hxxp://www[.]zendesk[.]com[.]mx/service/?utm_campaign=text&utm_content=MasterDataSempra&utm_medium=poweredbyzendesk&utm_source=email-notification__;!!D1sDotPi8BGI9gw!mqKryLPyYr1lIcc3LPP6F1TEQ4rCh5eDVL8ndU-Um--WFdJs8AFWDt9w5dHioWgLpH0NVhHpFii7Jj6rsQ4O6mcSUMpap0U89Xc$

Analysis

max time kernel
299s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 16:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.zendesk.com.mx/service/?utm_campaign=text&utm_content=MasterDataSempra&utm_medium=poweredbyzendesk&utm_source=email-notification__;!!D1sDotPi8BGI9gw!mqKryLPyYr1lIcc3LPP6F1TEQ4rCh5eDVL8ndU-Um--WFdJs8AFWDt9w5dHioWgLpH0NVhHpFii7Jj6rsQ4O6mcSUMpap0U89Xc$

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523140210204100"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: 33	1396	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1396	AUDIODG.EXE
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 3160	2508	chrome.exe	67
PID 2508 wrote to memory of 3160	2508	chrome.exe	67
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 1716	2508	chrome.exe	86
PID 2508 wrote to memory of 3876	2508	chrome.exe	87
PID 2508 wrote to memory of 3876	2508	chrome.exe	87
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88
PID 2508 wrote to memory of 4896	2508	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.zendesk.com.mx/service/?utm_campaign=text&utm_content=MasterDataSempra&utm_medium=poweredbyzendesk&utm_source=email-notification__;!!D1sDotPi8BGI9gw!mqKryLPyYr1lIcc3LPP6F1TEQ4rCh5eDVL8ndU-Um--WFdJs8AFWDt9w5dHioWgLpH0NVhHpFii7Jj6rsQ4O6mcSUMpap0U89Xc$
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa62da9758,0x7ffa62da9768,0x7ffa62da9778
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4708 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5108 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3120 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4008 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3940 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 --field-trial-handle=1888,i,3977113552771076715,2209138634487152316,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x244 0x4bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e0e046b37254dab7b3fe257d76357612

SHA1
891099e02a52ce9aa0d5e86ff2ad6b04f19b73db

SHA256
97a49b429f68cad0c09f754d8b04a8096c70fca22a4902e61ea71a0ff124bb4f

SHA512
2036a425654d1ce28735101d612a183867cadd166a6f6ec8a9aefa011edd5b457d06535f73a0f21645dcc4d56ef4954f3657616567d1ab4ce5e209f797a1c801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
9c4a6dd7d24b6295c65feb5003c84ab3

SHA1
365f53a8a021bf3e3566faa2d0d6b7f2e7f47300

SHA256
8e45d70100bcf4728ee261221d855a7a5fc3c8ed5e66b05b46a74c081d70b78f

SHA512
68f3ce20b2fe65545eb3f09c002558705ea3f9040f820ea37e34ca0973b57380197ce2c7425510790cd37ab991f45a3fd58e7f8195e013ca1018ba2993feb3ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
13e044463efed756220e4f1f91b1cf0b

SHA1
88875f323384f470219ddbca57c872b8d269eacd

SHA256
8baf9c8542b32bcc29e08a30bed315d5b0f30d925eb877dc9269f6064d6a1f0c

SHA512
cc03a669d4c278cb2ce4a24a4e711e37f5774061b397fcb5556dbc3c2812406352fc3bbbb674d8a0fa24a494c9a2122079ef8ba2c626727c4d90cfd81cbf9178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e2f8cb3dbe38530b45ffdec5e56e9969

SHA1
b3264631fa21419617c5fd85de2aed82761bd43e

SHA256
45d708e542911226954b69960ed36de8a89279a30b52743e8c749f9f4b454b78

SHA512
b75df357192dbe8fe5b1ccc7df1f72e1e65410d76b38e0cac790eecbcda1d187cdf8686e54772f386afb95bd074a11e9843a4d72729eab1c299d628e1ad85afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2e38924e9115c02bb11b24ee7b03d655

SHA1
4c2cc98ff7471166762de498fb688c03a7b003e0

SHA256
cdeff4d050b4e369c4de0057a111c0f9db1346e22715e21b3bbf19cac906f975

SHA512
a73d262d161877e2d994db637edc83589232c7e2bba88a3ce1a9e1274b39320b8ce545f84ab5695b626db42e569ec0721c5c4c647818019130c483532dc5f9ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
dfab4be51a8b4218992d69df9b62f3f8

SHA1
9155b4dda38a6527d12cc0d79a90a95be62a510b

SHA256
9742cd6456e0335419ad9a99deb327fa64d71b2655c1265d69cdc18941946f8b

SHA512
44fed1563afdde22d49fa5f97f90387bb7365eeeaba8e7dc9c7ad7a4f13e615946587c41f446cc4eef29061385d699f4e45dfe6dc3e14a8039eab3561e64e45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
987acfe08a60e6469393acf7673c412f

SHA1
fb71d82e4e2acdf3fa9c46bd7850fd796d5c8b16

SHA256
a1fb26796321c0155e8d3d716e46b7531624e5d356bc1adaf7ef73c10bbda3ce

SHA512
ba9be26d587c5544f2bf3e3375f93967d28acf466a7852d616b0bbda8c4a38301261f25176e4a3e9bdf4c4ae329d3ff8da6c76d5960422644ffd545bfd344a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5ef94f8feb4933f2277f536ff77e8879

SHA1
ecb774527b9e4568b44ef434b1b22fecb0ff775c

SHA256
0f4f3da82faaa8963a1350b9b1b105d6271c3163ed7eba795d6b1a0d9c2f183c

SHA512
e9f836b6aa2f907c0f14befc2a0e35981445cd54bdeba8a6ae538b9e0bac713b23530e329f31b91574ed295f505f95bcf0d9126ae706c4c1d52ffdaa2453c318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fd044fc420463821d5ad2c8999ce183f

SHA1
aa0c0e4e926c7ab06fe08cad6fb315ec28a85ecb

SHA256
5e9e5b042568ae4d85a0c32b1baa4b05eb69137cbb042eb7f59ec0a87d30a98e

SHA512
7c10ebfce009ad488f126d5f0ae2c6be1485e117d2533318cefc86c9629cf5881c86515e028854d17f45eaefc44413e00cca2490207d077855025fe8a01b0152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9d5919cedbecd5af5d5b3dd511cd1dca

SHA1
172dd9bdc161870161daa32f277b9a67ef4740db

SHA256
73ba355ba1e26b74c97824ca77f5500e96994508b5e240aa706f0c3f61233b9c

SHA512
3b0b3befd66a93c42615c1745707d7bda28e0b23c51f4d90e9d88362c50c70a4d72837620a3cff79d5a637a01b1846f7092d19881b3c96cd3dc999233de6923b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8d210227a01ed7d92485cbef85000599

SHA1
63710808f3c430ea5ca1b503b48f9a936240eb81

SHA256
9e7b3caa2986ccdb9d3efe74b3578c22115ce451139d06914bacabd46ae80ed1

SHA512
2ba9fd0de1b86d696a33c91a65a61609e2b038610f6740daad40028235a48c70a8f11bf65797d2b34c27621d28d96711ef114fd761792cbb072329624acdc87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5c0c89c917c62aad34ddcbd720ea1f2e

SHA1
4457c822df71b24b6970d971f8e8b587972b465d

SHA256
2cb348ad6565e362506d880f2b9c20b676e286352d3d390f6d58ce68e2fef28a

SHA512
a141bfda5023947dd703f5c2250aae1216c4fb24c6ba50c4fc4bdd90319f77deff614b463382c86d34085a6f863f62c69c1c320eece7473402ffcff9569e891f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2f69a834cfe1622a9438dbc2824f1a4

SHA1
b0c3a9a903f18f3a16a37e2b6efafb28854fe196

SHA256
799958939cfba9dbc4e447c8b1e710153eca9610b7df5c5cdccd9785694edd8d

SHA512
2702cc8b37751524dbd8874571f1b3f8f7a4d5e0325fc4d8ea7dab258ee3243fbfe1609d6bbd1dc2d1fde01c489f09d6610aee0e94fdb1fe0e384cb1b69e67ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4af9a08cf545bfc178b02a5db57609bd

SHA1
8c067abd20256af7ebe5e691f3089de930486b65

SHA256
369b97ed5d186b9b8d6753876b7deb8344b403d3b36f568cd81a5233300ebb9b

SHA512
6168b557aa7024b1ca8087f6062bb51b1cfbe061f70b10524bfa8cd3787920ec79df69afb6c9e886cebcd1d4c355bf854533c6e9429e78c5cd86a9b75ee25ca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
7ea4c81d942233495cf8aff729739a50

SHA1
20310e18038815f13a043265b65695574e1401b0

SHA256
8fbcdfa80944501d9aebf442da8f4603188ab9fd09a3f8f28c49a5eb27f94d1c

SHA512
227bec9da6c3507cff8ab77fce87dc8620126275093c5053965b433e73854ab6aa3cd82d77cbe0d54cb85e18b8d8a108b1c0f68c77b578bba87ec82c50a32b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit