hxxp://ngl[.]link/ipb_ssa2

Analysis

max time kernel
463s
max time network
457s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
10-03-2023 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ngl.link/ipb_ssa2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133229353798738733"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 3608	4108	chrome.exe	66
PID 4108 wrote to memory of 3608	4108	chrome.exe	66
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 3316	4108	chrome.exe	69
PID 4108 wrote to memory of 1724	4108	chrome.exe	68
PID 4108 wrote to memory of 1724	4108	chrome.exe	68
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70
PID 4108 wrote to memory of 4504	4108	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://ngl.link/ipb_ssa2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdb7e19758,0x7ffdb7e19768,0x7ffdb7e19778
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1712 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2760 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2736 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4384 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3204 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5192 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3796 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1460 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5536 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=924 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5488 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2520 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=1784,i,14164810508793768248,10414659076436507101,131072 /prefetch:8
  2⤵
  PID:4960

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3532

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
de4776ec933664c40a09f29bbf4aacca

SHA1
7db1db01e8e6856f09898f9935191216da73ceba

SHA256
85c42bfe26c9aae5dc569792d6bbbe243b8665860ba90fbbb3d90d61babf2d1c

SHA512
edcbcc31c6e9cab37fbd175b1c31500df344793255b02819d39a9dd4a707dd2445e74e554fc32007071c2536c49a61dd2e7bf39addd78866e1459b6f3090c4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8b14ebbe0b2743ee46f1713b2574a3e3

SHA1
a188b98e1224973cddcf9e48f29f7ec9cade2a75

SHA256
218a154772bdfe57012a5f3ee4ba3f2198ba4b6e009c2fa2421467c01dc300da

SHA512
d0647dcb60e765e1b4d003ec75795fa0ac19bb11f1d5c6e04bad697573a749169057e0e9725d3fdb587bca81224b756e2b89bcfd2946637f6838f4e744996c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
45d1e6de9f4328a3ce52738623286573

SHA1
8e3283a166acbaae731ffef777066ce2acb661b3

SHA256
a071f432bb6f93f9f0d1bffc319e68e55a63549e28bf8132c6b6dbe7af8f7ee0

SHA512
d3cc37089247f18e74c47ec7afc086c0374351f3698648cccbabaeead43fb92973d4fb1760a06011f0ef603fc9c35d25c4ccaa1cd257635dbb27cfceaf18ba40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b45e5a78969e152a980b54951d82b007

SHA1
ef76f7c40812e0e15078b7ea623165325e3d7b9f

SHA256
1d92eba6b7467953613017a7f028313f16669315fe62ded61583c4c78e6343bc

SHA512
c220d4f8d01a5f873a7a62c30cb3dec8a4c754926fbee05dbbd7ce3fc6d4e312a85109e7e678a3cd957959486c47c68f984ea04c51c21acbf0e0a45e14cd3a6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12ab89127903bcf1fe8df46c6f330c7c

SHA1
089c94d025bca1e4030c3561c2ef3f31c09bb03f

SHA256
5acbe16d9e85d7aeb896da1aa5915948036896be4c069655a26c590fbc7e9262

SHA512
97bb408ac60399ccbe6181aa95d35470c2b4038b804af34e2cbdbf42332beb52f789972f5012a803626b9b75a689ccf274024f0c10d0ac55d47c3a83c51f9457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b682ae6875d8f1eff8b853165e33f235

SHA1
a840f70ec979bcd9ce40324b860e699f90ac1ef8

SHA256
26281ed625f7e2a378e45c5d668fdc0fca9f722ce786273f5409928facea784e

SHA512
d4559d63fb31d0ed5422ae8df971fb7b033fa5a4555d4a0ca997eb36c74a8d01702d3cc16618fd55b22315d701e14941a29392525cbc913b55884b0d689f9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
481c15b5cec1760cbe50fa0f7f4047f0

SHA1
cd72ea7f4f188bfe8526ddb6d95871869b6afd05

SHA256
2efc7bff7ce63593c75f188ca6aad58451d8d958a1e003ecfa9e439a75f6fa3b

SHA512
8767faf4b81f6c835d50c565c6f046cb6e1f8e35df3f7c6d09778a0a93e6d3fc55b9bd9b0bdd1ede4d49ff223b27676cbe3e6edf536be920a030866a09ee6784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
871566ada22360ab360635720818a336

SHA1
355049c5e11e82a3211392f99bf8e1bd550f6606

SHA256
e4d5262ae5f5221c19830952e85c8b8c9601cdcd71cc1df8e59a7a64061b08b8

SHA512
f76f3d49dac5ddd42e75ef13162c535ebb0c815d0b516cdad751a9f9539d8e0f5603335dfefc77d198beb20204cbbd59c4fbc01d8ab5d21b82a877872e067983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
895ac90e563b28379643c103e47beaaf

SHA1
fb32976a0c7de451581b7f7e595eb42c06b43d18

SHA256
291d6b2e426032578b2a014ed3fd6367675af0c60166c91f6f3048474a4b8781

SHA512
b969c78dc198ab68f3ab8d061a78dd95f55ab6072f80b7f3bed148b6f932f6819ebf694cba92a77dd5f2413f65f5734eb85aaa595e7ed93b8df282a482f8bf37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a1c490ced31b8e352a2aacc470320258

SHA1
284280aa4cba1f3caedfd6b029f7e51b09da43c8

SHA256
af78d95c19100033eefdc6deae5d3b902669ec4e8bcb0dcd209cd314c483d769

SHA512
9034dc20884079d077d6d1dee4d21d697ad74b144e379b26fb57d179a6f4eadfe6e8317576818633551d075d4b3f894943343fe0f0a32f0930da970383f61380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d90bc1467a0fd08223c087e184460421

SHA1
6192f0b49d493621758135cd7ebc38e959a15cef

SHA256
ed257a6b640a45ed27ed37e50f23df6bc53b70150b9f2f338559f0767518b0eb

SHA512
0e9ef35cbe7b7e62d8d2411c6cfca77f2323055dca48e0a6a190dfd9959054464753e6082b27ba8e9789db411c3a05937cc1cff6850fc858162937f22d5527e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
9eff8fc565a06e9ac15a5a0b03607abe

SHA1
fc0326a939ebfc39d0199dbbbb4da5daeb804bd6

SHA256
0d6c94ef243304343b094225eb2e8a5158406bbff220574b1191f127145a2e8e

SHA512
6e2bfd99a4e9d4e7bd46180908c9d9b72d302305589fa36bbf33d36ae9a5f5b7d40fcb1cc4334f71ef33247422b3236bb708e0e9774bd91d0ffbfe88b819af7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
03b6aaeae962520a9e7916b7d158ba5e

SHA1
7ddee37dc8e36a352546d8adbe3a3742e8997b49

SHA256
2a89d570f92a283bf7b6b437f626a22beae8e73f5549fae87cc46c44b8308a74

SHA512
ee814ffc7c5d70269dbf774fdfe58127944a5bc1e539cd3195eb010683a6c6667f8d841d7cda4016904bd847ba925efe2dd7cf144a73f0e8f39d6c49d8a7da11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
967d835ee652be6eded12b04e28364f0

SHA1
28600bef73de3cb3644aaddff62549f7e31e13cf

SHA256
bf99753153171206a6d0e35da24114e6fe2992ae86b438d4c9927687307b3e4f

SHA512
44aadb6f98e7f1cfb61fef71874807e48b7438e8b9db247b8a45e56025dcdc4d5593cf7d87146e7c8c24e6220fbcae81e9fb3ee45b388bd03b7f2049ead62825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit