hxxps://www[.]dropbox[.]com/l/scl/AADutPB1FN2BkTSq2YPrzlarwTOqQz3WaBc

Analysis

max time kernel
152s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
23/03/2023, 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AADutPB1FN2BkTSq2YPrzlarwTOqQz3WaBc

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240243086794679"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{8B3EF099-104F-464C-B268-CA0E9E8DE5EC}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 1524	2072	chrome.exe	88
PID 2072 wrote to memory of 1524	2072	chrome.exe	88
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 2376	2072	chrome.exe	89
PID 2072 wrote to memory of 1852	2072	chrome.exe	90
PID 2072 wrote to memory of 1852	2072	chrome.exe	90
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91
PID 2072 wrote to memory of 5060	2072	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.dropbox.com/l/scl/AADutPB1FN2BkTSq2YPrzlarwTOqQz3WaBc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff871549758,0x7ff871549768,0x7ff871549778
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:2
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4848 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5144 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5860 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4672 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2844 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 --field-trial-handle=1828,i,5505068984309866142,12536904543116289775,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
de7183e40a29e409b56d55a21b86bd04

SHA1
91870402bf96d15cc82dbd8eb7cca10ba6f6e334

SHA256
4317fc87ed84367668beaedc715a0460613902ec1c17e8ebe82280ad3b4b8245

SHA512
1821c7ac6604fdb972ea152d88d9f7ed88d2d916a351b3621acccfd8764375e9053d4190f6bbbe02965e313275d9d4fa5f7164f2422f999a636db0e637506f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
48adde095f8dbed2608827578bed2441

SHA1
f73753629ace1f8e69aa3d25d3370c28538c338f

SHA256
928857479d8309d8bc000254b9e5b91f0a21717e3254becc3a3bb141e56067ff

SHA512
9f825495813b8e63406137ed0a97dd5541f99ccd8d1fdde4983db9a46a5361a9683755038572cc631ab72b942ffbd7d2937ed9d41535b6a7a7d7ef3c572300d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
20ecca679839be38348d650e9a8e6691

SHA1
e1548a1fe556ce41b55c4258fc1191489f02012d

SHA256
2e5db269a2b78a8494867e63da88db4f5d532927181b922af3bbc47d723063fa

SHA512
14fbbe1119f1e1b22ddb695034bb1f3baccc5475c620ac36bc2ca93aa2534e743a591127491d1183936ac2d8415e22ad8a14bad849e782ba933bd407fa959b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
876629654db4c5dec86f0373390ae0d3

SHA1
dc244501462e11917e1a5b88ce51037ce925bf74

SHA256
a2fd53202ffaf3d1b2cbb86fe9bd153b4d1e2cb25b79e12a36d7f83bf801cf6b

SHA512
110028d1f78223b3032bba64b958f4078a052942459b345eb819f0c953009c6ccd100bc1bdada7885dc67dddfc1eec0b6531efc2f90043e073088d65b97ee062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe7d10df69274973caa92771fca5d034

SHA1
2f19708dbbe107c804d9c0eee083d21c5b672059

SHA256
b05cf41d2f59f1886c77fcc3e69d5e76be0729edab8c1d46a321457cafed97a7

SHA512
8b43db01f8a9b6506ce1d56635538f827ebea3378daafcf942c6aac963850ccb67caf287fa327a52da22266df9a98b18c7749fdbf94a2dc42df68470156f1ce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
69b7bbc411fc0e39157dc8a8affce76c

SHA1
2dd0fa27e9a86c93cce0109d04696854c6cf4df8

SHA256
1b0194089ad44c5cd6c79ad130c3bf926450126585b40a104609215a428c1182

SHA512
2f1f789b679f29c45f08a825e8cda2af02d4a085e78b60c90dcc7bf6bd560cc66e5d2ab0ff72ec1c387c720114b8b3bc892aa3db413a008553ce14edaedbe7e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
22a4cdbe2d80eab79cda0022b789b2f2

SHA1
9c9f5831a699e920c41be5a60cb182e284e62172

SHA256
dbc4d79e6eb8990ce9ac064655e85c114af1d453f34d2285f1e6a163705b31a8

SHA512
338a02bd39c401dc76112aab12b4ed71ebe89f28de15c2894d9a1ecbb1acc3e44ecbef5bcbe6d8cf92b1f10b6a6d52176fac98e1769ffccf503f91c8c2143462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7bb7a0b955cf2f05637521ecffd2a507

SHA1
5c3eaf8f028f870be218cee3f1b8b18b22e00d39

SHA256
705f76f928f60c0bc63a7bfcf4992ce4388bbe7337510d08a8d287c9cae5f896

SHA512
d8731211b87051b1a28becf652f3f80188037d1642754a89ee12d8c83ba215f8d103a95873248e143f0d72acebd0896578f8738b66e4256343ad610aa499ce40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
b960caf930f3eccf8d8f4e58dcdb46aa

SHA1
507dbeacd676645e42463409c3d5f10d4953d40a

SHA256
3101e9c70866834a25125ace9f38e3ab2dd50b15d5c9c47c848593b56ab81a08

SHA512
3a9296dae6a6f4d7238f4d36d9660c1c2a95c7b8bdc05587f05a2f17dbf0ff9b0405b80807b492bc8765979e449431f94c5432508ffab3a85cf6aa87b4596102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
c6ccbd382c7b22a8dfd1282e192cc33b

SHA1
341c9bf6167a22fe9c1837c36211167604b00c63

SHA256
094e1c3bc2f4c728336452872b99ab551f2506efda88b1505df2a34444461167

SHA512
dcb06c5e9b4aff8e503ab61ebbac8ceea7156c5b0f57af5ccfd7a0267ad7c7329fb91d269d9b0144d693baf2fb282b32ffd6117e9e82228e81b7eecaa4418e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
713bfa800b2cc09856c86e94618d88d6

SHA1
14ac016b469b6a4c080baaf93a55fd04694ca8c1

SHA256
b63530485b200fb8aacc7fb42419c00ec98f4f65d9261f3c45884ddac47fd5aa

SHA512
d45d74a50798f484ab86067eca2595912a1c9d9d7a65266c377dea2bd49289d5b10f997fb57c69a3ff743a0ab671c69fcf3bafcb5946a2d2ad38666095078078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
270926d2d3b17ad923507180b6fe4812

SHA1
763f89e64c1b80e86f9ae6679df39a2a008fdfcf

SHA256
0a3c33d36a7d6876800b2bdd085b1eda8dfa6c51db6273e8f23018aebe8b5ab3

SHA512
0538acdcc27798bdc1cc5a9be6689174e417a7ee3168462bed012a47034c7f27b10c20ec6522dad3299728534cab0bc0c37c38d1734674ff5b72fddd83240c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
742363ff6ca2863f1f9ae745faf16406

SHA1
4894a960642c66599db36ce8aebf80ad6464cfd3

SHA256
a0da692243b4b93788fa4918625e0c7a95c42efd9a3b70200169da8c5a997bdc

SHA512
c74ddc558fa76f5d177692cb4e1242d9bafe9a5c8a3de41d317db7e6caa4f8e4631a2d03b2977345c9879a49bc134e010ca297f7b4a10817a443b235ae762362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
855c8368d608ab629cc5622ae2bda86a

SHA1
8f6a4b3b0d074cb537bc19ff04ded8b70d7f9290

SHA256
72f64f8fc9663f288a3ead67e8de04f8475fba027f12b8cc1fdcd44a44d85ad1

SHA512
14f7eed2a71631efebd254899c98155d3cf5a787cb1077c10cf69566f03b458be11d7a98d144080e86f8970c9b69b74cd497e1312a7f4b760ed4a1ae33045b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
98615f269c1c476bf1d15eaaa9c8e55d

SHA1
a33ff5792b41a07437901d5b9ef080c61b511760

SHA256
30252999315553827e639db22a82881bedd071691e682f3fa22f4a873e5e315f

SHA512
7a22be07d749b10aa61524beef7255dea32c27c34fa15fa2f61b3f8926d33ac401b0faafac6351f3ae40393583920d8427d3805fe96e0fac4d913bf9a3d45e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
0bae0ec9d7509e3e030144ad057af464

SHA1
2051c5692abf8c623e69a32d147338fdc9b3646b

SHA256
b78d1a70ee7078cc20069b2c7e42065343522f12d5ec2bdd4bb1c75a0f13d109

SHA512
2af6d49ac3eb18919e133bf1d1e3d7b9fb5f7f3e320fedb0df98e42f764f6aa4d9aaa3020259b913c6e5793f686e1655ec00674ec0c62b145e5ad4243c7fba06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit