hxxps://www[.]dropbox[.]com/l/scl/AACwpAM7y-oynaGVe-0KKZCB8HvK5DEUZdA

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2023, 10:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AACwpAM7y-oynaGVe-0KKZCB8HvK5DEUZdA

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133266409333018243"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{240F4118-865D-42E6-9A10-305C08561BD0}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3384	chrome.exe
3384	chrome.exe
3420	chrome.exe
3420	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3384 wrote to memory of 1440	3384	chrome.exe	82
PID 3384 wrote to memory of 1440	3384	chrome.exe	82
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1852	3384	chrome.exe	83
PID 3384 wrote to memory of 1608	3384	chrome.exe	84
PID 3384 wrote to memory of 1608	3384	chrome.exe	84
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85
PID 3384 wrote to memory of 4132	3384	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.dropbox.com/l/scl/AACwpAM7y-oynaGVe-0KKZCB8HvK5DEUZdA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd340c9758,0x7ffd340c9768,0x7ffd340c9778
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:2
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4696 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4984 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2884 --field-trial-handle=1832,i,18329004199367387785,5069263397340468876,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
892aac206987d5e32ff0b0cf1c2a129d

SHA1
426720621f2895dd527dcc0e2364eb9507ccd341

SHA256
3c1e23bd74d6960c0569cc63ed31776ca2917e975de0937c25a9ac58bbb21e99

SHA512
3e484b893ad14d05373693e2a692b3e099b8a5039e4689625fa4b7f3f3e9452f975aa31148ab333a0483f114920c696c580062e0aadfb7733e36bf5b1a9fd34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2c9c66785af205e00a25142cf22e39a7

SHA1
e9e1f06b34d2648147a6ad398b0221bbdb038221

SHA256
f58ad4a695239df24ed616209f12495de8d8f36abbf9d68203e949ff574c8fd8

SHA512
49164a1765634b992f37afe08097fcdecf15489e1658dc818307b423720441e1a7d5c4af0ee2813a019134be3c24c8bf12933ae991c83a8b4f37542a522f504b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
868B

MD5
ac1771c974ebb25b4d9692fe6cd6bcab

SHA1
4766db88b75140a459a0d0bb2c78576594f2953e

SHA256
1606871a7eabe0191d3d83efbed1e814c9c5e8d783741e04a6de69ca29212a58

SHA512
11d8a14464a707bdd5d42e5db23329818fa75ac4d3e35843182debabe063201040a6849de113c8607c686e0fc5db6d328a1077aa6451d308da84c9a706dc55f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
866B

MD5
ad813dda304d52eeedf83cea9a24a9a1

SHA1
5695128c7efa806d89b1f88660830429b5366fd9

SHA256
2c6a8d964b27e1a47c70b862ba390e7f0e3d9a5a63975b4affb3cc7174fd6be6

SHA512
ddf2dc68e39499533f32f56e912651f513cba89806e5fff363c5f1fff3dff0a7b8ef1c102573b5b2a4589e19cd5bbbc024571d38b87bee28ba3af0ee69552986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
868B

MD5
9c9cdf8e762340d9387d245a01d88eef

SHA1
64cabc4a77779b855376dffeee2ac29f6ecf6551

SHA256
b1c5baf419941b1a25638c26927aced7519d7936a07ac912e830d397b1290c71

SHA512
b35a64b3284c2b99085af610c8c093a2aa166b3abb235aef52b6e073147dfab6ceebb057429e0bff3c918ad9004450809627ee24a20e74e115350b314b377bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
866B

MD5
2d980c40ab6423ad50ab00304a4e17a8

SHA1
7fbf95aa4b1844359385041e233767eeeb94ffa2

SHA256
7dc5e7180eb8d9a9098244b1ea46fdedf452dd3920349acc16fec1d224f41d02

SHA512
da6735b0a02ff64059851525a45eefed0e906894df24504ae21f6ec3c5b62f7735c19e8e6213606a9a5b980f752d4a20b2e45d2fe0ae761648bcabae49f26d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
866B

MD5
0cfdeab4583e31db206d8326946b5349

SHA1
d8fc88f962e02dca6d5dce744d5b05284427b1e2

SHA256
845e56054a52972db259a2ba01a70032cb063ed3bf5f3e02fb8cc2cd523979b5

SHA512
414db54505b3578d54d1c6bdeb8cb6510f194397bd9eadf18a0dbda56cf7df623b694e48a06635c5245ff63aa87aaaa854370e36d08227b53e2153c2cbf6e9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2ec1e4ad3a7d682c98818ef2b5be96bf

SHA1
848eedc842dd8bd3a7ad54ca9dc4a1e2a9ff4245

SHA256
b6c4683b666bee84337aba75abfd14617a27b8159fb67a07a904e3f73b93ad10

SHA512
a24004d65632dfe155206746a65278c5919595ea980355b4716b7b8641ec48a7da38aad2a0e3aae6982c6a4bf97631499c7e2f2cd1ce96f030e8f544458ab43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
402ebf745d4e5b540dfdbe68af93c664

SHA1
b61b9b106856fda485fe52ea76610eb5725c9d49

SHA256
0844591cfe4d2b05830eac306acd08c582180dcf6356685e6c40c0992753c10a

SHA512
8610dcd415923d4e6c29eb09ca2e7663270fa034468a3fa4e36c786ce3d5bd5520b789186a8cddf6d2f3e6f1b2cb49340425609a7d71826db0fe876dc83e3fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
51e64a4886a2ba377f2b08b50cffd98c

SHA1
0d8c75f209a29d9f44e5a1cc53501271c2b54dfa

SHA256
9cef86fe08a6782f720ff4a03bdc774a14b8a857194ca8d83a08972d2fe7a0a0

SHA512
332067c1156ad7b6d486ed6e13a05746c4ed9ea871da6427262c6a18f88df62ae946923978a4ae438ac1799dd79fff115d53c55a27d5e19436b22ab5feb35cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
42dd4d37fe123b5a0ddd2478593c789e

SHA1
a59c63f0892e0124729a6a31a0adaa653861db2b

SHA256
226aeb607e0411f37f8570a4f7dac4a070aa6b8c6e0de8ec546259374a1f4a56

SHA512
e4c941f76baacf911f27f06687d37fa7bdbb7ccaa13197314a914ac4ea34557accfa7609943a8a7238207e05ba127159d3d7220e19bccb668b9ba9cbf5af3fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit