hxxps://www[.]cvent[.]com/api/email/dispatch/v1/click/m5w9rjvp6ycg5n/k5x7dr4l/aHR0cHMlM0ElMkYlMkZ3d3cuYWljb25uZWN0cy51cyUyRmF0cHMtYXBhYy0yMDIzJTJGJlM2N2VheVZlNEFVeEx4eThaSjkxcGdHeSUyQkhibVZzTGR3QVBTbU5FaWhGSSUzRCZEZXRhaWxzK2FuZCtSZWdpc3RyYXRpb24rYXJlK2hlcmUu

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2023 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.cvent.com/api/email/dispatch/v1/click/m5w9rjvp6ycg5n/k5x7dr4l/aHR0cHMlM0ElMkYlMkZ3d3cuYWljb25uZWN0cy51cyUyRmF0cHMtYXBhYy0yMDIzJTJGJlM2N2VheVZlNEFVeEx4eThaSjkxcGdHeSUyQkhibVZzTGR3QVBTbU5FaWhGSSUzRCZEZXRhaWxzK2FuZCtSZWdpc3RyYXRpb24rYXJlK2hlcmUu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133333120074037966"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
944	chrome.exe
944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 236	2532	chrome.exe	83
PID 2532 wrote to memory of 236	2532	chrome.exe	83
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4576	2532	chrome.exe	86
PID 2532 wrote to memory of 4748	2532	chrome.exe	88
PID 2532 wrote to memory of 4748	2532	chrome.exe	88
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87
PID 2532 wrote to memory of 2628	2532	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.cvent.com/api/email/dispatch/v1/click/m5w9rjvp6ycg5n/k5x7dr4l/aHR0cHMlM0ElMkYlMkZ3d3cuYWljb25uZWN0cy51cyUyRmF0cHMtYXBhYy0yMDIzJTJGJlM2N2VheVZlNEFVeEx4eThaSjkxcGdHeSUyQkhibVZzTGR3QVBTbU5FaWhGSSUzRCZEZXRhaWxzK2FuZCtSZWdpc3RyYXRpb24rYXJlK2hlcmUu
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ce9c9758,0x7ff8ce9c9768,0x7ff8ce9c9778
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3452 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3292 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5440 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 --field-trial-handle=1888,i,4656357882306271310,7086737941073649415,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:944

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
171KB

MD5
7a88e1edbba1ad7bd345eb14f1377a59

SHA1
b299cf2eacc2d17d1f2fbda9391079b6f05fb022

SHA256
3f6aa29738172f431b8e2af2e39cba0c2f91583d7bc23f988c7b7b35975bef2c

SHA512
48870540a5e7aedf4513610e23dad5d37ff48dde92909345771f7235d4526893e65d11915b46191e62dbe6e9bed4626215703fc90932bdebed356568c1557f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1e872e4e765660663e1f013606cc8f07

SHA1
c043cad6fa6ada389cdb200759b686ba2d8e8656

SHA256
1aafcbd97e51165d016e1878381559d8afc6b2f57eae580beadb17af828021aa

SHA512
85f51a833b9045358cd2b9ed48737c19b18f9fdb208d0f2892630da3a91c68360e16ce8cfd1e8b982c1c41527f34f2429913efff39ac516edc867330dfd008de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bc3a322439195753398f7e09f84b811e

SHA1
70df4f5702452016a21bf303469172a1740686cb

SHA256
08343158da3a8fa70f6b45055c156b3ca640889f9bcb7ad4731b1e2e8d0eb542

SHA512
713d3d58b221ea5ec6c259477180abf363645c2d121e593749a4522984f4bb174605362036c1347ec002cf184baff6a7afd49cf71240ece3d8e07702b70707d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
50f2e340d8d27d0583f3902be9ef8cba

SHA1
a81811c6c5543f4816c6622f5435739a6927c104

SHA256
fd76539daea5966419fd427e40076ffbca9416290b6dfa25ea0aa42d0fdbff3c

SHA512
7f4c5e81ec1192a002943f1fef6166e8003e8cd160e934f31bb95d1a4735a7d249268b4f5ea678f6c95cfe974a7ade5260f35ee431942d4f8bfe2c5a0e10f173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
597f22b0d0f66959c165b4154d764a4c

SHA1
95da96acd7b416d8b07979827d35ea50d59821c8

SHA256
a3b74028ed004a8e654aa194a64d5b3c0dd186f7f98e1fd198fa29e492fbd96e

SHA512
6e30962ce8e066192724d640cc4310c110714bf8ca351355eff9b6affe2e7011cf5f32186f7542ac899e2e6c30bcc380d04e0d5cd407c35afbea573f94c6a1a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
865B

MD5
5e7acaebeb5157062e58b7acd2f1f0ff

SHA1
6ee9c8c89b05d1582db474aa73b53b1ee91c13fb

SHA256
833d054b470446ea4901b83941b6a00856f4e7e7e8581e4c3db42000a9c2c5bc

SHA512
a8e7a863b7fd6de3e835712af6d6816600955001231613430fcbef814f82e009fca8053e35956fd4580754c8ed3d78ec9fba5ac57e4c6a2a41509a1facf9f712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
14aa680f72a2e86498bb03b270c028cb

SHA1
f2518f0280e69a5072a636beb2e68477451ff4e1

SHA256
d0a3aa5a85e14cd3f54ed2b444bde35a7deb5d839f50febfba81ed4998b46288

SHA512
c253cf2ae847e3ea9975f5cf36637d586cb2cbb73ca30c6d66841f947b5692ece0e0e1353bb50fb6871144d9e84f3df0fc1f9d275c033d220946ab03785f7581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea3925cff0181f45394558eee84946bd

SHA1
175d2ed8c91454625c47c54d756414c9fa1f6820

SHA256
c27fea07e6f257e430ae1995713bb0e9faf2cbd8241c7099dd1e523211496718

SHA512
18690a2a903b873721b5c0ef5b9ea7265e3ab623c1effe7e4c4a8353453f9cdbe08fd03ed2dfdeb38ae5708a5d2fe52a687ce5c96f02b7db88c2bb2893e710d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
96d7484247bb2c2f33a3e05bfe32882c

SHA1
f08bf8835d13c39a52e37f239dccf3ef228f4e09

SHA256
c1d7932f9a4237537a7ddbdf92f7e99e1f5f739fc87376e0e1de00ae1f05a134

SHA512
ec7cf2ea2432b20c16abf956d8ae904ff4bfd2e8a334e1fd1dfda877c941774acc61403ace97278a1189ae8ffafda3f5dbf851acf2015e09d1ea4a9e651bb2f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
55f2f1f223458b995191a3b70895d38d

SHA1
3155c3a8650dfbabf30590037ba7ea1038249053

SHA256
1aad8839e78964ab11091637813d74b33188327f8a19a3cc1f3eefd090375497

SHA512
f41bf26186a7de5da9fed5c3888f484aff7ecaf426bd36eba015d002251814cb73ecbac91d30ee56fa2afb51607c5ff9b919a9517e8f164bcc312a6cbba4aabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit