hxxps://go-upwards[.]app[.]link/preapprovedemail?utm_source=pre_approved_email&utm_medium=email&utm_campaign=transaction_email

Analysis

max time kernel
602s
max time network
552s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 18:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://go-upwards.app.link/preapprovedemail?utm_source=pre_approved_email&utm_medium=email&utm_campaign=transaction_email

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133408330871768629"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3816	chrome.exe
3816	chrome.exe
788	chrome.exe
788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe
Token: SeShutdownPrivilege	3816	chrome.exe
Token: SeCreatePagefilePrivilege	3816	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe
3816	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 4428	3816	chrome.exe	20
PID 3816 wrote to memory of 4428	3816	chrome.exe	20
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 2020	3816	chrome.exe	87
PID 3816 wrote to memory of 5084	3816	chrome.exe	89
PID 3816 wrote to memory of 5084	3816	chrome.exe	89
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88
PID 3816 wrote to memory of 860	3816	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go-upwards.app.link/preapprovedemail?utm_source=pre_approved_email&utm_medium=email&utm_campaign=transaction_email
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd15a9758,0x7fffd15a9768,0x7fffd15a9778
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1872,i,4505372528570434904,10093504746182041815,131072 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1872,i,4505372528570434904,10093504746182041815,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1872,i,4505372528570434904,10093504746182041815,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1872,i,4505372528570434904,10093504746182041815,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1872,i,4505372528570434904,10093504746182041815,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4920 --field-trial-handle=1872,i,4505372528570434904,10093504746182041815,131072 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=1872,i,4505372528570434904,10093504746182041815,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 --field-trial-handle=1872,i,4505372528570434904,10093504746182041815,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2816 --field-trial-handle=1872,i,4505372528570434904,10093504746182041815,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
185KB

MD5
a9673bd087b4e5e2cd21862f8b7d8054

SHA1
0854f56b37b3c7c3938ebdd75a79be32c94b281d

SHA256
d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

SHA512
3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
97c3757ed4f8639ab0367d1c95917f06

SHA1
c3d0f04b4ee016e4aec0d9b129f67045e8e6696b

SHA256
cf0ffbad45dc380628c5516b4c6a75ca00f7d61289369eaa1e69a9bb952a9000

SHA512
0c0a7bf06a38371cec591c289455c5676c2593412d14de18e8b5543bfd46a22fa72541a512d169b2bf824bb8ec33634fc86e608e967dc4204c21d384f7b53ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fe3d5a48ebb111cf575b68cb68666b26

SHA1
0c6b05fbaadf8ad4952d4510ae5e04dc586b5b09

SHA256
980b2a3b0e190d4a71082eaa027273cb38f3a46801d9b31d91fd9176960806d0

SHA512
61edd7250b40b327952b6a76eac6f78c1d7b17c1daa4ed59f2f3d29ebc7ea4d157dbf64a83754a14aa1757e23a8c14225e07adbde955cc71e1c07e5cdbf89e44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9897734521dc2e1a3eb9b1d9626fe16e

SHA1
69d889b6fafac1ff8ca71c5e5fa3a67f4b25ac6e

SHA256
a5fd7b843e9072f89a64a5dd6a870c2c516c85ae038874d710934e373d9274f1

SHA512
c20c1369237f13d6a12bdc80f2cf56769fe43675d820d40429d67a0239d1cc084ad23a365779d3375cdacee017424e3102a9250f942a3d680c52429c351ee84c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5c30beb9560c6e10d78e448ec3edc0bd

SHA1
b11a222429d20a8db5ed5c217166b159fecffda2

SHA256
fc91be3e7ae24cde102bb759bd712f6018807c4e5401a9fd0eec0b83866b4aa5

SHA512
0fc1142abc61bbe567d87fd6e3799580b15b0c10c6480a5fc0f315792b7481dfabfc1b4f254a559097a207217d6cdf027185767c22f7f674dab53a46dc6d86cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c3f35ebf736621e64ab02dee27a6f171

SHA1
f16491d2f790443aad190d08fe2e841af4e9fb40

SHA256
b3993857670c6aeaadee57fde84efee75b3911ee10513d7d080ef43f882ccbaf

SHA512
0d09a3e9a6dd24f1fb34c1843e10a880ffcc67fc37fee2d6a9fad0d999ffd1c18dc090b3c7838e97d33975f8aa86b9be3be63cba8d5fa980d4291cc580309c42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9529ab33becf7724df4393581912cac

SHA1
8cd9ae8f5ce9247eb1e64e510b391e10e1c87c7e

SHA256
ed83eb7f28dca071f695c25f99f4e552011083864855c3338e3be7cdf0c4525c

SHA512
f42e761f8bc3be1145103237b7479ead35548af6f27895f3c15ed844dc2f8ae27c156190c5a81b1381a6a64c15a5526d5ec98c9f4382862275a8323cec423521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
229ce9f91218773d15ad1fbd610cbbaf

SHA1
2c6b003822af5f2c1d66a8b204d8d298c2246979

SHA256
6992a1f33a0f714b8e6f7e4aae227aedc604a97c2f03910236a530d76af53a12

SHA512
ac09c9b7cdae86cfadc42f12a48fbd0c3e679705c3ed10b9e2293ae1ef0238b97f3ebffd5258f3f32cbb6f421c2b24fb363c64a6a88aa30940f3ee9269aaf554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
88d959d27f4705a606e317dd297cb6a1

SHA1
c5acf45a5765d7ffa26ce16bc2b40498414f0435

SHA256
ab01f5b36c81b6c582d2c383201306c523bbbfcc23564b53792957f320837871

SHA512
2105809a4a1c9dbf6fe96e66fcbecc1853628937b688ac3e2f5dc65f3442ac01d494ed282f7027b606acb36443e4f457a0c33d909611b593ddf737a24b3562c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
821d1b9520e731e6f7be582118bd66ec

SHA1
81d9b78bfc1105bc7cc26e25c2cf01bcd9647901

SHA256
8daf0b006e79f71c73025c83dfea83349f23cc48d26238de6c117ccba7e2889c

SHA512
a70c51e06fb2d95a3de28e5ab21d3fd211d37bf820c91b06b3b678001045073d4ad648b90298dc3b7c1fdc1773e97262ce2c693527329453e4e844072e07f8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
54bcf4ea0acb63793d4b8641109b4dec

SHA1
095bdaa74a2c0d6bb16f6ca8e09b15abe60a86cd

SHA256
c9b4c7bb7ec92817f150595e13880e1e70587504af1a7146dff5b2a0ba347277

SHA512
b62aa791057fe8586edf945b4800a62e99a97ca91a4e9167bee204e9bf0c23f295f93016577a8d7efa1cefb60854064da1737f4e0632088408db28491df17dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8df3fde7ecfbf994f4ebb689e0b2845b

SHA1
c4a71c8d8d36e8127541f57628d2d60760ff091f

SHA256
415512509a74e7822c5161a0603ba4b4cb91858549b82aae9107aef1e40356dd

SHA512
6edf8c22502c9d3331a636dd327240de8b61792a6ee760185aa2393661f12b8b4d9c8f29bbbd7f41b494a553c1fac7616ebc7617bb2a10bce0eadd89424303e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
9498c8091afb0c3be8120aef797eb6d3

SHA1
63ad4c598274b35d33953ef797d61e2b3f4ef05c

SHA256
a37abb8d1f9e4a92e162cf4a265353be9c6b137f4050a9d3437b97c9903f2f16

SHA512
6d20bcfe37453962e70784f211ed6ed28e7d18337d175367eee33c7837fd58ae8e284648a58584e34df4b10fe085699c28681b85b1f8d4f04d88da2d036ad859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit