hxxps://r20[.]rs6[.]net/tn[.]jsp?f=00199EHZS4l0hUIUxTRRg16vAl_zM8-thkZym9xoX7NVTctjW2byulnLgq8rBH1wmIdc5tkye7H3rsjHRltEirBcW5X_MTs6_TBt2pouEJlt3145tzDJJJGXC5Ajiqbwxh1csq_dfUxXXe3EN53go22KA==&c=2q7mNOXm9iagXS2JoqSQZKAC7YnZyhbJDkzMaEbahoH7_RNaa68V6w==&ch=B_ZuACoBSkof2OJTi5adp2XEz5UXGqBSBcOh2AIV6GZ0RLkaYRYfwA==&__=?e=YXN0ZXdhcnRAZXZvbGVudGhlYWx0aC5jb20=

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://r20.rs6.net/tn.jsp?f=00199EHZS4l0hUIUxTRRg16vAl_zM8-thkZym9xoX7NVTctjW2byulnLgq8rBH1wmIdc5tkye7H3rsjHRltEirBcW5X_MTs6_TBt2pouEJlt3145tzDJJJGXC5Ajiqbwxh1csq_dfUxXXe3EN53go22KA==&c=2q7mNOXm9iagXS2JoqSQZKAC7YnZyhbJDkzMaEbahoH7_RNaa68V6w==&ch=B_ZuACoBSkof2OJTi5adp2XEz5UXGqBSBcOh2AIV6GZ0RLkaYRYfwA==&__=?e=YXN0ZXdhcnRAZXZvbGVudGhlYWx0aC5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295778016668983"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
3008	chrome.exe
3008	chrome.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
652	Process not Found
652	Process not Found
652	Process not Found
652	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 4416	1352	chrome.exe	83
PID 1352 wrote to memory of 4416	1352	chrome.exe	83
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 3604	1352	chrome.exe	85
PID 1352 wrote to memory of 1920	1352	chrome.exe	86
PID 1352 wrote to memory of 1920	1352	chrome.exe	86
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87
PID 1352 wrote to memory of 1992	1352	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://r20.rs6.net/tn.jsp?f=00199EHZS4l0hUIUxTRRg16vAl_zM8-thkZym9xoX7NVTctjW2byulnLgq8rBH1wmIdc5tkye7H3rsjHRltEirBcW5X_MTs6_TBt2pouEJlt3145tzDJJJGXC5Ajiqbwxh1csq_dfUxXXe3EN53go22KA==&c=2q7mNOXm9iagXS2JoqSQZKAC7YnZyhbJDkzMaEbahoH7_RNaa68V6w==&ch=B_ZuACoBSkof2OJTi5adp2XEz5UXGqBSBcOh2AIV6GZ0RLkaYRYfwA==&__=?e=YXN0ZXdhcnRAZXZvbGVudGhlYWx0aC5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0669758,0x7ffed0669768,0x7ffed0669778
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4784 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3360 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5240 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2844 --field-trial-handle=1792,i,7640382295440994070,11822735846737193101,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4bc503040f46cfa4fe884af8677cb82c

SHA1
af3d295cf52b5481ef6cc65f32afbf1d2599ed96

SHA256
e1544bfb9cdeb774c77fc1a9478e3fd72379458fd72cb98a6e34a6c39cc13e09

SHA512
7051d936c5ee5bdccfd6f69ddb08402b6bed025bb4ed9d19df1bcc1f09fa79c8ce863015382bcb75e4b975762e0ee7918902bfbd4ffed4d8663e687fe1795202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d3d5ff21dcab0e43eee22c7716dfdfc5

SHA1
f23730e17be1d7611fb1531fe18edea3e4680b13

SHA256
38906f0a98e5360ff9a8dd86e8ebd17573fbbae1634e40fa1dca982ab432dc7f

SHA512
3252ab5132fa3e85a8c28b12182887b9650f95d72186a66839ef06fd17021d1bdbcbbe3c8d4001e0bb11d0959864f50730b4390b408a90688faf08f45a5203f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7b0d64615faa2b03278cbf257f944b8d

SHA1
c675c3b5924826a8d609edd1034863a2a5c1b6fb

SHA256
bc8a4efcd5e6a924efcb96951f613503380e7439397f49dc3a9ce7fa9df3f229

SHA512
f1b5d42097b8471c9de6626f99e68413209cf90d1ecb2124cc2cd5c9c534951e7f2948d11cc21a36f6b19791c04a55f1bff1221327a5e6db5c39472fdc89027a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
69199366835dc8da188316b7427ed924

SHA1
72ada941e5b2af02e9cf8a860485a8747cd7c412

SHA256
2e89a0f690d78f14e5ca3a55ea90a994664654ffc67a8fa1c56335d85bb51114

SHA512
e4724ea5faacb3b6584c4dc27108a4d18a531128505539d0d450f9fb5fd447ccfb25ee2272dc8c3ac8205c0c97b369f1cc425fbc9d93eba2e43426d675d5f7b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
50c40f4f508f97a59a7c7322997b7469

SHA1
2da47577bb9fb2938402292c8cf40518ec321b69

SHA256
291c632a19cd584b3549c2ad286a1a84bb4b09d42c336a85f68b36e32d9325b1

SHA512
582fa86e64723b2edf8d18818ccc48a6446edb00aedb3dc32486c66ce9acd601b9c4f014f68c48d4f6a00ca3da899d26774bd18d76110dff583859ed72035f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4074b9a5c21cf21b39256121c692d46f

SHA1
fc9413c23d433c87dcc23600da52060db9423bfc

SHA256
347eafed43333ad2d9a47bf25daca6e464d37f164ec17ab61144e6b1d287b1c2

SHA512
93fa4ea1ee46d1b2994731c711b665720664d0aabed1f28c51b015d584751860e65aaf6d47c4260f6f36077eeb58983c28a5426b37bfae331b3c1de1c07b5ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3bf00dd0586046b58e5355b8f930a25a

SHA1
4e7ccba03b23e335170bf4d363cbd6b8ffd48e42

SHA256
736cfeb61874c3288dd71313eaac7779a804746067fc242211d398a99585cad0

SHA512
054b1311d381c7380c9d07c77d00c3ded5195e8e1b0ce806b054d04f06a7233e0d63b60f99832e238421ed7e5116931e214ed1e220d646f18fa9ba901320d5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d92a1c16ba7e8e1f2a05c1d354228c28

SHA1
30e6dbdc779f4f88fb30c71ed8563b5bca381b07

SHA256
ca6b498ac1d3bee441641240851629fefbd894fc5afde2068f9e84e88fab8fdc

SHA512
2f6189aad81290577e246897c357b457c09fb177820290d86ee96bc5945e4912f29c5752e560226eb994531cdeb86422f1f0cfb9e222f3ec288c034e97d8dec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
765c1e42d94c8905ee48eab14586d293

SHA1
6e3b7ff2a9024b4235b29cbe64335c074307f79b

SHA256
e759e5652992fb10c99e97dc3811d27e87f0134e49f23c441ccee2bec07af03c

SHA512
42e4be55d48ebd652a00d4ee46dcc57373550ac7510c753890d2d3cebe8d177cb5ea48cf3ed9da4546900820c2bcb541498e69176680facce418320a6d2f243b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
187c72dc3f33c1ed1f90cbde0566a2be

SHA1
72a5f354b02497c379c84e148ee7f0ff99ba8151

SHA256
8ae90e5c877a9d1cdca5253268f27f614246e01cc223bafdde14bc85facf80fb

SHA512
9bf482897d2ca4a8cf012eaf823d63573aa3947a84fa49a6de416513da4000346194d7784c4b326bc5f17404576877fcc9641696cbff9e9b24663100185955f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
c4ebb2e69092fd1404cdcb4c7d80df7a

SHA1
ac7e20383f0cff81b3b0ed315518a4ef698b484a

SHA256
3babd617c5b91c642b34e0e286ea6f2ae8a3e8ff859bb7aaa85b12bdadfb71fb

SHA512
0d2b04d3b6555cb724eb1a2fea7bd826de5fd384acd48189a53b2861aa6e8ae63f8bf234f3884a1407402cc4d3e6a7e05a42875978a68cfeccfadcd926c062cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
c347188dc68c7a504a7d1f4ee5ac37a2

SHA1
ed352a67cb62c6b7e7e7bcae7193ed1f62cc3c60

SHA256
818d095b9493008e03e412264c4583e609c6232fdd9c26cbbea99d14012f76eb

SHA512
078acdabbf70eec42940ba1ff3c62f6e7a3bc3d0e1fa7e5c389db179e487f10c40e0f3597575e668e542171f1ad035a04e74a554f56a23199a1720b064bdcfa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit