 4648 wrote to memory of 2124	4648	chrome.exe	86
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 4428	4648	chrome.exe	87
PID 4648 wrote to memory of 224	4648	chrome.exe	88
PID 4648 wrote to memory of 224	4648	chrome.exe	88
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89
PID 4648 wrote to memory of 1432	4648	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://u2307933.ct.sendgrid.net/ls/click?upn=2lv8SzjGSDMWhpuJ9sfJM4lHz3WcypqHcuUvOiQ8I40Rhj4I2yMXm-2FmrvVYUqsnQvzLHttpJH043uQHfJH80qzQ8VxqDkU7S1wtsjD665rfnM4takP2wX4CnbMTdoFkIHIaca1-2FY5dddrzz0-2FJjn9iJiQ275aUo64-2Bu-2FGlG6YTGGh3ufVazrVanFRZGWkJEIgubf_Ssv3vXkjJC0NYsncKn3B1EcRe-2Fh24f3o24ozVcZ0RegHO5Fk06Uk5FkDRBXhAq6j-2FYG9ahMFuNUNhJsnIgp5mvMJ-2B0QodEdKvouEUCoaiN-2FuacEqAxFFENdbMNxIbJi7icj6But4oAmUXk5NKnlV1Ddzle0qtq8Qo9-2FVqm-2FVMwpfZa-2Byz-2FFTnAkMPWEExy460-2FHqaD-2F5guZ4ibQokSzDlLLODDQu8xA-2B5HIem-2BjGID5Wbepfw4kUt1Lzq7y01lw3KjfhVGwKoP4aXQc2zWbF6YbnJhBAo2iIGp53VgvTLY7Hxw4rTYngK0DAXnsJd30tqEWAy5qEXxARyIEcpWfQbJABEJWnqR1VaG55id6bujk-3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffcb0009758,0x7ffcb0009768,0x7ffcb0009778
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1756,i,5918153134203823326,510559361842964642,131072 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1756,i,5918153134203823326,510559361842964642,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1756,i,5918153134203823326,510559361842964642,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1756,i,5918153134203823326,510559361842964642,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1756,i,5918153134203823326,510559361842964642,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1756,i,5918153134203823326,510559361842964642,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1756,i,5918153134203823326,510559361842964642,131072 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1756,i,5918153134203823326,510559361842964642,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1756,i,5918153134203823326,510559361842964642,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4732 --field-trial-handle=1756,i,5918153134203823326,510559361842964642,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1216

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
073ba660bf85eb05cd2aa15bd0e826cd

SHA1
3dc6c075f4390797de07c0fb6a4640c0c8357e2c

SHA256
7e1643644df4508aba838270b12a65dbe25553a892552249c8006c4cc6d9ae09

SHA512
43de4db709fbe3ecde76e25e924fcd02c4af8de40647ea652aa06a55e8b776a71abe15277129b98ff2ea36bf2441d62107c6f8e79e96ade5f2981326e4f6a943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
467ed430824f446e1c7173ef9f2e0c67

SHA1
82d1f0f590ae83fc8fd44d8a2e70a4167e632c41

SHA256
37b18595d59a224e5719c6171e96e3368063920395bc3b1ef4160dfb7520b3bf

SHA512
fe746b8b6e6d4ff5ea54e665af1695a6696c80931f6031ea89ff25d7fd30ef80c812ef42d069f75b9b66811aff4d29a25b89670e1156ae95e395a4bb945834ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6e35a219b0d8d365f196b242d08684f0

SHA1
66ba697bbaf19855ad858f202f35b3806532aa27

SHA256
fe16cdceebdb12a264e33eed625a6376a7a07e1f41d513b7b67c0d1709e3a04f

SHA512
61cdc50e58cc34dc1de1e0949227eb15d3c3be290bb0fde66cc0ecba7dfaf5aea991d0da703e1742a9dae0071bc9ae1cac991e70b92ad8da5b67edf067007f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d81eaa08173521f04c90923b289ac04b

SHA1
9b83f33e4982d139a147596c6ff54ac47e78858a

SHA256
bc2aaca80268bbd379a58f4b7821cd53e9ea484311ba8a6b048c949281ef3427

SHA512
49feb9d1542aa5f1a9adab6cd6f67d5929fef55663675eafb30bca01bac23bb2914cc7f044e9a1572c4a13e02080af2f77b37ba447b4d3a35678f84b7c6218ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d580e0ad19380be41aa8424513eb1610

SHA1
39a455c7cc5b1c9d4bf4a1327aadd17d7af0ec9b

SHA256
aaafdaecff17809c2fa87305cb78e2fcee41b6eefc2ec9bc0e9f7d9587180a07

SHA512
1410ac66364ae5b927656dad0332f1c8f51f44a495c801e8aa2698e6c4f6cb3618f921a7fafa8fafc874122207ea38ad17b2249da05f9df22c0ec9f0bc50f926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e92e8a38bcf01993fbbbaedf9a9cc088

SHA1
26f300ec5bdae7b4f24003305ecfce0bb4a602be

SHA256
269e2240fb60bb9ecd9ee16b21ac2379eb91971081abb28377a83d3eeeff03e4

SHA512
0ee07510c91399d871aa0ee5fecd566a0b0b44579e5b9368f0b138fdf7bb609b5210d07ecbc648256484100caa2ebc19350d6cd6b2b2c1f0123edca025c3d08d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
490541e81e2eb2a586cb41454d1614d2

SHA1
44d68166f308d2f0c4aef1c39d5ec8b6862717eb

SHA256
e268f49fcf4365139dc8862e8c4df61dfc2448832dc16a29a105bcbca6ded8c1

SHA512
5f1ee092d9b69e1a61c8e34521695907ffd315fcd8a3eff9a6b68c31901c8b336981ce27c8f59b7557549abc0ea1bb57896d3e928a8e3f4878a6e00413a1cf13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit