hxxps://mailservice[.]assistcard[.]com/TrackingLink[.]ashx?IDLINK=166&IDEMAILLOG=41929923&URLDESTINO=https%3A%2F%2Fclintonritchie[.]co[.]uk%2Fcli%2Fadmine%2F%2Flcf24MH%2FbWljaGFlbC5qLmRvYnluc0B4Y2VsZW5lcmd5LmNvbQ==

Analysis

max time kernel
300s
max time network
278s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
07/07/2023, 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mailservice.assistcard.com/TrackingLink.ashx?IDLINK=166&IDEMAILLOG=41929923&URLDESTINO=https%3A%2F%2Fclintonritchie.co.uk%2Fcli%2Fadmine%2F%2Flcf24MH%2FbWljaGFlbC5qLmRvYnluc0B4Y2VsZW5lcmd5LmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133332070246364993"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
2260	chrome.exe
2260	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 3256	3968	chrome.exe	70
PID 3968 wrote to memory of 3256	3968	chrome.exe	70
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3292	3968	chrome.exe	73
PID 3968 wrote to memory of 3308	3968	chrome.exe	72
PID 3968 wrote to memory of 3308	3968	chrome.exe	72
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74
PID 3968 wrote to memory of 2328	3968	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://mailservice.assistcard.com/TrackingLink.ashx?IDLINK=166&IDEMAILLOG=41929923&URLDESTINO=https%3A%2F%2Fclintonritchie.co.uk%2Fcli%2Fadmine%2F%2Flcf24MH%2FbWljaGFlbC5qLmRvYnluc0B4Y2VsZW5lcmd5LmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeb4079758,0x7ffeb4079768,0x7ffeb4079778
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:2
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1700 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4492 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3704 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5100 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4628 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 --field-trial-handle=1824,i,11887169871771780126,10500582462561783104,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0cf3eeed80bb939c59250b6eb9f54672

SHA1
f118da92e46792d2e6b52701ef95dfa1c45942a8

SHA256
cfa9e37be4ba3eca19b1718e4400e8b037024bc9a5fbb91d198652323e72361d

SHA512
6d6ed6c95df7b458930451f49d7102661d0bfbfb524c04287676233fb3516a50af41f82cfadaa9b5512c87354106cf82dfebe54bf2f2d49d8a492de311ba0227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a444c28e9256d8e104735ae69b015d21

SHA1
e829a23e06fe5f199d954389a3f0a9bf601c8de8

SHA256
14ac6e1f08a1bb587e8332846cb35d2bddeca757e3e109a77d14d89b497090d7

SHA512
3fa847a0bb8043a89088766392a3c153fe7ad2a843476209ba445684c95648ca081edc9e4096af68847c706f1d3b6dc9a8d6262965b2271d6853c9c8d86f34ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ab22c5f0f3ad1b796a4809c2ddfd21ac

SHA1
1464023139ae5279c6d09718b91367013070af52

SHA256
c1d7a16720c4734677971b8b28db0d97cc32bc6bf88d171154b4488c9094ba2d

SHA512
350c3a29257b45e4e50b84bc47a3b63a2391283d2c6ec2e9ff035541159dac4412edc8eafa8da0506918424bed1cfaa600221fa71949e14313a17ef229dc2e8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
16c3411d4073e5db3cfb9aadf4767cf4

SHA1
ddd8f1048fcb9a56d8717a37d120f1a6d61b1651

SHA256
1c9eeb1aea8aba23854d749f4d9965687bb5655405354bda67d4d90b9207a353

SHA512
6030ac28e7ceca53832d49781431c947d7a9448892517c286d9a28f6dfd13f41dc9de79ba1b5eefc3313977aa0ca0f1dc2feb71e9265b4031e851edc0e50fc3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
007987b9515460284530f30c32180e00

SHA1
5bd2a94deb7a45ee95059dc381e5a8f31c38cbc0

SHA256
eb2a25c6f88634115a40e23bc85b9388109608e7677323aa7001671fe5dacdc9

SHA512
cee5ab3c8c70057617bc7b1caacd3a605db8c900a8f1dfe93d3aebc8b235202394bda086f050ed1e9ddde53cd37fe397981689377393dd54967c29bb09771fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
427776e7c341e34968cd9b393b2d85b7

SHA1
90d6431564e52b425e366c3aaf6796bd62633bc8

SHA256
b15c3558d84412cc3d11067f2f8336792e436086b64ea009b8be22f7b26396c3

SHA512
386fcb7a42683016b3b8c511813693f316fb4496583f0fca7581efcdb5e4b0305a5247a7684009ea91c8335716cc62e8dbb91581247851a7497b386995b1256f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ad1237c8e460b74afc233dcdd3201de9

SHA1
f56d1096f734a735f79654b483407489149b2440

SHA256
3ab5b0b5a9e0e41dda618b13b8c5dfb6b597ba5049029e827e4ee8e4c79d9f4b

SHA512
795e8e81ad187af5961df58daecf83f83e66e19c85faea5de30823ea9825e2598970c89306db23dc78c5001d3bb6339cce9d10ce50b53f97ffd7d11b73b95319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c4259ebd708d120b586a1a18024332f7

SHA1
0f709ee5856cdb008fc7cddcf195234a32b41a81

SHA256
9a8a661d2bb811b4b95277ff135af91c6d63cc6ea8857fad706e7d5237031164

SHA512
62a2cfc352a7ced0c4c42d2e082e37085fceddfc5606c006111840696733d2c8e1e5ad5349dd669725c00cb4003b3b8b854a676640ffd70c0114fabed9dc63e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
9f509a237be7e2da628129d7008d804a

SHA1
4eaca64ff155f01fa11dd46ad0582a72b8d6832a

SHA256
b5f7455e86de8026628288cd653d4236281f0de35fad8f8c854b0b2753c9480f

SHA512
3efc74accdc8f823d1579031d773f3cce6b475fea278efa1d160f1db4dbec5bc52a6d594017597da7a46163494b0ae94edc25b244f363f864be662fa4c5ce8d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
abe7234c8c7e9cec2e8a0d96dbfb51a1

SHA1
9a8329deda1fae227fc19bd9666a226e876930b1

SHA256
85bc8c38f63eee17ffe811cdd2806cf37bc96d0ad68b283c4c608a6b6dbc7f74

SHA512
ac8b56b4b828ce0c71f294d374868a88163bafa5ed55b1a44dea2536c051428a585f04069b77942ae02078d3046d685b1e9acaaaca6f620aaa582bb2a755dbde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit