hxxps://www[.]nagpurgovtquarters[.]org/

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2023, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.nagpurgovtquarters.org/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133292763090331726"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
1884	chrome.exe
1884	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 1412	4408	chrome.exe	86
PID 4408 wrote to memory of 1412	4408	chrome.exe	86
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4772	4408	chrome.exe	87
PID 4408 wrote to memory of 4236	4408	chrome.exe	88
PID 4408 wrote to memory of 4236	4408	chrome.exe	88
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89
PID 4408 wrote to memory of 3912	4408	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.nagpurgovtquarters.org/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb657e9758,0x7ffb657e9768,0x7ffb657e9778
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4940 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4768 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5508 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5652 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5488 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5456 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1828,i,10572450216589856029,17152416725984867227,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3772

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
637874f92bd45226aca51e18231aab08

SHA1
90339d2ad11d1249c6507a6db7176007ead28078

SHA256
7d7fda8f8a602c7dd9b513266eb9e8dac77d1167b0350487ea0880d060f47c08

SHA512
c58066e7a23522acd7700b719b4f4f30f38de22f3ff88bb2a07fae540a7b64a7fb2469f852ab0c1b5da3eae7e53e0c1beacb9204cd8eb49cbbc41333894e90cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8ba7cb49078786cb4d5b83d08ac0972

SHA1
0efe97f8fef8ac51b42555e1e134212fcfe66b0b

SHA256
5c7b9e0bca0bdb50cdac10014e8e8eb8177d1976455403c263824b054ecd2a6f

SHA512
fea78c897cc5c52e443acb7e28f50840533aa212dbffc993b373a378a0df1834486759cc9df548baba5b13dea43403acdb8ad98730d7e309b5521c539afa90d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4e7abf671dc0ba19083bd6b7a13fe96d

SHA1
1eeb013e4b211c7ba3bfc0b7526adb8a42266943

SHA256
616eecd4b877bf10e70d40bce41d3173af8f1f01abcbee2433ee7aad097543fa

SHA512
ffff9e32871bafb681cb0f5a1427289e963d0efcfe810b0f1ce0662aeb22288dbaee5bfaff8b3e3fc2700c279a8149aea3808da502236852a99c32d4556215a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
ec08965e94bbcdb695843656e3685e04

SHA1
bfd09ad87bbeab5728e904d601ac59a369b6fcec

SHA256
7f8c6eeed401ebfa6f1d215fc4475409c44c2de544fe412e5af47a1b9408d7b0

SHA512
78d10e24d69ff359f7a743b7a2c600d5e9ef2b45d8236f08804cbef158233249e25f7e9d7c3e63f535690c1e17e1c00e6214f2531d662c0726be917c9308e3ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4c30673fe6a2c85f79d8f9d78f3afe3d

SHA1
8564692cae61335278801a51e93a3ee87ce3c64c

SHA256
db244197ae390d4eadca459f4e0339391a3796c136b16681d70a817e3703d0d6

SHA512
4fd27570c2350a54f123424a47ccc788eeeb40371c8f0505f5a196933a7fcfaafe4be6795fc905612f5d2b718b7a08015334fa671116fb96b208e96a4eac2537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2095bff2b074c81893fc8abd5ccdb3b6

SHA1
290a206c7ad0375d56e4dee43d3f5117c3e75713

SHA256
189766e99ec80d284ca7c908badce286ecb88690266f7d2d3ac034de66c809c3

SHA512
cd7ab402b18860b21b8d2419b75f23d2af837709ec4ebc40936dae9404607cc5a506c7e745e7d0de8c11b620a2ef5d66751c627e6d993e4467a85cf636685e58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
651f0bd9ad34c16e69014ef0a3d55f6d

SHA1
3b6b65be0e807b3dabe72a230abf19d163aecdfd

SHA256
2db8d3b04f359f5ced68770ab3a880ff87f1b03a3389940e994493947cfd0bcf

SHA512
ab488e1f93e597b8e3d878e736c10022fe0a95cb14ccaa771d6189b33cce211a413228018f15795302dbcb3cc1e8f7e482c98b2d2e16b4bc9bf74aba7286c01a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
ebef044f37a05eccd8c31182be6a9efd

SHA1
36162ec53c9bc386e9cc645488996bcf0e4b267d

SHA256
dc2056094b59993d5778d22202d416e5afa97fe26cfca86060c44748670a5188

SHA512
d35be1448ecdf62e36e722d8b17b20852676065dd4baadef760be901cb9bb52c4b467445ab748634bdfced60943d3dd9126fa793279e4d888e31b93fbef9c108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
c4039af700ad83e4cf52def97075b5e5

SHA1
d2c9d3dcbffb39ccca9dcf60fb386e263492f405

SHA256
c789c7eeba25fa6b13ef03caee6bd55acc0385291af2dacf2b36d9b5a1a8b878

SHA512
3a440ea2335cf05bfa5686bcc503b99c030e45328ac46c96192104db026b89099dc22db8f88004f07e916ea748a614aac2390bfef34342c48c0813ae131a298e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit