hxxps://docs[.]google[.]com/document/d/1YQFk9Z610_uycRE9m3OA4WPGAehVXgGeST0s1Kuk4fM/edit?usp=drive_web

Resubmissions

05/05/2023, 20:24

230505-y6qh5scf95 1

05/05/2023, 20:03

230505-ys3xbadf2y 1

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2023, 20:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/document/d/1YQFk9Z610_uycRE9m3OA4WPGAehVXgGeST0s1Kuk4fM/edit?usp=drive_web

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133277906559682202"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-144354903-2550862337-1367551827-1000\{F1EC00DF-1D43-442B-981E-C07A45FE3F8F}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 808	4600	chrome.exe	88
PID 4600 wrote to memory of 808	4600	chrome.exe	88
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 3208	4600	chrome.exe	89
PID 4600 wrote to memory of 548	4600	chrome.exe	90
PID 4600 wrote to memory of 548	4600	chrome.exe	90
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91
PID 4600 wrote to memory of 4104	4600	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://docs.google.com/document/d/1YQFk9Z610_uycRE9m3OA4WPGAehVXgGeST0s1Kuk4fM/edit?usp=drive_web
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8766f9758,0x7ff8766f9768,0x7ff8766f9778
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:2
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4728 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 --field-trial-handle=1832,i,10492228738670209186,1379415075731874933,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
b593965190cc52453a88b12ec65666b6

SHA1
b4008b132befc22f6d392c6989f417b6454d873c

SHA256
39d9f85f75f9b5bd63f63b594abd5f5af53eeef26908f6448991c87c9c5c106b

SHA512
8a2dc1666db2d427af71e0fec20ec636a5232df5a73e9616e231ac279bd8c752f06b2be026b72f0d4246de213ec7c284f28c800305c50a243abaef437210e67b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
3d49a11808d5fd8f0540e8c06b5b4939

SHA1
ae54a7ab97c1348a588550014c93b9bfc3eef8f2

SHA256
961dd0f3e02fc5ca65fe013c7f1118a477b50d03d80486c204d2a7cd00cfaea0

SHA512
b0da04dedfc85b1b75a3e9d5e35f94461ca6d54e99f07bbdba740d8738a2900b50bb6afa35537cc42ad7f22d3c31515542a92e6bada042beb6affcb7b9aba80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cffbc5d0004aab1bb10703aecab6c119

SHA1
1dab61a6587c1ca7d7649ade612e968346dc05c3

SHA256
4e0f29d00b9ee203b25caed45ef38a33c864d5b26ac1a7f39af63eff5bb6e6f4

SHA512
810b772f6bc3a09e844b939ff71c5a84de5a4d482e331afede622f528b4c97d79ce808f54eb7d58596147822e6823009b06323316f44302413a23c731aaebc9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c0f00e903815762a5af1e21159c604e7

SHA1
d15dcfdd5a61b9277dc8c04bfc9466de5de7f1f7

SHA256
ae4bade35698b70fb93c5842e26f19015d3b0ef7cac6785c72afd3aee268ccd5

SHA512
7a68aa4b067a838c4739a09b35e5b7861920d0a4cdd7c6378020a06ed1e0e21a87a930c7bd4ca1e5cbf1cefe09bfa0de1b9565ae1d966fc3eaa81cd8c0a4fa29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
621e65404d6c544ad6273f88502589c7

SHA1
aced04dc05af9e6e0be52565577eb71c1b6979be

SHA256
36e08a02e413364182048c295a2f8795388c3388caaf03a31f26d638bc313c4b

SHA512
69ec2cf667cf0ceaf89c8f0f8ccd8e10c11dc3a837f2afa0358322077504f1726becd45483ee41210ea05bd5b65af9fb6cb83d912aeb222a6267e15d6f61957b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
49702e052602de29919ea5c5a69188f0

SHA1
3ae2a41653326ec557d11a7cdc9eaa4358c91330

SHA256
63119600d4958ac54169b088c6752cd531a1cf17d80eef3bec8faedccd47daa9

SHA512
20b28a360a2be785643ce498c4585887f3583d3c534a26556f504988c1c7e11e672b2a7ad924fac9c65fe8028c1522cc9aff4ecfa1907a0f507ac65d5d2b65f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
bb37683a100e711f12576285fd367a1a

SHA1
f4154ec183099bc796711201d49397ae814c9344

SHA256
5c35a5535ac893b68a992ca53cd86dafcc51a432a974ba62a423223c27182d44

SHA512
c372b9b0dab86b9bd3da39f08258b0643693318496c3f55d42d165d627c5fa0b5bc195f15f6cbfd6d9c923faa1495b0fcb276296348d8c13e348928d0982a990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
67ee92be5bd4d2ddacc0c0c99b679087

SHA1
286b23265568b0092ca7755d0476abedce93bfed

SHA256
807a63949778e5918e75d0af8a5c7cb8bb9c8ab6aa46e023c675f25d6f0d09f4

SHA512
68cf148607f248eccbe3c4fe54fcfd25b9caee44b66a6b674873e5b652f5d56c3015102f64056b026eb7763787781704e281477fe6eb1333448fc50e55c4ea22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
ac88ce1cf66c89efd22fa93d8ba3da72

SHA1
9199fe4a91bf9a5c694cb14d65bb20f48421cc9c

SHA256
4e8e035d19845ed76d9642416a2cd20cffeb1a1414c843ffad9b909aec719b1d

SHA512
bcaf16a7663de4e79c8e36f4f1c3494a52c0debf880c5bcc2c8f0e628eba2885798adc35376cddf3fba8698ba21b35bf972af3db81df014dd1e712759f84eda1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
4103c1bb0df189bd9da7f9a1001a0df6

SHA1
edfeb2612e5cbb4e20b4adb27ba7ab791c235859

SHA256
9b82405ff396b34d5c1e15d367a147ab237118e598f759528be9f2ebab5ae45a

SHA512
b1b5629bdcace77d7ce4e14fcecb773ce238210a08f8d82741b04c9d6d7531921b31783287bc2a419058ebe56f156f2fc499dc2a5b2772a57ecf1ca2ae34ff25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8402b4add13b27e7176845ce3d1b9fd3

SHA1
504faf3dbf9bc137aed855fe600a7b748044b35b

SHA256
5796995109cd5ebc055b729f5ebe9bb2c4a21ab8e5b88ef04cc5df4486f582ec

SHA512
e67f1e335507201f050a2d7fb6723ec6f53005431fb8d44616d707c5e78c9d0062224572560aa8261057b0da8bdeb5ad8fd4b6c4080fefb844e74972e552d104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54a2bf337bbfccf9c62218d1ce6c4440

SHA1
b8954a0353d4ad90b4a52a1f859ed8b9e20f910c

SHA256
a6cc5a90d3bc82d598adb49a26958cf271ade5ad3551a56f3c83b52f813b74d4

SHA512
eb7222c7417cfa756d73f3fd538b4b7ffe37de6c1f722a63b7ac8a9f1670df8e015f499a7ff3f62188ee96efbb14fd27b3ce6069c03d3490e7e5ff593fffd1d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0fac62ff34ff0a26f288565d4c0755d4

SHA1
1ffea9e3013f40c3e9eb4e0ca49c964b429b0e8f

SHA256
afc2d4436e9e5e81349448293d5d4ef404253f7f841a88dc18dda149a91acf4b

SHA512
7e2d2ee5ce1fc3454d7f055e7ea1b0374ce6d9d84ff89c01b92c7ff704adf14f8f8f2a7abd1d22e7764bc47dfa7454f10cd0d6882301489826e5634d1c7a1c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
68dc6f4b1b11f57aad6d85a9d2b0fb91

SHA1
7d0451edfe6f00858a4db423c068f23e55e6b92b

SHA256
d11f42fcd949d1d36b90172b0854d70b437991ebacc3e93fd843fb0847d6d9e4

SHA512
f3b512bc5e35b91d01332fe6cba245567a0445c21e91997ba0d055c099fa3e214f0a660ccef887622d767015213ecd956601459e9e66193361f67ffdb5c95e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
3fe73692b5a8371d274c98b0a4bfa2e9

SHA1
9b1134ff7a86c24d24b0297f2ddf2fa7d6175550

SHA256
82f35e682ee7b8243f7806eee32a6adb8f827519e7c497edcdb7cf7f967d358e

SHA512
c458dfc0b87e2b1222f7e8b22c7347d11ff2a0b321e9dff916aca84e8e3a1deb609fc2baf2ed596f0925315301604c7b60905e575e728a236ad53fbad1e5ab70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit