hxxps://docs[.]google[.]com/presentation/d/e/2PACX-1vRfdzDW8GRJ8-cJsMJr23-eBDab1OuDHbnKlHbysuEh_75LvZ2KLvsnUasapz9jqe6QJ3N-q6HmNrC2/pub?start=false&loop=false&delayms=3000

Resubmissions

27-11-2023 10:58

231127-m3asqsga58 1

27-11-2023 10:52

231127-myhmsaga26 1

Analysis

max time kernel
300s
max time network
281s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2023 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/presentation/d/e/2PACX-1vRfdzDW8GRJ8-cJsMJr23-eBDab1OuDHbnKlHbysuEh_75LvZ2KLvsnUasapz9jqe6QJ3N-q6HmNrC2/pub?start=false&loop=false&delayms=3000

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133455563570502564"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 2424	5072	chrome.exe	47
PID 5072 wrote to memory of 2424	5072	chrome.exe	47
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 3764	5072	chrome.exe	85
PID 5072 wrote to memory of 5092	5072	chrome.exe	86
PID 5072 wrote to memory of 5092	5072	chrome.exe	86
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87
PID 5072 wrote to memory of 2260	5072	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docs.google.com/presentation/d/e/2PACX-1vRfdzDW8GRJ8-cJsMJr23-eBDab1OuDHbnKlHbysuEh_75LvZ2KLvsnUasapz9jqe6QJ3N-q6HmNrC2/pub?start=false&loop=false&delayms=3000
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe03179758,0x7ffe03179768,0x7ffe03179778
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:2
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:8
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3352 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4536 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3192 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5080 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1708 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4532 --field-trial-handle=1872,i,17105349799260142957,5537570093623672209,131072 /prefetch:1
  2⤵
  PID:1464

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9ec0cbfa36756efca954dc74d61317be

SHA1
4be7aa0255f93e0ca2da981803e5d007e35022e8

SHA256
4338c8b5b9e0829ae5e2b9f48c033f2b9c439dffed594b14456065001be523b5

SHA512
f6c1148e797ae796f8b941fe2a36d2055d02e11a81af399412174c6da6600fa31c98a0aa8b879ae6e6512d9b23b06fc436a800bc7a5f5a81bf58696317525636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0bde2ce5-8482-4bf5-90ed-4cc24caa60e2.tmp

Filesize
2KB

MD5
551e2ec27cf38fd43f1dd239b477c7d9

SHA1
29706fe7145ff439de8c2202b6861f963d34ae3a

SHA256
511b63f4e5c224964d0b6ceb30709629e52d440a8981769bee764c551f45c666

SHA512
c7a463444f4b0fb6bccb71e36174d100dac27a852b91eeebbcd9bceaa613f4020041604b5119d80d235861f5c0d11c378c912afe095bc2ab965ff4872ec9d8ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cc5b4b349ec036a7537aed57c19fb170

SHA1
4717fb155b62745065901e444d9b695e4b2fb41e

SHA256
dc61fe77ea2dc777519ea813acc2bece351cdef709c505d08634f21830162ee1

SHA512
c545982d977ccf708f25d6e7a16e270d03c07475e8299478bc988866dce8821158d8f6dccfd687d4ccbaf49d03a0d436887f9ead198bde4b543515c20b9fe9a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
22a7f11d03fb7bacf90fef6ed4b5c6ed

SHA1
0a8de7ce569cc3fbceb07e9d6ea2167a061b8702

SHA256
047ea9f6c964e4976f47a5b4eaf056f2ffdc7aed065b2d2fc5606a2caa641c04

SHA512
188e762b6288882db47c4044979b9abaf97f2ceaf20b87c4e4c7ee4620c9cfaa4961eeb5e9836c5fbc472a9f526616b340cdb1020aa2258e01174e2bc903ad76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
110e3a553facd51ca8b2cc039c3b9818

SHA1
a076ca15f916da3a76c220e3c6322d8bcbec9c16

SHA256
a1705d1788d2199b070d1018b75820a893b522891c20ea218ca6a2e9f0639098

SHA512
9fe1534996c697633402c7479a6e3e31595dfdc104837946a36dcdf877e3c259fa09a06c87d8478c4ec88a1efbcb313db8700722548470750d5159d38b207071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
8ef60e89127e7a17b2a52470c13c5f2e

SHA1
ee2eec19b439e1855e20b5fddaf69afad40bef9a

SHA256
e55e3e4f8bd943edba6d20b376e5e0aaca7b5ecc39c81da052b7df73bb9fa342

SHA512
395a5f54150609ebc75375723c11fecf232f04636e971d7b227391d8a5a45250cea8323a452d01de03fb8662c730990d540adda1563527ff730dc9897e0d645f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
08c2146714bd16e6adbd64e75e3b8ea1

SHA1
33c329133c39dc77c4ed63d47d86ce73c29a031b

SHA256
f44273ff0066f77975207770e8b347cc8ce2b97b4c3d2e283217c91b1c792e98

SHA512
eabd2dc68e612a2bf386ab9c84d07e035d070f868ca80c630590af47ea625595b965fbbff0507c581b19a64391bd5fedbab1707c0e0cebc380ca30626a9448ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e616890d-4782-489c-a09e-e80b5025c324.tmp

Filesize
6KB

MD5
bc6f546a3b703e95a5e83d4c940cd1c1

SHA1
39c7272fdb53a64aa5c4c3c3a9aa828f0b18499d

SHA256
a8e735e26f49d6dedac3f461fe2f68184a9096348b90aaf16541802377a8702d

SHA512
7bdf524b749c5740a9e728a8e6ef0003c8e1d4bd7fef34734f4cc7e46db5761cb03e5c43719d6f734fe8f53e2ffd67d82917bb004ac21539b889ea1fe6cb6652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
944145cab78fd9860ef3b8968a6ee779

SHA1
f94f631191af27202ef4a336f5319cc229b5d8d3

SHA256
fc83ad60836a78b529b4a4f7f7e0942242f7b864175f9475bb25045192bc98bf

SHA512
3b7323c56c8848640db1c1044f0e75f70fff2009b642fbbc16b2adbeb62ee46944dbf4c3ced18dd951c3301dcd0ecb015894e60f5fc647b019f019bba7ccf24d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit