hxxps://docs[.]google[.]com/forms/d/e/1FAIpQLSc_YPtZkc6kHTOiJqgodZIguascCAPTbAReMqAlgetWQpl29w/viewform

Analysis

max time kernel
599s
max time network
557s
platform
windows10-1703_x64
resource
win10-20231025-en
resource tags

arch:x64arch:x86image:win10-20231025-enlocale:en-usos:windows10-1703-x64system
submitted
24-11-2023 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/forms/d/e/1FAIpQLSc_YPtZkc6kHTOiJqgodZIguascCAPTbAReMqAlgetWQpl29w/viewform

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133453242244506263"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe
Token: SeShutdownPrivilege	1096	chrome.exe
Token: SeCreatePagefilePrivilege	1096	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe
1096	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 3248	1096	chrome.exe	71
PID 1096 wrote to memory of 3248	1096	chrome.exe	71
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4940	1096	chrome.exe	74
PID 1096 wrote to memory of 4480	1096	chrome.exe	73
PID 1096 wrote to memory of 4480	1096	chrome.exe	73
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75
PID 1096 wrote to memory of 1248	1096	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docs.google.com/forms/d/e/1FAIpQLSc_YPtZkc6kHTOiJqgodZIguascCAPTbAReMqAlgetWQpl29w/viewform
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb970a9758,0x7ffb970a9768,0x7ffb970a9778
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1848,i,3616037338603406630,15117860014841938414,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=228 --field-trial-handle=1848,i,3616037338603406630,15117860014841938414,131072 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1848,i,3616037338603406630,15117860014841938414,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1848,i,3616037338603406630,15117860014841938414,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1848,i,3616037338603406630,15117860014841938414,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1848,i,3616037338603406630,15117860014841938414,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1848,i,3616037338603406630,15117860014841938414,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1848,i,3616037338603406630,15117860014841938414,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
fcf51a709d1e6791d78d939d2fdc8216

SHA1
5aa5c494287ffc035118c0f3753df76923b718b3

SHA256
3ad75388a0bdc3dca2d103557990c1b4575c98dde77b67285856c6f5721ec9cc

SHA512
96593bc7e2bc63d9e136460acce36760f65c5d8f59bb688f0544aebd1637e339b5c36e4a69d6bfac42740d1276406fd4b349951a04fbd910f5d3d6d446066391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fb46e6d0eab0bae506d4322598ed4582

SHA1
3469acf8789b113eb41bf893b305d903ce97acdd

SHA256
c8318ecf2089185f5ff90695961f98715ff3d8548a1a54fb55fd9e9d1ceb13ed

SHA512
7493f8b87ad676c05bf45f00c5ca00f6c86be97ce7e4bc9d5253473ebccc82b2686ceae9e7e42af956dd18b5c5cd85b0aff76011476f3acb8ced3880497f9119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f8ee2cd62e6242c75a4f6b5db2ceabd0

SHA1
cca0a4b418b3418a9b411e9f9377efe31fd94270

SHA256
259036af3475b9eec3ebe4f1c4d5a98a4289d31f6f01bd72056e993188b24942

SHA512
ee4151806b471cf7806f4a3a79aa5d3a69c5cd66d43eb801780cc121b1b6aeb80ed115e4839fddd24c718cda2381dd173c66f063e27eefb663fb5cd31547f4c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
07d749c8ce7f9853b6116ce32184b8bc

SHA1
45ae0671dbf0689bd166dec82cd2422ce76b1cde

SHA256
b949f1ebecedf836c3f339c176d8bc71a98af58472a296f150c2b839fca0c6f7

SHA512
9ff1e2b84a15d4379c64316810b281f38f14a37f64b2226eff9172ffd2f722901d8300a79c347a31d226c1322ee8e3bb75a0943a68f6aa40d92e3de8d6fe9cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bc59f7f9caec77ebf370a5f57f1cd098

SHA1
f8ce6abf1721fb318e0dbb19c7fdf0f0eddc0d3c

SHA256
03e504ad32688dd7702a1b26d19ff26372acc383678c02d3a87c5664ac97120a

SHA512
620bafec8a8a43960cfb69a08591c6f451a7760a7ddfe8994a881718ea74d8a1d31dd8506fa5e590e034f07864ca2a4eb7ddcae22233342d201fb3f2dfe45bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
93a7c23d8e4ed52cea5bda4299bf2e64

SHA1
685ad07d4a5a52282bf267bcd26498b7ce9e9797

SHA256
425123f1d4cbea4ae117b27af421fca0d78215ec20668c4eb5d38f1fddccbd51

SHA512
37b745513c00ef0c69725bdd761cbd893b34717cae0bd93df7c90dc4c1c2b1e8d3513e830ec7cea16000673564c9a2fdc1c863aead868655efed389ae259b6a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
80e746c2f566d87d64d44cafb8148b5f

SHA1
4003a09f771ea7532afc3e586e9b2aecd0734f70

SHA256
fe2178530186650ae621dcca2165f5643fe05096138bd0e7ab6b0f9c678adce2

SHA512
be63044f23a5639707832e9f5f7769a1f39d9300c8aa938e4701216f2d918efffd7bcfa953254b044136aa635e8693c8b7ccb049e0ab856746bfd04076674d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a07bd32323d1fb7fb1af59d15235f0ba

SHA1
535bc42fae7b1269948308e0d082607aaf2b7dde

SHA256
f74cfacb130acb6a8fdf0d11d15bf3622a86cbf8718f7e60f631ba4fb46720ea

SHA512
bfd1b1b0d5d33214b0b855a9685c35113c3558e3c8dac31dd0e285cd8485e6c5523e107d6fc98cacae0bf4570c15a720363d3f19ced5a7a6fcff781417176885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
cb99a3804355cec33151f92229056fca

SHA1
0eb0342704d984e45d11480afa608040141e9652

SHA256
c3b843cae337f91aa7f88314c4d911e6b1fcc689c687238a2a139ade3858ca4f

SHA512
ec9622a26c582db3260487957be6730ac07074796da8d27b29a777f2f06a2c6b5ffb759585487584665c4a2eaafec21079331a61953ceab9e9b943c2a95ea765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
851826b47d9f7beff85239eba5829ff3

SHA1
d5a2588dbc71eba9cf256c0ebccb5e09965cb63b

SHA256
03963e939a82e20944202d43fed9b7b52885c9d7ef35f8df2dadcf4d8c50847c

SHA512
b33b2aa05ebf16b3e5a95308caec06e842178d93b63f6016162afa13301618a8ad3fe0904efbcfc540a2dcd1b15f94da451d23c12bf0c11ab1d8c72ff359b31e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
87d7c8ff916c0e60058b7c1ce6fae97c

SHA1
d7838b0ed67b5f09ed771a2f165957737e392fdb

SHA256
14eef2f0dd1eeeec40596d4c824429f020aabdcad7b92e79249330060722c0a4

SHA512
c1862264ff782b5cae80c39751da6fa4d2dc09f7823954a35410fe1c3d7b27a55ca4f90b4b68019f605533741db89d70a5c78f11e8c2c5c18b4cf55383b18dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c1ae3517816ba4473c59581559004704

SHA1
f4ecf983c391263c35cb9374804abd7ac08d875e

SHA256
2737b0d12d80667f6ee5e09ae27442eaa0518f6438ea2f5c809221765c2395d9

SHA512
6b86a7aff908be7b30e06dba31b05f59eb3be35e54508b476166716e85fdff7535522b3e7a274258a71b9a99b3ff3486b7f06b532831c8c7eee2d402f4dc4e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
c5a71410bf24163ae181b2e7ad3d65a5

SHA1
de8b52b1cc92e5c9b27b0297f59deece2eb277c1

SHA256
3d74ffed42554cdb0c5200ee9916cc983099686e98d94bf73135fb73e37548e5

SHA512
1d9653f4f097addc7177a160ca2511cc89f8e65f82861a0835d8ecc0ff874919d84bb5de65605284c41d9083dbc8d768ab37d7f42104de9b9cd085ebbac9741d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit