hxxps://docs[.]google[.]com/presentation/d/e/2PACX-1vS8oVWyvL7U5gnb1rOEo1okRP5uBLd9cgB2UJ0RWr-c1SLWF5P41q9T1AzG8DKi5KELVSmdGzvyhVFh/pub?start=false&loop=false&delayms=3000

Analysis

max time kernel
419s
max time network
413s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/presentation/d/e/2PACX-1vS8oVWyvL7U5gnb1rOEo1okRP5uBLd9cgB2UJ0RWr-c1SLWF5P41q9T1AzG8DKi5KELVSmdGzvyhVFh/pub?start=false&loop=false&delayms=3000

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609026551258473"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3128 chrome.exe
3128 chrome.exe
3696 chrome.exe
3696 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

3128 chrome.exe
3128 chrome.exe
3128 chrome.exe
3128 chrome.exe
3128 chrome.exe
3128 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe
Token: SeShutdownPrivilege	3128	chrome.exe
Token: SeCreatePagefilePrivilege	3128	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe
3128	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3128 wrote to memory of 3432	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 3432	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 876	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 3920	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 3920	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe
PID 3128 wrote to memory of 1768	3128	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docs.google.com/presentation/d/e/2PACX-1vS8oVWyvL7U5gnb1rOEo1okRP5uBLd9cgB2UJ0RWr-c1SLWF5P41q9T1AzG8DKi5KELVSmdGzvyhVFh/pub?start=false&loop=false&delayms=3000
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9303cab58,0x7ff9303cab68,0x7ff9303cab78
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:2
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:8
2⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:8
2⤵
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:1
2⤵
PID:4268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:1
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4440 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:8
2⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:8
2⤵
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4708 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:1
2⤵
PID:552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4480 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:1
2⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4940 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:1
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5108 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:1
2⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 --field-trial-handle=1904,i,16342234432185235778,11291133361625564393,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
6288591a57ec91a352b5894a8d99e2bd

SHA1
28d35784a1ee82b06e10e8b4b41365c3ef8b778c

SHA256
89b0d949e109132b9b4c494ae02bef575210692ac9eab84ecd3380b097d99114

SHA512
996a2cc85245f024633172a22759c0ed3b5c217d8bd2af34296117a2d787c2f4ab481c562d10683a036e44cd6ea0d9ab542586818c2144549aa84a151ba79f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
2c7aba47f91fef5341589b8d57ff71c4

SHA1
18b814b0ab9fa242056e01f9708c6508d1428cc5

SHA256
2df491bef17dcc53453eee5dcc3a5645f060eee807d41e513670692177d2ef83

SHA512
eb7c0dbed2085b9e42c081ad37ff4bced210f1ac03d6cd9daa7e843daf2a65d8755e1ca98e6072fcc88bff185eeb86f917e0b1531e50002707d1449cbdec911f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
2194af6cfb5008a78038cac07861749e

SHA1
011695c6cc136d5e13073fa6375f4e0ff30f87e9

SHA256
ca957725c0d24bf78295edb1fed38cc273366398dc2fa2fa352151eb3bdce56a

SHA512
2118dfd2e8b9fa6eecf7b7dd1c9aab5ae7078a2a70197e935bfec0f9fa2dc162aad10033255eaa3df6d08cc492914d1a4e0820c049fa3e6d3eeea7d413591ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
98a723f8e6c6eae31cce7841edac3a54

SHA1
103bbe0b081a41710b1e1dd1c088d534c3d1c805

SHA256
dd2fc2104bb6b76852b318026dfe0de9c51d1220c197eb5945698a0fdd88b2a0

SHA512
85cc41f095067a7b3be3582a3d6cbccec778259a985d6fc7f83a8ab5d0a9358ff5a47c89e0fe2e2c76870ac4854980c5d229e77d802da2eec518db1bc11e437a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
a730d57d0dd51dc0b2c4a4f16ccaf7be

SHA1
4fe65508448586d190d6a0feed3b382085dec4d9

SHA256
042748422546715295685c5024f04ca111fb7469a2bd0ebdadb25f0dce45667b

SHA512
bf5fa196f807c87a81dc2420a867af32ccdb9f1eda3cce6a8512881b45c40121a02e18cf747e6d7ba25651d5fe02d2ca930f4e66a638852c0155e8427ff67413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9d07e2cbf96a118de5cb628cfceac348

SHA1
13de8e78d19ddd050b13a530b5df0d3a70948c7f

SHA256
26d319a90d2e7427101235c400a209162334533eb0942a3151afaa2e8d72ac6e

SHA512
aff3efc19d3c03ae6d8eae8cb37771bd060298e5d3209420ff47e71633fc9f79cf12101809c2028bc826471bfcd55b0051d82e2cfe9a22137b0282a6c7a4fceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
497264f9a8238faebde0b1ec85c40330

SHA1
d8eb4a0d88241203f0974d79c2e25d150410391b

SHA256
4eb3e885d75f444769dac6ba8feafa3900d675c55267708c77ba72ac843c2cb9

SHA512
73dea9ba4cecc6b23916e0efe79af9217ac322333e848dab8bbf3cf486acb5d84956dd49546cbde6d96264d5ae27b1e42ded2dd6ff5ca737ffdcb2594b5ad766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
19c93c018c719d04664e0e6682f4939c

SHA1
8f91020dfb85cb1bf4c8cb701fdd22a54957ce0d

SHA256
d87d0ad26325c2459a004c16d9f728c2c8db62bfe661da960fdc0f9373021c48

SHA512
233a130da5dc135bb06364f4fd9579ca706f1efc1564fefd9dce4ca29833915951f921f0dcc99e546290ccf271a88424f3276187cd76cdd7a88dadb147e2f439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
6202733cc620ab57f20b84931ca3a0d9

SHA1
142e215ad9d81faed7497626dd0d85e681bf5d34

SHA256
7458d20c7b9cc108d4c33f1a42b8fc8f86349455084dcbd521cffc2fee428eac

SHA512
32582f3ed44c1218e7bb11addc78821301cd33419e9e6c3dde1d8e733cce28c16f0a67513cdce44f54cef7dec9b4399605ea2c6b1a2b58570baa39ea7972b25e

Download Submit
\??\pipe\crashpad_3128_VKBAUXGHQJGHSODQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit