hxxp://url5316[.]atl10n[.]com/ls/click?upn=u001[.]ZqQdlgq1feaOfcwOzw0JXWjoMSoi3YY72ElBgYXxAdjKt62ahb4SL1f1YLkEkrVKw-2BrVknJzCfixKl3JzkOCBj2-2FO69aMi2KXqIkKH52xZ8gRp9NKTucoFZYnDwjpt0KnFNM643jt-2B-2F2IcTkThxW3A-3D-3DNi4X_aQt2M55CaW3NyjpcwDSrYhsOkHqQHXYsA3cskQe1thBU0iSxBkU8x7k1xwpec0dmwtHZfG6C6p3GNzbsu2elaNsl4gPsNGv1QdsWQMG3Qet9fTS74Cm3jeCS5HHdVv4YHW61JFg-2BaPZS1z-2BI2j1HvUjGapnRgA0tr083k4z8E2N1bdDtMLZ-2BU57Vb19X9mJ3t02mnBDBMwNhS1hv4xpU7MxDLtTtMnk-2FJpEuKLMJNKeY-2FLU1IKxfaJOqz0dxyTCcnBuLVHI6X67MvW7e487zfbwBtIFDKYpV2P46cOt46bzhm5aGI7DQzOlwf773aPw8LBYFWq9JZ-2BNUbnoARuQsduwzmW4KV6wH-2Fol536Jn4W4u4qBMB96kMBtfLq0zInX2gighpbBudH4D3fxDQmAthLiRQ9oNKX9xwJboUIkcYMIeiOrpMbkG8LDt1O3jrjfV

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2024 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://url5316.atl10n.com/ls/click?upn=u001.ZqQdlgq1feaOfcwOzw0JXWjoMSoi3YY72ElBgYXxAdjKt62ahb4SL1f1YLkEkrVKw-2BrVknJzCfixKl3JzkOCBj2-2FO69aMi2KXqIkKH52xZ8gRp9NKTucoFZYnDwjpt0KnFNM643jt-2B-2F2IcTkThxW3A-3D-3DNi4X_aQt2M55CaW3NyjpcwDSrYhsOkHqQHXYsA3cskQe1thBU0iSxBkU8x7k1xwpec0dmwtHZfG6C6p3GNzbsu2elaNsl4gPsNGv1QdsWQMG3Qet9fTS74Cm3jeCS5HHdVv4YHW61JFg-2BaPZS1z-2BI2j1HvUjGapnRgA0tr083k4z8E2N1bdDtMLZ-2BU57Vb19X9mJ3t02mnBDBMwNhS1hv4xpU7MxDLtTtMnk-2FJpEuKLMJNKeY-2FLU1IKxfaJOqz0dxyTCcnBuLVHI6X67MvW7e487zfbwBtIFDKYpV2P46cOt46bzhm5aGI7DQzOlwf773aPw8LBYFWq9JZ-2BNUbnoARuQsduwzmW4KV6wH-2Fol536Jn4W4u4qBMB96kMBtfLq0zInX2gighpbBudH4D3fxDQmAthLiRQ9oNKX9xwJboUIkcYMIeiOrpMbkG8LDt1O3jrjfV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559951387939139"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2244	3036	chrome.exe	83
PID 3036 wrote to memory of 2244	3036	chrome.exe	83
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4896	3036	chrome.exe	85
PID 3036 wrote to memory of 4944	3036	chrome.exe	86
PID 3036 wrote to memory of 4944	3036	chrome.exe	86
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87
PID 3036 wrote to memory of 3916	3036	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://url5316.atl10n.com/ls/click?upn=u001.ZqQdlgq1feaOfcwOzw0JXWjoMSoi3YY72ElBgYXxAdjKt62ahb4SL1f1YLkEkrVKw-2BrVknJzCfixKl3JzkOCBj2-2FO69aMi2KXqIkKH52xZ8gRp9NKTucoFZYnDwjpt0KnFNM643jt-2B-2F2IcTkThxW3A-3D-3DNi4X_aQt2M55CaW3NyjpcwDSrYhsOkHqQHXYsA3cskQe1thBU0iSxBkU8x7k1xwpec0dmwtHZfG6C6p3GNzbsu2elaNsl4gPsNGv1QdsWQMG3Qet9fTS74Cm3jeCS5HHdVv4YHW61JFg-2BaPZS1z-2BI2j1HvUjGapnRgA0tr083k4z8E2N1bdDtMLZ-2BU57Vb19X9mJ3t02mnBDBMwNhS1hv4xpU7MxDLtTtMnk-2FJpEuKLMJNKeY-2FLU1IKxfaJOqz0dxyTCcnBuLVHI6X67MvW7e487zfbwBtIFDKYpV2P46cOt46bzhm5aGI7DQzOlwf773aPw8LBYFWq9JZ-2BNUbnoARuQsduwzmW4KV6wH-2Fol536Jn4W4u4qBMB96kMBtfLq0zInX2gighpbBudH4D3fxDQmAthLiRQ9oNKX9xwJboUIkcYMIeiOrpMbkG8LDt1O3jrjfV
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff983be9758,0x7ff983be9768,0x7ff983be9778
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1832,i,2230114836595927409,2829732883967809933,131072 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1832,i,2230114836595927409,2829732883967809933,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1832,i,2230114836595927409,2829732883967809933,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2772 --field-trial-handle=1832,i,2230114836595927409,2829732883967809933,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2780 --field-trial-handle=1832,i,2230114836595927409,2829732883967809933,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4712 --field-trial-handle=1832,i,2230114836595927409,2829732883967809933,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1832,i,2230114836595927409,2829732883967809933,131072 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1832,i,2230114836595927409,2829732883967809933,131072 /prefetch:8
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4672 --field-trial-handle=1832,i,2230114836595927409,2829732883967809933,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
db08950b80f850a7c28c6adf4df0dfa5

SHA1
45c2f98d2a33b6013df6860bb5e0ae8bd488462f

SHA256
1ef1eb1c400249fc940a8cbacad46c6869852ff3c98a86d7ae068449fe210818

SHA512
1f5483135c6a83fa5f389d3241263dbf7579a7e77e78f10cd700eee64caf7add8bef3034ec6672adf46c9aac8b6a42f3224b47ccaac90cc348387f014dcb72e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d4388157ae5d05bb8df9f7ccd62dde02

SHA1
a42f8faf7007376245379d444154e2450f67c705

SHA256
938643cfb9888c921dc3ad1a34a362ca28638c493c305a31b098e0de4a9069ef

SHA512
16fcd6a4520c476e1d47f9cb11c460c7c61e96e94b4cedc5bca4cd735f8454ea40b1ea9278d62fe0501ab5b94c9735c24662972b722afa8e3ef2a8f18ff6efd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
e7c98bea8e19dc55d88a7eefbe65f0a2

SHA1
2384f3d62914169eb9f017e4dc821c80254230bc

SHA256
ee9ef758a4b226d2c78efd60682e02dc1084d009cc31b31e7cb9da418b2180ca

SHA512
982d954c423aacee98766eb02a5fb3825cfe16b01aa92626ad363ddbf11279ae69af7ed58f6e520cf64d11c6c4dc8146da65bf8a9bae41d47e8cacd1cdd155d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
023256bfa51705ab11a37749a8425926

SHA1
c5d59a99827740c20bc30d4a186359d43804c3fa

SHA256
acccf5f6ea2f774769916c78716605e341f0c4c5af370667ed43554701986f3d

SHA512
2e00c86d6ce163f4cf2bd4a67d3f596d8ab9203827c73afccdaab8829912033a219a51f848b99c2bba769370def4818cc386d66b8d15715439ce0633a7451a4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6604480720e59d05ce233eb16b8de36d

SHA1
72aea35f86b16d5b76fa2d4092bab83a644af7a7

SHA256
8e31bfe9f28eaed69e36e65b8f450245a86e343cbfc25eee89abea55ed3e0f13

SHA512
91f525d16f538edc6de1bcd3ca7b656d4b602435762b71e7d33cda4bd532add5496458a24e1bea37bcfc8b133bfbb1f3e83d2a9f1960d5d9bd1bdebb93374f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
9dae078c3d49907056d084d0819e2a98

SHA1
85c92b5806301c61c3dc8208e9e980339d215b10

SHA256
54bb413169f1253a626d55d08170cf7b2f8a36f7e2dc65b1e4c46ac6ca86b2bf

SHA512
bb2ea4aeed3bf3374c49b83b24fab489fd60bfa32b2df514841d4e03f01946d4d7d92fa9d2bb3f81dc878bf0f960e302524319226273c73fd05474fb5fcc93b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit