hxxps://www[.]dropbox[.]com/scl/fi/hxh3yle5sfbc6scj6wb07/NEW-FILE[.]paper?dl=0&rlkey=vfmnn1mccvutod7go58ur6q21

Resubmissions

15-05-2023 18:26

230515-w3cf1afc7t 6

15-05-2023 18:16

230515-wwzmysfc5v 6

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2023 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fi/hxh3yle5sfbc6scj6wb07/NEW-FILE.paper?dl=0&rlkey=vfmnn1mccvutod7go58ur6q21

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133286554483275869"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1476	chrome.exe
1476	chrome.exe
3436	chrome.exe
3436	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe
Token: SeShutdownPrivilege	1476	chrome.exe
Token: SeCreatePagefilePrivilege	1476	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 2860	1476	chrome.exe	84
PID 1476 wrote to memory of 2860	1476	chrome.exe	84
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 908	1476	chrome.exe	86
PID 1476 wrote to memory of 4700	1476	chrome.exe	87
PID 1476 wrote to memory of 4700	1476	chrome.exe	87
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88
PID 1476 wrote to memory of 3772	1476	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.dropbox.com/scl/fi/hxh3yle5sfbc6scj6wb07/NEW-FILE.paper?dl=0&rlkey=vfmnn1mccvutod7go58ur6q21
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffa851b9758,0x7ffa851b9768,0x7ffa851b9778
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=364 --field-trial-handle=1748,i,9699598276597346036,6764457032847479055,131072 /prefetch:2
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1748,i,9699598276597346036,6764457032847479055,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1748,i,9699598276597346036,6764457032847479055,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1748,i,9699598276597346036,6764457032847479055,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1748,i,9699598276597346036,6764457032847479055,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3768 --field-trial-handle=1748,i,9699598276597346036,6764457032847479055,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1748,i,9699598276597346036,6764457032847479055,131072 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1748,i,9699598276597346036,6764457032847479055,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5148 --field-trial-handle=1748,i,9699598276597346036,6764457032847479055,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 --field-trial-handle=1748,i,9699598276597346036,6764457032847479055,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2200

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b30470da014f23c049ad5d4bea7ab7dc

SHA1
88e058382d1484c6d867772b49ad6510f2f3e850

SHA256
dd7cc75a4bb3025418edec7c6c31723cfa123e940940cb3f5d607d3ece48e6c7

SHA512
f0b40c40e8ccc12098193176f5cc7b97950b8bae1e2d8a5f78ca7da7ebe4c09069fc2b9183a5dc93fe3af19fadb524a22899d6af1f9b3c7dcf3f8b00d15e612b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
967be54256167fc7786b08374acbb4f6

SHA1
3f5699f82443b5de4e02b521c7b746b5b8e944b9

SHA256
ad877c3afb260f09497508f38192c4b18afe44dfaf370355e39f80682e881688

SHA512
382d9d97c0ff463eebfded6254ae3b6986651390c0633b9ad4a54b284d17011054a4573b61b31459fa1c5030052e2a0098e4cfda83e069df0718aa15c6f05ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
645ff232e0d0a1cb1877f84c8f939e37

SHA1
56ef9175e51b6523efb953d99d00c20f08a96dc2

SHA256
c35aabfa8694a0b29d58a473e50ec460e7c22e6cd9dc2e439bd9389f3c5b640f

SHA512
477da92b2d63a22935f3eb15494c2f336896ddf6af6ace99a19273bb40677c52aaeead8a57ecb2ef3c03a0fa4317bf6298d21430be50334aa3499fe109ccd2d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
28597a385ae7a59c0227bb283b74a24e

SHA1
b3a8483cbb7f343d324641e4a10cf78e3aa6a333

SHA256
2c227b0272d3d85efef99eed094e9167a20819a3b9eca7596d6bbae98391e5e2

SHA512
cde3f4aec304587564c6a953e2f12e1352bc700bafa6f7573b55c7da2b4d32f38d72bb4b812e3dbb7f7a66121bfa20cb04aba55c179025022cdbc4b678cb8c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9fca1393e5df4f062c23689d038e6684

SHA1
c03610acbf5f5a05406c4cff284b22b88b27615b

SHA256
24a7e92991d750d6ab34adb49ccf32570a6ecfee334751b4a16ef3ed10332fdd

SHA512
4fae0c9c633a02242f4bd3cccb2940636068aec074487dd5979b545e2d0cf78adb218cd6baf9a356d033a77be3a03fece0006898583b24947b4633367b82ef2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be5d9045ff8dde8b5b3a7de5caa863d9

SHA1
c16bfa2d0b6295ba554473a1c4c226e91cd6c198

SHA256
88c545239dc7463db59fd9b5bfd3083cf1cdac4d5e56db0d116929767a3eb080

SHA512
11361befe798cab92224eee06affb1dbcdf716ac023fcd106641b4edd07d3761d2bcfa32f50d0ac6fa78850723c1bc4ac520edee42a2c56651b4bb8de15b903b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
16ac9b205f2407a822daf516cb1d95e1

SHA1
aaf261e89b4f3227dcf3b57505a7a6bac3274fa0

SHA256
e0e689d429f96fb5e865b5f6eedf8e955504dbf2d3718cc0a72ee6d8f668faa6

SHA512
03d2c246932c2de848f833bec5ba92934f0051daefd58c45f6d61740052bfb507ec04b24dee124f4f432dccdeed8b0d0d1081ead802e9cecef962e8dfe9854a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8f5ba1fffe941e871bc803f220c38640

SHA1
ef1b61609209afed421a1ad50fcd05c6d21a2ac0

SHA256
ea11c8e72456711a304e2f6375ab02388618f2027bf04ee03eaca93641db64ef

SHA512
a265e41ecb7d6cb9946361e9f2c3bd8123bf6814931142178c2bbba3dc8ae04668da0a8b806737a8d5b0d2edd6c3367a1c8e676bd0ae6ff10347564a85e2fe44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e6bf452f2ef832462fff9531bfc3afef

SHA1
f57d7f3ab1c787893c15f63bb8462791d7c9f8e1

SHA256
36666865af6bcbed0576bea2fd6f54da842409d5950cb4b3e8964b92f246586d

SHA512
7079bcca0c900c5da2aef347b1475afb7fba7dea3f895c60c2da5f2f682a94b0310d08ff0db16df642b2784939882d6dee2a531b5be4d4e7a3d0cbe2395b74bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
29acdc662b43f00af77dde0cf192cc18

SHA1
9a8a092e2585c1f72c2605926c60c07797dde4cb

SHA256
57f5b276b2fcb8f8d48554e75e8a3a993b8272407174593de7dcae2743f21d05

SHA512
82a10866a829eb8eb87a04ee79bb330720f5211f90c7c7b460f3549fa2b47cb36e624ce7bc1c54614d87501b5c9a2b999a49f10211c1ea8502aa997fbf79cf1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5fd7c8a6e8c38c32c69e30433c65b5c0

SHA1
13e1d7f962578de61e728dee4e256a9d02347d11

SHA256
442030f6eab86aa1fa1e52b9219e613fb7e71c3072707f390deae53d65b36932

SHA512
94b536f2d1331f1fb29fe1ae1b3057a7a8036e502846f2d3d835d21e9757515b2d8e5530329bc685feb49a8e6d97299c5e4e7becc702cb235a483b55ac9aae4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
33c418ea860055b3171ba6e94e31b9bc

SHA1
d9e2afb5d3827b6914323a091a8b9b67a4078659

SHA256
06c66782021ecb8af980ea7d3e1aef80a82cac9332e7bde114337cf742f8d1e5

SHA512
5ebd51897002a6e970a0aeaa99ba8012c659650084e5eec14620a21c821dfdd96d0936e3d6cd52dce984b3fcc5bacc3015952546c1a1f4c05697d5caa7e402ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
649fe2308f0d351ee31d7ef26255fa8d

SHA1
c047190bf4789413e659a15afc98fd8ef2db9c9d

SHA256
154ec0045905fce1550f6303a92addfd57c18b92a304abe4f2b7d72eed8d7ab4

SHA512
6fb723604b8b845c2173ba39dee8da44f69cbf6abca8343adcb0590e29da85d89c29b95901afe85a482a15cd5452b2bcae79d8789a02256c25232acc2d4487b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
6b886b974d807c629fb85282d595d28e

SHA1
e56c2fefc26ffa5f9e14cc6562ec0d522dff3f8d

SHA256
234e7b1eaf0e714059be65f47f142aaf7d79b5968866bb26997eb909deb42b64

SHA512
a11328620b30596636af7456f55c99107a69951124a21cbcf128676642141b862b5ff305696a2d690f4463b7eb106d9e988cdf042b446da6dc31ca45788b45d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
12c55b2c8ba81fe7934047e582af045c

SHA1
bba9a88b9feded5c55a5acf316e8234584814be7

SHA256
c76beae9df7473e172533dad3875f4ae52c5de71eccad3b952c64499b41ff8f8

SHA512
12419080319ca3e92b246e2350d146d0969253be188ed711cc4760dd374b1c4b8b312eee715edd070801063944fe7f9037f09ecc6cbdd430e4038e3533e863dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
bcd2b0431dfcf76245c110354ef39850

SHA1
0ab5c71c30d3c47a9c2395cf6d6fc6c861e6bd8a

SHA256
a5debe7073eae5c154166c2f63c95564ebcefe654578e2ca1b029cadd033de92

SHA512
260edfd6f15e891f6b5babd578a394c43545551650887624bb6094d6254846a32828729dfac269f1603f9092a455beca9a7509b8ea7d1f459a3b51c08ca7a5fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe575311.TMP

Filesize
97KB

MD5
665b6d4d4360091b2c7a6abc463669d1

SHA1
3c6f905c5af10abbd3b7c90b5b9a7efbdad084d4

SHA256
0ea30722478fae148007cc8bd6f1c0244d2487588aeecd71e9e1784895714ec7

SHA512
db13f747f56a224d5db0aae0e3322b25327b9fdcf0b76fec4378c7252041f1c9b84aa85124013fcdc6a53896052ac1b3ec308f892319f21c56716813d3825da9

Download Submit