hxxps://insights[.]q2[.]com/NTE4LVRPTC01MDgAAAGPaGVSb91OETm3BA-WplfEZ7HTyWreenNGx1BHlHDqAqg6o9RC1U0B8Su1T_skSBMv43TPOKQ=

Analysis

max time kernel
1200s
max time network
1135s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2023, 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://insights.q2.com/NTE4LVRPTC01MDgAAAGPaGVSb91OETm3BA-WplfEZ7HTyWreenNGx1BHlHDqAqg6o9RC1U0B8Su1T_skSBMv43TPOKQ=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133443799937085754"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1512	chrome.exe
1512	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 1784	1256	chrome.exe	43
PID 1256 wrote to memory of 1784	1256	chrome.exe	43
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 1112	1256	chrome.exe	86
PID 1256 wrote to memory of 3380	1256	chrome.exe	87
PID 1256 wrote to memory of 3380	1256	chrome.exe	87
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88
PID 1256 wrote to memory of 3256	1256	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://insights.q2.com/NTE4LVRPTC01MDgAAAGPaGVSb91OETm3BA-WplfEZ7HTyWreenNGx1BHlHDqAqg6o9RC1U0B8Su1T_skSBMv43TPOKQ=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc7949758,0x7ffdc7949768,0x7ffdc7949778
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1772,i,16567360515384648321,11963804901092826329,131072 /prefetch:2
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1772,i,16567360515384648321,11963804901092826329,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1772,i,16567360515384648321,11963804901092826329,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1772,i,16567360515384648321,11963804901092826329,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1772,i,16567360515384648321,11963804901092826329,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1772,i,16567360515384648321,11963804901092826329,131072 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4608 --field-trial-handle=1772,i,16567360515384648321,11963804901092826329,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1772,i,16567360515384648321,11963804901092826329,131072 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1772,i,16567360515384648321,11963804901092826329,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3388 --field-trial-handle=1772,i,16567360515384648321,11963804901092826329,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\576d52c8-f714-47fc-90da-19ab15ebf8ba.tmp

Filesize
6KB

MD5
a67277541477eb6ffe58836d9e42cfad

SHA1
37233adb50d2501a2ccd426727e8971b74942fc8

SHA256
652e2767fc10793503351092805f4859fc48698c35537c3c06ff8302913ec77c

SHA512
10280067470db0fe347867eb4ae1cb9ebccdb27ba8bf461f630fefb963636a03d68f5dd01dd47fd00e02b667bbc34a4b141d41a74f6046d88cdc20de49ed0f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
60969145950dbe003f4d428817af04e0

SHA1
80f29e3ded9243b6707f1979d2b3a0d76aa15f52

SHA256
f23950338772754a831682a06b72df54c37557606c3e122b1deef7be55991e1f

SHA512
dee2de7d7b66b81e3c3fe67c2e1a3178f49f59a44b2068576f2e509a1b040b9c242eabff03024796017e6ca3b99c41b918501d5f7f05e6989d1d4eeddc9d4265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f20aba205910970109871e96ea8f0de4

SHA1
9083755381950ed468a21e36c47498d9445df4d8

SHA256
53882576559ab1f21e5ec22f9550974e15de454ef60888e2b543018433e5e9ee

SHA512
3a4ad072cd8ef51e20101f22c4a82f803740bbcf99b43a4efc8fe4374baea5a6488649dd8ed3bbe770afb7505507898b5067c887dec645cabd07dd339db36a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
af3824da51cef4162436c72b44e6e38c

SHA1
fc39b35213124dae6433aef5f3e48b9543b4f3f3

SHA256
85ff74e7d73bf840479a20ccd1a3570ecc90113b3f98a4da8903a549c5344fc2

SHA512
56c53cf90ea263e2eed8635f3849f6591a30897e8d4e29edac29d60d54d6ff96c73cd365c6e61804e1c16b124ab9229d22054e6aa8474818eb336196c6732399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b880009527836167cf70b73bcb4f8440

SHA1
4cb6bc909f3418c37d89a3d4080ab1febffd2cfc

SHA256
3ec9597bd54874207d7c80a1906dfe8c892bcdc4fb98fac5cf5595eaa915e5a8

SHA512
9e6eb7aaa9596bbc9c12deac681afd12a1d5abe538dffc5847ca83a5ce7705e83ef52a0159eb2d2ab4dc37d0d1bb1411e97b1c3e58f9bad1165e5b7ef582cdaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
96872c29bd65ac0f9bc5ea883a0ad60a

SHA1
daf0899a276f076667e99b01b031b3eb1515eb25

SHA256
edc3c71c65d90cd5a02abc181b352f09009a3935a99e3a3604c4ea0cee802f03

SHA512
695ef57759a8bfb91fc031a840cfba8c8035b2fbe87f177bb8bbe9ea76696494c193d5d6a31e02187b50fdfbc52ac9a112dc762d153a071ef2c22271364eeb3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
a1dc98afd01e7a46c346e29f74a09120

SHA1
ec9b1c64cd87f94461bead1569f9def0065bdde6

SHA256
6b21bd646969f364e29348832d00c1bdebb5549ed03e343831a6e3d8cb0b7e93

SHA512
c41dd2ef853200367cfe688cef657be064cbbae7709785decf8fbd68365fca483841c471a623aa7c852b8af641916cc5298c71b1a8d5bac9693dd8f3b5246fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
503873d0b04d440ce53b1ca7979b86f2

SHA1
576348766ff49a517ff0392c46f7ae1f3ed240fd

SHA256
dd66fb5701ea90210a36748382cc66786655da7e9c59792a81c19dab806d347b

SHA512
03cda6900299a1d575d77467e408354426285cc585ecd364d11570d70641005fededa247ce0903eac4a0a3b11c024dd173c297c0b557e1e28567f64610ffa711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
9f9c36f2beaa90ef2893aa98522b7c15

SHA1
29df1f9ae4d39c7558db545a8b528ba254bfa271

SHA256
1449a973ba35de2c93fc6e52fabda275920c0386ec757d66d09e4c2022fdaf7c

SHA512
41c1b468001e83c47d9e7b7aeff2f2fdf8b4b5988377a5fa792466d2ac1a79a5a614a3fcc0795516fb1a24eba2b6e36557b6270246b713a8390069574af2534f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7dfdf254bd033973358ec735e805492e

SHA1
07162beaa5f2eb12a85b47e7da1c274121be8dbe

SHA256
8d1880f03714bc7d412a7e1b5ac4fa1248a268c3921dd37e23d45b99b069a5ca

SHA512
7c9f716c754bd9927914e28b71ba7bf6a191853eeed41e3ea68b483ed4142c6390c1d72c6b2e4356b581994ee157af1a1aa730e5ecb53cf5f2550ecb8a27bfd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
41516b8202fc08a69a60688734807c0e

SHA1
3509cc29395411ea968ddaa263e0445ea5338ced

SHA256
3ac27cab2b3ae7ce00490b78ab5d47f54beb8882d70c28ec63bab2aeb0b6ea7a

SHA512
5908627fb7ee28f653e254ccf10daa54a85543a96d0fb7af9ebc6523742f88b92f9b3e1b6f55d84d9bab74a6982b847b66d3df50e4c5caa5023d6ab6acd7b34b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
d055f58fc6788abfdbcd7db31b327242

SHA1
d28b3d152a195235575503242b9c7128f436d0d9

SHA256
0e2c08ab197e8b9f3258a63c689c1219234eb18080e0ee3302a3aa5649b12b6e

SHA512
bf28654c906f3f22002ac23e73d1542aea57f7ee251f74ae22e184e09ecdc2478bd0b99b8898859540f63cdbcdd1ee5c1c964b3c9f4752fd463111370f4a931b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit