hxxps://trk[.]cp20[.]com/click/gq9x-a048i-5pexy0-p9ws0w8/

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 09:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://trk.cp20.com/click/gq9x-a048i-5pexy0-p9ws0w8/

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676687827092219"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 2824	4460	chrome.exe	90
PID 4460 wrote to memory of 2824	4460	chrome.exe	90
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 1892	4460	chrome.exe	91
PID 4460 wrote to memory of 4668	4460	chrome.exe	92
PID 4460 wrote to memory of 4668	4460	chrome.exe	92
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93
PID 4460 wrote to memory of 3704	4460	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://trk.cp20.com/click/gq9x-a048i-5pexy0-p9ws0w8/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff8cc8cc40,0x7fff8cc8cc4c,0x7fff8cc8cc58
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,14306293886147611286,4326393296299989799,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,14306293886147611286,4326393296299989799,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,14306293886147611286,4326393296299989799,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,14306293886147611286,4326393296299989799,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,14306293886147611286,4326393296299989799,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4376,i,14306293886147611286,4326393296299989799,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3380,i,14306293886147611286,4326393296299989799,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5128,i,14306293886147611286,4326393296299989799,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4740,i,14306293886147611286,4326393296299989799,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3444

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4212,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=3868 /prefetch:8
1⤵
PID:4216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\23a3bc56-1307-44d0-bf01-89bc0d3d53d0.tmp

Filesize
9KB

MD5
6eeb37b0d81dc9f46c2dd8611136812e

SHA1
054dddaf6514c8aff7d2f5dab75a670ed47aef46

SHA256
fd0ebc71a62a4351aae09e2c102058a43b79ffd5d209e21038bffbac963360bd

SHA512
c25268453719bfdf1d880aee9c9951f7a1e272f7007922da185839e2042e0922aa047a31af9f25b250dfc9c1a179b6a7289c81b386ca74e78679a4872f35fdde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1a9766c7ee39b74f3a27c09bf7d408e5

SHA1
1a98ee4f0acf389e9dcb24d78d8a8d5f4aadcf69

SHA256
cf8e558ea4cddb962f64c1df3a1ad5f738d77021144c59de7127f3705914035e

SHA512
ff60c0dcbf7d150b63f6726ab5083844949976ddc4cd7f35ef6e38e2179c7099ef40a45ed89da25e87707595bad5dcf3842d26486326a07d58a24d465f1479bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
9d24b9cebbcb8e1a4979496adad5df71

SHA1
40105787c0e2d1546413ba4462ccb85d1c6ea6f0

SHA256
e8b72607f059af7f40d356452b5c3c231a4cbbaf5a64dd818c409fe8741aa9c6

SHA512
787a4738bfa05046ac094764d8985f08fbbc48d06f941db42e9666e56c5e704fff5bc42b8d0d4f3c57a0e0bfe867b9e3663a11bf59f2d89309f055a95b941b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a779981426bdc2c2bf19d2030f40403a

SHA1
56386afdd34174fec38c1596f9a11e47651175cc

SHA256
c3bccd079d4b7d56279e46a6a9521c616539b8da8e9d5097c70115f9c4137491

SHA512
c823ef326d4dd9ba0da8add63d6dfea454f9205340a88942d394c92cd2323ee52b995ef8a3eda4780e0f1a37f98c8c369f071c971ebc6955db9ebb66e2323308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c80ef0eea3291673d2ac3d494f4ebd33

SHA1
9f6341705de514147968799162bd085d745bbe16

SHA256
3248a3d432cf03eebb2c2cd3c70a15613541636fd2c56f2eb8556818dbe58fda

SHA512
d73f304a05b48fcf25eb823e18a9dcd6ffdf05d4ed90230414c14b9adc1b659cebacbe59136871691d1b298a11620cb0d78686f987a174e7ef19113294305b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
abff03c347f44cc796d1912d8dca3c12

SHA1
de2b7cad322f3bd4f049a34dc8dfabe5a66bd0bf

SHA256
8d2c012f7d5ecc2f1085a20a8ebf12bb3908bbc595dd8a4c1f836b0e0940e04d

SHA512
9b88baae7ddb2a44fea29ae3b063f85e25dd8d33a40394f7eac3558a52f057bd07b7ec956736069a8e9bd368e59898100876afcc072fb38f8a866dce4fee7ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5baf6902bc584df5936980ee1bb226ae

SHA1
35a9f19645dfb8f20773609dab081143ab3d1442

SHA256
2425efc144b8056482486ffb12f1354bca1324a5fee78c8a9613c082dd111c76

SHA512
89c267b87a40f45f4b053742b455fcbcd5d7121a25a55f94cb5e9166da832786ebae1519d4a842b73f11e19b10e89db95e3d0f92f4965314d8f1358a137e3146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0dcdbe616a7565b8aa23d18a24d7c0f7

SHA1
25fbbed8d16a9fe954021e22d07213c183efe32e

SHA256
a3ca455dd5426798408b3f6f854694dd079a844963b3e99031ec0973814f39fa

SHA512
54717bf703fc6c7da79c0b8f83b939e144079fa4953365b062beb8c1cfa798486ce014a259188c7528bb1e51452227f1c6f13637ce4980182aee72cb9aa3436b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7aaeea72554c3fd9e623ec3ddce0570d

SHA1
5605e43ac9cb3a9984555e6661a539ffb4f7d27b

SHA256
c17307706e178c480539994730f8ba2beaef9dd24a16711e790436489b6e9dd5

SHA512
fababd5710db86bf6130c264b009d747cd8364dc949e13fcf7be12c660b886a601b80eb9ae9761b80691120433b535549d0a052756ddbb86ed53cab46ac2dd5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5346fbca032f797d950f4bcf8f0974e

SHA1
2ecebc747eaa16ce0f5d05c7f7f7b4e18027630c

SHA256
a6fdd8b946a1f71160741b7eba2c1f8a95c378692be3da90845bb3e7fe06b292

SHA512
453acea42293afaa45dd10e55feb24df5561a3911c73b6e43a070a882678d5e786812068cb8ecb3e351dc3ba701ec4d4d6d04572350d38d5f0a066f9c469b6a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ba437175bfd918ac3dcdbaaed559d70

SHA1
c0d115783330f8677fcf9558410395b3ec46e45b

SHA256
cde48ec60c058bb23902a4b3e9ce383e26318bb7cd8c6e8dcc2dcad99fab3342

SHA512
cbad0d894995a7a8d539f49610517c5c56c9b17437447c567478da651da25d50262ea9f0a2dd98bc21750b855f94fafae12e99644fa1097e86805712c09ed482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa5a7d02f402fac28cc29fde23c8f9c2

SHA1
4bfddf4e3cab3787c184390f3316d32c16a8c489

SHA256
9aab36a20342c21aa42493f64f830d17950524b2d583c1b4bf472e946f9b8bac

SHA512
20a0d52862c5c0a5920f5f77a102b361de156ad163e6ea76d1962004e39e7d83b79255ab594a6fd8bed8722c623ca13564b95f48ecf6d6427bb57c4c0dd2d6c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c3ee18397006231d0aa6b2e0589ff408

SHA1
94fe6c7f70484e84eec288a5b857cc35c2f7a8d8

SHA256
e8bc4c5caec0a39dced6123cba5e3aff533d791b3d6a23c9c435e0f016714f53

SHA512
c482e62f1f18bc81e88b3939fb337a27647aecc03dd89cc910c60bbb1a15597f8ed30141637ab4d35b75b5519727a7426f8d5496506d0c055b5c1c6df138a26e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d98bdb3e3210e0e8f6db7730d22c8ebb

SHA1
c8fd5e067addfcd948b7367d8b2b3deef4cda09e

SHA256
019fb5b5c24ce5df2074f1f770dfaeb39b25b1b7663f4101acf1128fb37ab4ef

SHA512
6231350d0296fd4bb28841cd0176e067b7fa29197ed925bea0cbe597787465d60ee8d6f20097c02a14924974456932f77d46afee7be7ff06a0bf7729cf427bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
a16f77a8b8b9602c2aa3e2f30ad9c2df

SHA1
f23a00e2260bc54128e49dd5dfdea8613761edaf

SHA256
f1a00cc24de3792eac2fe71118a487d16052c64057b8f5118d2da2c2d754f992

SHA512
19f779ae9436e24f5b5c90468497e38296a690e2e4f176f4c25a1ade5f7c2f53305d08af7190b42da020da58766d617719cb33573cf32237deb1c4ac528e27ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
bd5dd582c2beab02f6c43101a5da0864

SHA1
55520da7a54ffc5f19198543be73f688862e2f7b

SHA256
ffbabc278629a276f6ec8e562223338c2324b1b6d15045db0168edccce942f34

SHA512
c6ecd527732c6aca37092c7b3fea2d0e072d272a42f4605328004044facb559c49e3a6cdcec818492250ecb4432b9db17dacb22d2ebd65143c46528f3525deb2

Download Submit