hxxps://cm[.]naukrigulf[.]com/?redirect=https%3A%2F%2Fwww[.]naukrigulf[.]com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhxxp://373google90[.]canergrup[.]com[.]tr/?=rbunner@gmail[.]com

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2023, 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cm.naukrigulf.com/?redirect=https%3A%2F%2Fwww.naukrigulf.com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhttp://373google90.canergrup.com.tr/[email protected]

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289997431110063"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 2488	4328	chrome.exe	82
PID 4328 wrote to memory of 2488	4328	chrome.exe	82
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 1984	4328	chrome.exe	83
PID 4328 wrote to memory of 4580	4328	chrome.exe	84
PID 4328 wrote to memory of 4580	4328	chrome.exe	84
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85
PID 4328 wrote to memory of 3428	4328	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cm.naukrigulf.com/?redirect=https%3A%2F%2Fwww.naukrigulf.com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhttp://373google90.canergrup.com.tr/[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3a739758,0x7ffd3a739768,0x7ffd3a739778
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:2
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3232 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3260 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4716 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3276 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5472 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2844 --field-trial-handle=1808,i,12137626042154518898,12981920087826605581,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4016

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
69ea6b09c131c0934092c9c2060f1ebc

SHA1
b4019c82d92fc6aec550dff893d7ea7071cea752

SHA256
6ce7ba308eaae8dbb7f3d00a70a81e90d7a48cc2609aed49c2664b921abb3c79

SHA512
2e7614455f4ef732927eab8f621cdec33671b4ea63795340e56b73ce4c40453cedaf10c24b789a57425d3e8691496f3ca3eec538af8a4dc45eab94bb324a2d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d4231dc3a604219faa9ecfbd5a1e2a57

SHA1
b0d5651361427f25ef038220492cfc21ee4e236a

SHA256
e38dcb8fc01dcd64fb1b02a7e2cf2eaa70b03fc0843012947c29061cbc178e84

SHA512
5d848bf047ebb7115a88cd44ed4134237e962a5fb4cb4b81da5211d391cfc2a2d2cf62bb40a03847523a87aab639e6f52d9b762b6791de06df508b179f604099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
e84b900a9163ba1d6f845f56faf3e4de

SHA1
adcd6a72953385b7fa988838c9dc349af3baf85b

SHA256
425a406ae231d7a030f34ced8e7a72271b02c4c3add5e1ef9466dd5465eb0afa

SHA512
34e119a01a1c0ab8e559d6b1174b77941065ae4bea0afb0c4a93b062fb3f583ac2fc0e17f354d443476ac62df29ad1febb5baba67d07220ba46ba213cac9b674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dfa3ebb0587780e38447a21da15352a9

SHA1
88826d9b4f44ec281d8440d1e495e14d95e5fa9f

SHA256
e5d2ca97b7e64eb2959830cc969fe7e2fb126f0dbc62d786c2f26be0b659e28f

SHA512
51476b01c8234caac271bea1d9bbea6e8ca5d3e9e6e3fdcb31823c4b62602c25aa741edaa2013b2630cf69bcdb2eac97a2d11bbea04e0bbd561f8531a423514b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c13665b512d32faaf1fa72c39c7e9e1b

SHA1
2fa7fa8cd00e184cd2d321ae71bf7423cd89d37d

SHA256
00751ded25aa3677a80096959705d93e47a3d70f417bce7aa3ffaf348d8d50ec

SHA512
f7544ba65bb502f66c13e2124ca8bea10022cea8493134563161aa2787adbaebdd32d24c4a0045203ee2b163f1c77bbbf295b08ca3f5b611f41fdffae19f9008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
10bad9fbe29e7f7d910e18e7add41a27

SHA1
9b5e338aada2218ec887aa8253058e01961f38d1

SHA256
90988dacf663111acfc28ea7155bda7420cef66ad10cd7f2dcc1ec08e204b398

SHA512
6fd80e600a7b42c96d3efe01685d5bbd5787e14d311d04bb789264c7cca78c11be5429cdb0bfafc89729c4efc5284997f08942d20f1aebb7236a7066046d64d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c72da9fc85f412cdadeb0813dec09fe6

SHA1
69ce2171a0577adaf4f5b6305d8d08a5a72953c7

SHA256
6b4369d209d96bb533516c6959ed4b4c21d1a638ad5bdfafd37e9d08d7bf5f0c

SHA512
83535ef237f47c7bfa85ad1dd131b291b4ed0851339a9721a839e0ad9347a941efcfeb3e6abbdcaf9bbd1c9c3f675683deb4d9333cf63c30db4b8d631b41b662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4ea290dc30998789286475e2ba016f7d

SHA1
aab9bdacca5f280cb0e1ec2487ac140b9104d4a9

SHA256
daa385c4565a634b19cb5fdc220343faa04eafc504b1ea9d66ffaeb1506ebb6a

SHA512
74ad2ca9486a0361ff082a7f5945f2523a225c99e9770f2a1498413c4584e05fee13b43ad7bade00cbcbbcb613c13afc82831f32ce7f222ffa760aa08637f595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
ea8c9712cac827d75d683f0add3da7c2

SHA1
81d7a871db1f73c256d61b093716f813b4ae0b72

SHA256
8aa862edc03adffdfcd8a95c323b6382f1aaea5e25911a0ceb88b6937181fb82

SHA512
a8e3099f802b8fbc482a749631e1641f175f8968d372a675cb242df3272d169ae6a6963b5080f73e732f127fcb35259241907ad2f783542c3638e36c81aca2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
bd85504f1cee0f5541f56e347f08758a

SHA1
eff1ff7bac461facdc8b9cd9afa434413953c32e

SHA256
c6e885d35b6dbff23ce5b310bc446f68c9d821f5d5635ebc58a024bf351a6696

SHA512
6353e3d0370d1b199983694cd7ca00b1dbf95d2ca13b732c77a28474ac2642c064e10694d930ed41297da7add894294166d2fa765b3280808f337161f4201e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57081e.TMP

Filesize
100KB

MD5
86b823705ec3459f48bc679e12dd4d9b

SHA1
a34a7a79cb0552a06e98a2bdb46c78268d767f3e

SHA256
a30c04d4aa7f2a7a0e342f5c2cff7b37b373362d94fb757e1d3c388b8aaae243

SHA512
17146d7f6399bd4ad68c7363cf02e1abbf731bb9917ddb3c16dfcc107b3a4c272441317ae71aff4d5c1f023bcf976f617baed49e348eab082e02511ecf5c01a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit