hxxps://r20[.]rs6[.]net/tn[.]jsp?f=001abD-c3HpTwQErkRf75NisrGxdPuJWU3dhjdSD9fFY9mRRH7l4sF-h-FNffuiwt1zMTREbP5sxVQo5ZCGdmvC1fXZzLEFx8t35yXIfi2hmvlKLj8fqyTSq3ShODb6RyRiDCJx6qa1218or1-u2ce6yTCJPDcpsKWZ&c=AyFfainoWEFGy44nsz46Ljt5MytHpjxQ5XzppBrMA__I-WjUTrztEg==&ch=IHB4Fx1ERlbrV36NhSnDggEi-Ykg5j-ttxu0dSGLP1h2Z05haaPNpg==

Analysis

max time kernel
159s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://r20.rs6.net/tn.jsp?f=001abD-c3HpTwQErkRf75NisrGxdPuJWU3dhjdSD9fFY9mRRH7l4sF-h-FNffuiwt1zMTREbP5sxVQo5ZCGdmvC1fXZzLEFx8t35yXIfi2hmvlKLj8fqyTSq3ShODb6RyRiDCJx6qa1218or1-u2ce6yTCJPDcpsKWZ&c=AyFfainoWEFGy44nsz46Ljt5MytHpjxQ5XzppBrMA__I-WjUTrztEg==&ch=IHB4Fx1ERlbrV36NhSnDggEi-Ykg5j-ttxu0dSGLP1h2Z05haaPNpg==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133438530426639978"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
5092	chrome.exe
5092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 4904	1468	chrome.exe	80
PID 1468 wrote to memory of 4904	1468	chrome.exe	80
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 416	1468	chrome.exe	88
PID 1468 wrote to memory of 4508	1468	chrome.exe	90
PID 1468 wrote to memory of 4508	1468	chrome.exe	90
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89
PID 1468 wrote to memory of 2096	1468	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://r20.rs6.net/tn.jsp?f=001abD-c3HpTwQErkRf75NisrGxdPuJWU3dhjdSD9fFY9mRRH7l4sF-h-FNffuiwt1zMTREbP5sxVQo5ZCGdmvC1fXZzLEFx8t35yXIfi2hmvlKLj8fqyTSq3ShODb6RyRiDCJx6qa1218or1-u2ce6yTCJPDcpsKWZ&c=AyFfainoWEFGy44nsz46Ljt5MytHpjxQ5XzppBrMA__I-WjUTrztEg==&ch=IHB4Fx1ERlbrV36NhSnDggEi-Ykg5j-ttxu0dSGLP1h2Z05haaPNpg==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99e589758,0x7ff99e589768,0x7ff99e589778
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:2
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4988 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5172 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1816 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5856 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 --field-trial-handle=1888,i,8531706169164464248,5489449105739813291,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
186KB

MD5
4a2977698422c3c6e58b664643322efa

SHA1
939e0f3f916f936be7c8c49121d8f245b99cab1b

SHA256
d60610d21436821de350b6e21d3915e5ea1617d97cf20f7aaa1d5ae782cc4cd8

SHA512
ca9d91650de72ff1faed43344dbc86ea3e81d4fd615b89347d31c7676fde084ddcae30a9dbfa3b341ec32b00966004fe7d6d96e383b18363ebd8f02b982ffd57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
f847951ed1e05149302c3af337e91ca7

SHA1
9940164c6a6b7b865c047764dbb740e32041ed87

SHA256
3a9d334cb814344d0b35c428a18546c92cfb501bd12f92e54d34ccead49be5b8

SHA512
5341fc07b32abd82ca877b24a2bc37bda30e20b4dc44b228f872bbdbf685ad1346941d48287787bdfc6ff6d5f612a2f80805d1184433aa4510f1bbbf4460175a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1b228b2e-7ada-40bd-9e08-f06b76d6e3bf.tmp

Filesize
4KB

MD5
a7a9d6b504e7117f8611c2cc00f41b71

SHA1
997acd543f3f26d58beef8bc253627b99c6bd41c

SHA256
51cd5534761d39ecbd340471b094a33bc28d6981149445e300f21bbfa6a45c07

SHA512
f8318a27fcf4aa4b3b4c53474834e0d8ab3d44fd1f66d226872a05cc48bd5b66d53cc6adce45ddc84fded65882041843ac8809398474f680d6fcbe8fb2e8a584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
26d381901069710034d1dee32bc0212c

SHA1
39c0f792cd82aa151355aaa1676214aab1da93db

SHA256
1c4ceebbfba50e9dbcdef0bc6d7f4b8f99512cdaf5b63111464b31a93fd21c48

SHA512
829db32a34b620774cd2d530e496755bb638f76964c70a77f40009a9cd3852354728990716103fc402042b51976f5e58e3069a7bcd1452a0ff192ff323f60045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1243d52b558f693ae507f140f70b013e

SHA1
88ef16a1ea3fdf32156ae9c9b2711da0925d6385

SHA256
ab7aa7480c4caa9969325aebca905a8d016a669ffef9e3eada7787fe4f753a3a

SHA512
081efd03aeafb7a0271f341874b4f5c24759ad247fa425ac6a858186746b21fb61a82556f7047f0e30dcd1337269d6f967ad65f4868f40248e2db0e284e470c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b67841c467c373a59c36234fe0ec6f72

SHA1
c83b109e429ba20357c851e0b71c01df4baf4406

SHA256
cb4a1028fb55f0f6cd1f7e89212e385eedbefd5ea30bb907525bca827191376e

SHA512
13deea69e102a2d48c87259dce3ddba59b266aa821f93f7c35ada694aebd4975c2c086b542c76dd93fe93c0394b6fe178685a052816b25cc01618883e712c7d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e14b1be7e558d38f4aa0179565491b5f

SHA1
de48176e344f7ccdf8a2bf3b870b082d17876c6e

SHA256
d4afcf06185d8bd1492dfe6e368a36e8d6650521a6b20c771ef66f779e46cc35

SHA512
bd219daaf2690d3c5ab361609251cda68fc5822ef9e77e54428adecf5ae72d0ed68ce5f4175b9f3427bf3c4d633fcfe8596d55f143c1419032c24c9b2e08ce64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2a7f766e4ed3b42b79340dde09106304

SHA1
7d3300ae515b9b97c18d83ed6af01cca53d6a364

SHA256
054b57a9ad5696da244120671b683bc7047a41c81e88097d6a6ae7972366f068

SHA512
5e65b9460028579658c7ab669c31ccff0e1d3c28a4ebb96ab8f94b541a1d7220adaa14cdf02877c671f1e22a2dcb33485f304708e3cc9682d5e3c5c6c99b1418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
96a05f77beeae2fb714a1f544e8a76e4

SHA1
7a15714215fe75574f349b92575306803fb9c49e

SHA256
476e3ddfe86b8c9fb8d4674c201ea5ccdc7911e47d11489ca474442ef0ff911c

SHA512
2fe77848427d291322652e5595c4d4006d09c64a70c066018dee2b45dfb2ab4a6affe75abbef425b706196a24ae60c4044686d54fd98935fde73bf7a39265fb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
73921f8a35af5154ac2ae7ae13d3913e

SHA1
e92c4240ef28839b669b3405193cbbb27a2bd322

SHA256
9ea95e2dd9fdeb4bba740bad2c7cafd6d2329f75d42cadbe44e00512adcbd065

SHA512
814580b488ea6d73dce27f10d076cb73a54fcc3c19278d07b83911b3da65829fbeb484454ab802a98715bfaaf4b951174f1c78148141c2cf8b9b79c506fd9747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit