hxxps://gamma[.]app/public/Wunderman-Thompson-Latin-America-gp1kj2oizsgpo7q

Analysis

max time kernel
936s
max time network
940s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gamma.app/public/Wunderman-Thompson-Latin-America-gp1kj2oizsgpo7q

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547186572341032"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3840	chrome.exe
3840	chrome.exe
5776	chrome.exe
5776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3840 wrote to memory of 1352	3840	chrome.exe	96
PID 3840 wrote to memory of 1352	3840	chrome.exe	96
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 212	3840	chrome.exe	98
PID 3840 wrote to memory of 3160	3840	chrome.exe	99
PID 3840 wrote to memory of 3160	3840	chrome.exe	99
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100
PID 3840 wrote to memory of 3556	3840	chrome.exe	100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gamma.app/public/Wunderman-Thompson-Latin-America-gp1kj2oizsgpo7q
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97b529758,0x7ff97b529768,0x7ff97b529778
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1904,i,6657330836586119054,17938243919117772217,131072 /prefetch:2
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1904,i,6657330836586119054,17938243919117772217,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1904,i,6657330836586119054,17938243919117772217,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1904,i,6657330836586119054,17938243919117772217,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1904,i,6657330836586119054,17938243919117772217,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1904,i,6657330836586119054,17938243919117772217,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1904,i,6657330836586119054,17938243919117772217,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5824 --field-trial-handle=1904,i,6657330836586119054,17938243919117772217,131072 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4540 --field-trial-handle=1904,i,6657330836586119054,17938243919117772217,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4352 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:5928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3780 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:5532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4222f7140924b27b028530e270eb92c8

SHA1
d101ca58c3f3f03bffdb0d8795e032efdcec76ff

SHA256
3cecc9e59d5f36aeb121cf41f7ec037f6fa2df1e31354f6afa506d723afd9744

SHA512
c1a7f097dbbc4d6c4a06b5cfa440d964c3998971825f135149dc16635ecb86a5dda2a88f2b7d35fc455155d277f3e51bfa751603ce60b7c07b930246fae3dd77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
90bb5f6fd070afe2b5c07a97e9a13cfe

SHA1
6c0cba8f5a819410dc32e8ce014a23f69b225f3e

SHA256
ee49da3d8bb9efadb197a7d7ae2dd5c51dd994024328c226f86051283ae2fd2d

SHA512
2e130869b36954d7be95c7d951e6e55bd9f6b9b8bcfd202c3a2e3d530c47b41e1ab05879c90723d37df109a1e588abf67318b737c683b5ce6cec39ecfec57e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
515a526cfdc2aa1f71915659bb1a5328

SHA1
185adeebf249c5cdabac6ddaf9e1908ae86094cd

SHA256
541249c2f011490fce4ae3d2ed8c0d3680f9246b0fda85b8fad79e1227a61d40

SHA512
b17a06b6731638e8e2ae70f915ab57024c6fd15b15939a852225d8cfc2fbe8f9a02d44c7c90057f9bbb0a2e049f08aafa2241624ecbe98ba04128c2cc4a859ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
cecae34d2228e2db12a0daf00851e988

SHA1
64c79382d8b239fbfbcdf4277233ce06677d5cc0

SHA256
7ff5d643121f296a0771e0068e8015f71c3f05219ec96538d486df45b3839de7

SHA512
6f15957137adb4e268cb95ad79e1c901603cf359434577364af6f6aa79dddd68b0148d7b406c2a60e60322251dea01b0bccab6b5139e1c90749491ff01050efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
78b2ac90fe4b52602733db6816ce09a6

SHA1
c2495c949877a45a7fa2a0743b9a623a1c147c6c

SHA256
dbcdeda29f90b419a73d40bafde30ba6949209c49e8d868fa8ba6890f33c984b

SHA512
883447a76ba7fa2a932ba55b4c32819ddbabfce06a1bbbaa935ed180d6c7fd9ae93637b7a6ffd863a8e2d1811734bd95d4bbd4e70f3284aea2205ffbd37184e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
dbadc732b76a1825f0573cd2ee2ee0d8

SHA1
d09c929fcfdecbe9e2ff238a9b2d961aae3028dd

SHA256
0536e7243f77d6d22986cbf00ddef57b76b1ee31cb328c9bd0ab8ff5b0a10f93

SHA512
ac7efe5ad206b04d76c8787ab0606694d6eca6ad3624845df9af8b292892b9dd9e955e23f223e8885caea245590491c5b8fb7d4aeae02a035a238b95dede7648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a9db3226d3204c6847b9410d3f014897

SHA1
5d6c56b0a92a3d33cf62af5acd5af55e67cacb29

SHA256
399100a4ab32cc8a949105f2d660ff2601c3cd41f3e8d658c55f50c9fb0cfaa6

SHA512
8dae5cb212ada5a6160b1a5fdc882f0efc8f911d12441db228db8c81b5cbff53a426491a6e7eba6024e5d514a20e13eecc62ce8d54cd869d4d03852e568c6c2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d73e60291a6bb73af8773fceacc90893

SHA1
cde1172eea066ff1b8716e13f0223a4cff07a3e1

SHA256
fd005dd0ead0fc91cf33290879724d3e96747e6461d0ad2f556371c24e3e9b20

SHA512
b219f2945c05743cfeee4892b9808e63f4b7a870fc9e00a3db0d2712922e339170cec4d56299b33b096f7369d4f3fbcc0e8dbef1621a8f369e67502672badc68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
db7c19629608c1dda3c768ef4fdc43b9

SHA1
ad77a208bcea498eb7d86a0b45076162db00c01a

SHA256
debb54f38d8c2446e57f941998fc6c5ed96afe59d816e261f5d9bd832f860981

SHA512
604f2ad5467153c80fa17cad20ec8128a430263960b546c86b6904e1d1fd69f05065af5a81dc7634acd65584294238f9cf90b89f44d518565a6610dff0ff3893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7645c46c8063ddb01ff8913c90f6c9f8

SHA1
24a5c1522276673746f89ee56303fc33140f275b

SHA256
40996ecf8eaf5ef2f802d5554f68732ce6cb29310fd6984047eb8a61fa282254

SHA512
f7d96ad8f67a9e2407f1bf32b73e385a43c121f9394f3251fa6ea00425c27f559b2d829a38a86566d7813709cec8e83ab10b07ac94fece5e179a09c02b2838df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4beb2e8bbdfbfcb4a4974a3db680add7

SHA1
efc0f5348daff203dcb17347fdea3f725ec84f14

SHA256
a4bbafec83c04c967585df7d47ff1ed47fe48fdf28ea12dee63fa32438fc36c9

SHA512
2c0aa58fb94821251f06d866bdeed54509f1dc4cd12433a68b2df4b29c2a30b85912393ddf3801d4178f949ea690b3ee82eca15e3c7a5beb661ccf14a1a23edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8d324b8c84706724042546d24d4bbe74

SHA1
74aafa0e04a79668fb78e67dce42beace6355ef6

SHA256
b994375e0f7511de321c9d453db2052058cb2ed97ea8ca213d80d92ce26779ab

SHA512
9c64c83f2229d227ea74186929ba641482b6b14ec2cef53a3fe12694ce5b49ecc26de31b6db4e336bdbe0bec41d3e45a6a1f709bf6dc4229a8bad4822f826cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2ee23128d65aa15b8999e59482711152

SHA1
47a207a3bd17caa5f8a2f0bfd962294a8573f66f

SHA256
b84d62f4eaa019dc6a15ba155d09a86f2a8abb7ca726171c4b22b58c8b189c0b

SHA512
0b62372028b9d5400bfd621956a3517872a0491dab48aa91814d554eb872f12a158f757618d0c16984524fb82f3014f861aaf0fdc8001cfbe8b2b43a2b70a206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit