hxxps://r20[.]rs6[.]net/tn[.]jsp?f=001urawXrMpVkklrOpUORuFONy9gcIYa0KsgeGvafUbtIKg3J4xdreebSG3hquBmj3EtHSVKe0WbtOy4ozYOu6hNjGRDZuKi7AiwMCHg6cVjdTP20CNFfMGGWibPspObLoyzEwGwlWnWVrrKx-24Phgu4QTLDQvknAk6lesEmT8SGczmyrvzL2OK4qpIG58ukzbt2pjAiumV4M=&c=PakOJJsfYhCR_deHfbStWuZFusg96jRk4r8YPaKSxt6qIl5jnt4Beg==&ch=RWMck-FTlGMt37_ZjeKPzbQ36tbtFQ7Zlgab1KoalgJWnQHhA4B1TQ==

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://r20.rs6.net/tn.jsp?f=001urawXrMpVkklrOpUORuFONy9gcIYa0KsgeGvafUbtIKg3J4xdreebSG3hquBmj3EtHSVKe0WbtOy4ozYOu6hNjGRDZuKi7AiwMCHg6cVjdTP20CNFfMGGWibPspObLoyzEwGwlWnWVrrKx-24Phgu4QTLDQvknAk6lesEmT8SGczmyrvzL2OK4qpIG58ukzbt2pjAiumV4M=&c=PakOJJsfYhCR_deHfbStWuZFusg96jRk4r8YPaKSxt6qIl5jnt4Beg==&ch=RWMck-FTlGMt37_ZjeKPzbQ36tbtFQ7Zlgab1KoalgJWnQHhA4B1TQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559415543550762"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1124	2296	chrome.exe	87
PID 2296 wrote to memory of 1124	2296	chrome.exe	87
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 4888	2296	chrome.exe	93
PID 2296 wrote to memory of 788	2296	chrome.exe	94
PID 2296 wrote to memory of 788	2296	chrome.exe	94
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95
PID 2296 wrote to memory of 4200	2296	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://r20.rs6.net/tn.jsp?f=001urawXrMpVkklrOpUORuFONy9gcIYa0KsgeGvafUbtIKg3J4xdreebSG3hquBmj3EtHSVKe0WbtOy4ozYOu6hNjGRDZuKi7AiwMCHg6cVjdTP20CNFfMGGWibPspObLoyzEwGwlWnWVrrKx-24Phgu4QTLDQvknAk6lesEmT8SGczmyrvzL2OK4qpIG58ukzbt2pjAiumV4M=&c=PakOJJsfYhCR_deHfbStWuZFusg96jRk4r8YPaKSxt6qIl5jnt4Beg==&ch=RWMck-FTlGMt37_ZjeKPzbQ36tbtFQ7Zlgab1KoalgJWnQHhA4B1TQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff865049758,0x7ff865049768,0x7ff865049778
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3944 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5540 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:8
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 --field-trial-handle=1864,i,2751093813245744229,4407676633117014767,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x3d4
1⤵
PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
2c154f04372bd0f3cd6706141abc49ca

SHA1
62610a1fd60ff154d9f707fc7ed2d3f4dd7a0884

SHA256
16492c18d2b947136493023fa632cfa984c3117273844e817366c7e2c24181e9

SHA512
cdc4767f2c41b4377767953268a61c6cbb8c91be0ad3f87cd7cbd3368ce343ff83b059d1acb3c4cb180fa694560b6b9e2085de47ddcd227263f8ad2434dad974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5d1aa0c6fb0a46142b396e91ca66c9d7

SHA1
b7e8ef0cad4ecb8e618660180e6ce92a53a62a6a

SHA256
c929c0a387225cdfbad94b9b69381fd41c2aa16ea5f3fcad266a687e0a5b713b

SHA512
3e5f3824beec932dcb142eac34385d932d08fd7c0701bce4f1a43cac13a2d4b5421e0ce16cef6695a0b5879f71bf470052a56125df38bb24e917154272734d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ebdd848d6a7f8dd50775236e7c2ab174

SHA1
e2d5097c6fb5c331d0ac1a69701baffdf1974d95

SHA256
87a6a6fdec2e45decbe7b72ce918722b7a7c2abc390a9c0420542d34bc226666

SHA512
304abb6034c9a4534ed631a61e027208b595c8041b196fc9ecb00d17fe20f92dd6a6096f4624a335abd45fa11d1bbc5f05ab0733c3ae31d11e291e636ac66307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
18d9d3ae5814f81ee0e62de2de901912

SHA1
e0b5ccbb0da08e27a4d81a8285d05ab68d10d306

SHA256
93f09f1e87ec6800f1f468e65fbb790bb2589617f2550b7f8d347f68404a4751

SHA512
272a0bcf915d4901ca5e6bb91dea4278ca9bdaf01641d24fc907dad2595d09f020c2644ec474930a9bc84a50f5508f76558f3b6e9efd2d4db376a988d0814d8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ff4d1270ab7ed713a411c7c013278a11

SHA1
6f44076b5bf6b37e9b419165a833b7ed37bc5a06

SHA256
6084463ea0716f9d3644faede433e35ac35b45d9fff199c0b7df25f815f57835

SHA512
f9423a4e581aa5b9e7ac5c362a8068c15303f5d7dfd814e5e1bdc7884209786542ad064ec36d79a9a212ac02300e6b9512ea891d70eef154776daaeee14e92c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b614052bf034af8b8abeb43839eae2d3

SHA1
d30193a89ea9a56f8a7d5c3d2b6f7ed3144573cd

SHA256
fc121e0095300bf47790f3bb865dea9b1b421bc11f2e1ecc76864072b3a2666d

SHA512
2f2494023ce5523d6ff2380edd324646cda732c78347b765b4b04813116afae453a727ef182605225e025d4d22a976bdb4448a58da845e79de8f82d55ed409d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
540b1e1e6001f125eeb4a6c2acdf6aac

SHA1
2492f8d971911049de9287c43e5fbfabf0aed625

SHA256
8bc4ebb81af352149fcf7a90fda087dbdf24900e87f4b1f867746287477f1790

SHA512
2bcaab2cb488d0c9e52f9003d447430fcf47c3fbdb21abebd482286012da4572cc58c23cea57876b2a64f8545991f2d8b3c4c41a74d5db0a15fa65d6f56cff07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1782cada3fcef03cac10e28b02cc2230

SHA1
4471edc2431e7cf3f17badfc5ec3cd86421c5aa6

SHA256
e9524db5c4315faaea51d58352b0d199b1c8db06903f31700734cfc2816ace30

SHA512
636740c4fd65aeb985c2e9d45495a019f2341d7e4b2eab6e64a89d12cdbef0b4146c381b0454feb533b1ae08a198be88acdd23d35565294e3615211ccc0c72a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e42e8e9ea62dabaa2ed899ba8dbbf480

SHA1
ad712caf048ab68c26088fb4d67aa2d782375314

SHA256
3d24308b66e580d88fc34ee6a91f24b54fef6c93b719614e8daa1205c7b0f5d8

SHA512
282c32b8e0808c4051aa78aa8410ff5385929a53b6ad672b264058065180bb0a817a52c69b6d0a06fbb5677cebfcfe2f80470147b30f355c190032b16f15b566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7c280be47be4c16cb172079d6c100f5b

SHA1
46fc8ff2aa9f6f80e93431234a2c6cb918bab1fd

SHA256
c5b3cc323475060b2a9fd78aa465bff4ddd8a732497a5b8447dc2ee2ae845102

SHA512
79b3971fc93318409e57b2abd0e94e45215a326e12bea056ea79a0541e1b80d341b2dd9801e48e11a43f63b73511de4c6297aec78ece5ae73f244f3487e9a38e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5bb7fb12122bc403961461fb76aa9b6e

SHA1
8c3d278038f9f056341b916d62e120a5efbda9a5

SHA256
0d4ee7bf4a995888717685a0ef98276e0013a36c5c874b85bfed4ae76ef6b74d

SHA512
a7a4d3ce86c4d8a7f7fac8bb8d56dabfdacc3129a11e53610f122419e0b639d31a608abffd1f572d35f88e6e6636a18eb8c3b4c230ef06fee0d52af4ba0de4f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c45f99aaa6ff882580ed60eb3c162ae1

SHA1
99dfb5d089ea9609f8291d8e5a7ba14b0885de35

SHA256
7b24a5734e36e1e82c037a48215b3807d70d8fd4da34609ac4e6e07ae0b9321d

SHA512
9e6e80554f881f494d47363d32a6a696c72e9f823dd5917e7328e60c998efdb8e037968df3bfa995281b594df3c6329189070eeb56a5fe5c0342942707f5e118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e88f209ef9072021bb279a8f203aba1e

SHA1
e1d4ee4b018f2e33e00fbe773a3ecc1c9620125c

SHA256
14834721fce03c29b9fd0ff71cc5c0f65003fbb73c24d1de3d8cec18db8af59e

SHA512
2a169ca60076ba8959d9e22240643b0a224c406e9d189dfc8cba41b3103a4594e94d4b413cb21427b6da678eac323c8f7b13a191cd91c99a7aece5c84c4da7b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
d32d1970eb5d901361417fa136d12056

SHA1
7843478445d029660e3acc08a033912aae9761f8

SHA256
56f183ddfba572fa8c2d0c11d37292a5900b50e9b6cf35399d9993abf6bf57ac

SHA512
ae6b100b931e3d7332403d36e46ecaa1b19e5c39a4a03db469b4786548c10ab381187ae574e4d4f0d578d58d8684768a7bf7ced7a138e5b29c04c8712b3e8135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit