hxxps://cxstudio[.]lt[.]acemlnc[.]com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZjYWxlbmRhci5hcHAuZ29vZ2xlJTJGU2NUSjRTeHVWWkpMSGZRWDg=&sig=3KA5RFu36azgTMUjrYhThwJ9FGtqg4EiyNHekERyap32&iat=1710493850&a=%7C%7C612945596%7C%7C&account=cxstudio[.]activehosted[.]com&email=i4YFbDgKOPv9yzQuKAeizqMBxetY%2FQX43%2BWY%2BIh5AVNTnVk9d3XzpzxF%3A0X8pkFlcGL3aCJ%2Fsw6QhUGWJBvVYZf3Y&s=9caa319c8d4200d312e3e0b3f560b5c0&i=219A284A1A1878

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 07:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cxstudio.lt.acemlnc.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZjYWxlbmRhci5hcHAuZ29vZ2xlJTJGU2NUSjRTeHVWWkpMSGZRWDg=&sig=3KA5RFu36azgTMUjrYhThwJ9FGtqg4EiyNHekERyap32&iat=1710493850&a=%7C%7C612945596%7C%7C&account=cxstudio.activehosted.com&email=i4YFbDgKOPv9yzQuKAeizqMBxetY%2FQX43%2BWY%2BIh5AVNTnVk9d3XzpzxF%3A0X8pkFlcGL3aCJ%2Fsw6QhUGWJBvVYZf3Y&s=9caa319c8d4200d312e3e0b3f560b5c0&i=219A284A1A1878

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133561710505741419"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
3964	chrome.exe
3964	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 2732	4236	chrome.exe	85
PID 4236 wrote to memory of 2732	4236	chrome.exe	85
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 3928	4236	chrome.exe	87
PID 4236 wrote to memory of 452	4236	chrome.exe	88
PID 4236 wrote to memory of 452	4236	chrome.exe	88
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89
PID 4236 wrote to memory of 3700	4236	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cxstudio.lt.acemlnc.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZjYWxlbmRhci5hcHAuZ29vZ2xlJTJGU2NUSjRTeHVWWkpMSGZRWDg=&sig=3KA5RFu36azgTMUjrYhThwJ9FGtqg4EiyNHekERyap32&iat=1710493850&a=%7C%7C612945596%7C%7C&account=cxstudio.activehosted.com&email=i4YFbDgKOPv9yzQuKAeizqMBxetY%2FQX43%2BWY%2BIh5AVNTnVk9d3XzpzxF%3A0X8pkFlcGL3aCJ%2Fsw6QhUGWJBvVYZf3Y&s=9caa319c8d4200d312e3e0b3f560b5c0&i=219A284A1A1878
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c6bf9758,0x7ff8c6bf9768,0x7ff8c6bf9778
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1848,i,5622887859573120080,9581909620865122620,131072 /prefetch:2
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1848,i,5622887859573120080,9581909620865122620,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1848,i,5622887859573120080,9581909620865122620,131072 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2744 --field-trial-handle=1848,i,5622887859573120080,9581909620865122620,131072 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2752 --field-trial-handle=1848,i,5622887859573120080,9581909620865122620,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4660 --field-trial-handle=1848,i,5622887859573120080,9581909620865122620,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1848,i,5622887859573120080,9581909620865122620,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1848,i,5622887859573120080,9581909620865122620,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 --field-trial-handle=1848,i,5622887859573120080,9581909620865122620,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
6d74118bdca1532afe48ee72ad4c3bf1

SHA1
2977cc81e8c4a826ac7ceb402c3f05eecdb586e8

SHA256
88ae7e3f99ffdb4f2109fc9717948f2596e6af05c138a917c647d1cb507e5933

SHA512
fa90f21c20c64c3bd9bcd849a20e9612396d687b1d7a1c32308dea3522cf49e8b25ef528dbd9e3b4d91482a5bb4f268fe75a0d3f418350b867ee32383af59a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
84600d5637e1ee92e65fd4caee832f49

SHA1
2e2788f8aedba5f8ebc499ec950f0be84df2ed58

SHA256
cd5b644d9e9623ca0e70de8208c647261999f5d627f31a29871406785b4ba5bb

SHA512
9e3bbac48ea810790b7c894c703091106c7febffcd7c823e2b020b7118878374e92906aff9c6223f96e2e10108ab73bd16fa93117c85abfe8b57c98413346bfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
45ac8fa4838d0859b1169c88d5cefc04

SHA1
7fb3887e94d271299072e86ac8d74da272c5d52d

SHA256
0791afa6c5bcc2337b77aaa402e669c6fd935b3317616b404ac160f32f56e6dc

SHA512
b2e00c333da9b62c1c4105df5e1d363ec6df0c022c07e48d4ab86b04feaf6c5f01e35fdf987c44201ad7fe95e1f3d1119715fb823dfb256be74db63b14fb73dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ddc15a39227a26436be9276e065b00b3

SHA1
c3cb120e1a96e75ebe7fb4623220401297795333

SHA256
c97cc357414282e2ed589bec38bd07e6c6b893591f52c6e555154dd014077448

SHA512
d7c382fb111972bee21b26246ab1feaf828d9c05ce38681ab590d03397f1b2fc7e15798e3a9e57d7e3687e1be6c3ea14ec91e2a6d0edbcb0e1d61ac35d70fe1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
f1e44a473a2fa2c78724d49eb54e2e53

SHA1
c73c5166471c3362acd5350c23f31640a789aeaa

SHA256
b12d776f937dbf07569d7230d5419133455cdca16af664e32c3fa06abf0f8cf4

SHA512
37094ff404cc5cc3b242b6edd31924ee4d302ea2dac7143802e0d232babaad1d212de77bf68e65c6d52a8f8d169d2bd53db78dd4f8d1cca1d28b9937ea0b497a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
8477480fc178aa304fea62abe4775c2b

SHA1
d1350df1481ad55cb92005fc37a093cadcffcb8d

SHA256
cb154bac5e0d1def0ffa93eba197e379420ffa02ecb5be64bc82c61d364e3ef3

SHA512
5f2b1b76689dfca0d62b199b45bdd2a54f735f628cc6507f93ba2b8ed4770edc03ba0f2755be8405202d652e62d549882b69fecd7afe6fc80757a4b6c0815fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3a0216978f4c20b4f40ed40dc38a009

SHA1
07a900c3b29a933b77ce128ce37e4e561bfc52a1

SHA256
bf1e9dac981aadbefb40bfad92910cb7e49cc77d135e9d8ce32e4a83d7f4eff0

SHA512
1d608ac47a63b5f77dee776a3d552bfd4c797577935423cdaa927c015f83cce2335b88168659b5f703691b1e471f8c6dca6ad02ada7ee9610cdcd8533a050eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c646eba747328d718980fb3529d37f23

SHA1
89bb525703ba54f7b87a47864092a5a99f25c38c

SHA256
7e97d8b4d499148fe87ac8a883a92c9213208872d87596d7a8ae1bf2adca9fab

SHA512
563536e74e0c97308400ac08c66045a72d5b7bfc7ebce9316813fd093d5840e658fa90dab0ff955f56e5fd8eb55727f51308a6bfe30f5f1bbd35d639ad454150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit