hxxps://qr1[.]be/TVN4

Resubmissions

19-09-2023 06:04

230919-gs41yafb81 5

19-09-2023 05:45

230919-gfw5kafb3w 1

Analysis

max time kernel
600s
max time network
601s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2023 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qr1.be/TVN4

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133395784730777896"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
368	chrome.exe
368	chrome.exe
3352	chrome.exe
3352	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 228	368	chrome.exe	28
PID 368 wrote to memory of 228	368	chrome.exe	28
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 392	368	chrome.exe	89
PID 368 wrote to memory of 2168	368	chrome.exe	91
PID 368 wrote to memory of 2168	368	chrome.exe	91
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90
PID 368 wrote to memory of 1476	368	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://qr1.be/TVN4
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97c289758,0x7ff97c289768,0x7ff97c289778
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:2
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4936 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3372 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5040 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=212 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3388 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1888,i,10082807427852470278,17954624858086088619,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c021907cfe054a91aef9c47d1b2e82de

SHA1
a65ae7e638c52deeff2e3b6a9ee9a0aa12261cfa

SHA256
d22423905582e15b5e7dd31fbddbf613bfab4dac76dbca31ff7145507564f3f9

SHA512
bd42ea43a6053258a3696347e136f6075fe61c67fb6f11bd6ec1539bae66eb8a721452c44976a5bb77be848cbd84b49f27b2b3cdf82c69ddccec438a9a6ae2f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
397c8d3c2064cb577079b59e63d97871

SHA1
a292e4b48b61b0408334d4837b96ae23c5323c84

SHA256
86f931ca6aafec73264ba377ebf4997f0c007a5993c26cea550e4d73ffaec178

SHA512
d15bba1ab75260db7ad8851480ffef4280e384756b58ff3464b961adb4353881057acff840eebc3cd20d91aa8144dbd32c283ab94b3430d46eeb8a66236d9734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c1ab61e07c4af24785b532828b112e6f

SHA1
e288f581fb2f1c5c265dfcadc8ed0417cd57b05f

SHA256
109338fb66e92f0c0a1974bdac3d5e0358729e18fe017f6a8971148dc103251c

SHA512
11eea8297dd800b0f821701569c721e7a13cd7750ae5f7d27f7d8e11ea6b0468ac160d29dfe85078b200cbeaa57b0b3addbcc9cd0c32f132d85757fe47a53bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
adb95d45a50f460c6eb82e1734b1fd66

SHA1
a6752c3ff1f43772c67df45acf71596312d8ea4b

SHA256
ff8bb29c128a8595edafb7f996e6e5b871a3407ee3d0bd4917b59ca5f7139bcc

SHA512
885e75d5a07ff8f4d9cb71f0fc343dfb40a0303a8021f7664bc58d632159c087e7f0f20938ae494065d28afeb65ef6b84b282539c6ecff281cd29d4ef3ca4365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
6e090e6929ce78357d33aa0f67ee5bd6

SHA1
5313d470d2d0cc8ef8e93a8ef0cf61f6fe9e824d

SHA256
e69f1dacac83dcae60cc4cb82c2a4016f7fc436a7aa38293e5249cc38297e686

SHA512
9b021fac49d300634fd6a463e02e08fa1ad97590cb7ccc04f11d5a928ce1ac833916b98aaab1127f765db9e5d594a78eb98e1dfc0cd6560a127b5125ce424f82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
53601ad13c193ec9178f55664424b31b

SHA1
5fa9117582078dae7d89c82093989a08086701f8

SHA256
f7be98a1ab8b86967c5b27a6d177751e7b512482daa408c2ba9530b768e49858

SHA512
9d994034dbf6715254096df83b3b7052acd8a43ce96852bd6d58512ea2f5f0f38f0fe3c2d07740cddfc1deba204ff654f467724db1de95ce2ae64fbc5e8dddf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
050bd75fc73fa8e168ce9202735f003e

SHA1
70401a85eeb91bd7e413a1bff3dedd76d2ea5d08

SHA256
993e5523713cbae22616425d7855a0d6a2f7e032f6279d06621b4264a284bc1e

SHA512
ecdebd9941ddb6e29f46e1c51ea8c30c2e03a42a93cf4bc8e3e614b9d4fd158924fdc0c16f32559dff0983d92eb5f316813bc4fcde705ee71d6ae3d0cc6880e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f07d7eb15b07c32489c14fb4c02ff167

SHA1
158c3a142de620eab8eafbd692ffc85d7c8f1e20

SHA256
7814da7d8170f58cee007cd41a35e0aa70a5456a31bbf6f4c30b9242cd1dfd0c

SHA512
369967c7ea9032da039f746e73976cc757526ce62a900cf647b9c1f48126e559499554660912f51edcd0c9eced640ac5f343b202743dcaaf2de599195fcc831a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9df8c3f1ed33fd5910cdb44eb188cf5b

SHA1
445ba9fc4deb55e1d90a197ff4b0cd488b9aaa2c

SHA256
498f854594334a8523cf1aef00563552da5b866b02860517578c2391f8b7c6f5

SHA512
8de78923dccd2b5f80a6d26d43b35bec653dd15034299aa10abd9e87a5f2e38ca6c28fafc2dc0fd3de142c8de8eae64ea7d6da05609782fef70b5c6f6969f1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
d3b2e39798db946876133db2af26b4e7

SHA1
6ae70cb3faf391fa970ba5bba7e571af8f8fd59b

SHA256
cb04854caeb3155f988f94e92b3a9bf88fcbced8dac970157cebebb2e7bd2b3a

SHA512
ed4d0ebdb47c463fffe1f047915ea4fff98e5c8411df5991832d00e1521e5c51a8af957c39cca3d5e613bd8d08894b0be8125c37185554222d4d6408d9e3d1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
8bf5eff73e3fad8d5e99ed35a5af37f6

SHA1
76e5ea5ab5cacac508ea63ae486113ab7b4ae115

SHA256
7ee8e0bb816addd99599615bf84f26d6f0665a4ec1b8495375c234b2b024185d

SHA512
3bc9d291f314abf4905307aae7ee50d2424cde0d1bac2e0777f9eeb7cd2d329c8879954d670457ca548b3e672ecad50fe8e07a25d1ba786eeca175cc4a736804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e181.TMP

Filesize
103KB

MD5
618663af46228d48cf885d619004b0b4

SHA1
8d791371481fd85e58264c4295ebcb1e08419647

SHA256
4f2a6c6bb2f7e2614b62fc176660a6e5bad9f38887b94487a9011d2b6e4040c2

SHA512
f53eda91c3d596b903bea30b03e7adaa60e002b4d6fa8779f6af38b3e5a419327dee3fbc961f4d99872a9ac23c7654c494c7677ea0ecc9e17b2554b0d6dc93bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit