hxxps://cm[.]naukrigulf[.]com/?redirect=https%3A%2F%2Fwww[.]naukrigulf[.]com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhttps%3A%2F%2Fvxq1ii[.]codesandbox[.]io/#dXNlcm5hbWU9YW5nZWxhLmQuZXN0cmFkYUBzYWljLmNvbQ==

Resubmissions

28/06/2023, 16:36

230628-t4n53sbc61 10

28/06/2023, 16:29

230628-tzpaaabc6t 10

Analysis

max time kernel
120s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2023, 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cm.naukrigulf.com/?redirect=https%3A%2F%2Fwww.naukrigulf.com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhttps%3A%2F%2Fvxq1ii.codesandbox.io/#dXNlcm5hbWU9YW5nZWxhLmQuZXN0cmFkYUBzYWljLmNvbQ==

Score

10^/10

persistence phishing

Malware Config

Signatures

Detected phishing page
phishing

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133324438401839519"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 4236	4524	chrome.exe	88
PID 4524 wrote to memory of 4236	4524	chrome.exe	88
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4424	4524	chrome.exe	89
PID 4524 wrote to memory of 4728	4524	chrome.exe	90
PID 4524 wrote to memory of 4728	4524	chrome.exe	90
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91
PID 4524 wrote to memory of 4772	4524	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cm.naukrigulf.com/?redirect=https%3A%2F%2Fwww.naukrigulf.com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhttps%3A%2F%2Fvxq1ii.codesandbox.io/#dXNlcm5hbWU9YW5nZWxhLmQuZXN0cmFkYUBzYWljLmNvbQ==
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb9ddd9758,0x7ffb9ddd9768,0x7ffb9ddd9778
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1812,i,5332274214412995704,14628170987857294518,131072 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,5332274214412995704,14628170987857294518,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1812,i,5332274214412995704,14628170987857294518,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1812,i,5332274214412995704,14628170987857294518,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1812,i,5332274214412995704,14628170987857294518,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1812,i,5332274214412995704,14628170987857294518,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4744 --field-trial-handle=1812,i,5332274214412995704,14628170987857294518,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1812,i,5332274214412995704,14628170987857294518,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1812,i,5332274214412995704,14628170987857294518,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1812,i,5332274214412995704,14628170987857294518,131072 /prefetch:8
  2⤵
  PID:4832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4920

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
19KB

MD5
f81b3d9250861d6233262318b9151828

SHA1
79d470583008151d9a1e8cf6f13e92e650e78b38

SHA256
06571393dffe72888fa356d4e6df93d816e144c4d718c15d5c8c2ef37dff70c0

SHA512
75ea6e7a694a172106f40f701ec32473247ceee1a794a1f83e4fae7a7242355ecf8975b11ee118831e2e99996bb3fe2564f50c2533c58e66a166179870ac9874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
240B

MD5
cc15719ddbe343392f11a43bc0345c05

SHA1
aa465bbd73081113ec38f194e2c2f552a3a5c882

SHA256
f03ac26d032ce4da7fb7b4824441270bdc1991c4db24451efda8e196f366eb56

SHA512
e1c4f1cbcd92e69b07822beb984bc6856c54727f288c1506abb61e0d4766cad0f508e995c132de43ebd54a38e2e1a925b0d8bee2fca44e1da9519da0d6c7c86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
04aebfe7f6f731d93ccc6e783a99801a

SHA1
9ceac2067038c8f0b944e58a7f94e4480280334f

SHA256
0fa0dea0ed9b87e455c1b0abb869475c167956ac678544b02c5565943d5b8efd

SHA512
14a35c365a94aa73c00aa18e07a64e04bd0a5063f6482fe4f71612f95515b6ed2da616fe6fe6a699de1cc71bb33144f2d22d5649ab2d7c24ea99a348b3f40774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
bcc02a25aba837f2bf277e6294a6fd9a

SHA1
96f2f4c6c81fedef4ac9c0cc2d24a33c3867e27a

SHA256
5b29a4f714b8528f00d64bb39f843d7327920744065916d2eb76c0f0b83cd00a

SHA512
4cfd0c02b7f9403bbbd99b60eb891ecefe06abc941b7d6af9478cf95d4139e4cb332560aa3bd13b272711d0ab636b65a75853b69aa350e150d3130ea706b4a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
9768e9af902a25a28c473824ae87d998

SHA1
bc734377eaccaf4ab400b2cf264c4f6ed09f060e

SHA256
82471242e009f38b4cbdfea5957b8dce4c08bb0a54bbe8073d26a121049fabb0

SHA512
f0dbb11f881271df66ced80c066aac197b8337ae9013ff0f865b19f9029e7b25a1b093cc4f89d86dc99db638812ba2518e99715167640ec0301de854460896cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7b8d7bd0df1cae94d43e2bcb4b668fa3

SHA1
e0d9f051e5100ccbf5be1f446998e66305928733

SHA256
2548be99578a151ea19f1b40b1b11c234acf0303dffdfef052f8d4357e69e823

SHA512
ae0bffb225cf3f5a71044514a4d8ad90bf3a4e475edeaad4acd481985507d77f0310dcf140f4f00ac54c58bd262779a7d642a99de8505159daf961dfde3eb2ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
19b4b5f3be8dc69c1a253762e11e74fc

SHA1
adedd75056097d5a87c4120391577bca4cd8f2c9

SHA256
f54bc5a7a8517871d6c01e689c5370219f1482e9b579eb75ec4ccab10e2c2382

SHA512
c359fee39bde01c4363213aebd239995206cb336cdfea34ae6cd72cd900a7dde1268b31c56ba5e8a93a322de3ea1d093363cb00c72ee72b169bea9a49da3a76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7fb467065c18cd9aaa3e2ed725e6b35c

SHA1
96634937231b33b91f27edc80a6b9ad0039e6485

SHA256
5cbcab04f18933d13631eae40ec43345af9a4ed2998adefd540dcb5a8c6fa8a2

SHA512
915b376eb38f1da21633d49ac705fdc742d85a6149fda297fccc98e6f71ec217bf6eb8c74101b162419571ba12255e258e57aba743b19fb32c64434874077b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
040553f45129c76c89c6a01c6cb9fd60

SHA1
a7575b61dfd0536e2ab74e44e1d83df3adc17423

SHA256
c47b841de61c9a140f69b513a5ba0f0aa1fb480b8fa68c2fe056b06f3a4c0bc1

SHA512
f0ccd5a19f36c8642079bd27de36b812f304e961fd960cf3d9e49ec89eb61dbd33a9f800ad6ca42ff226d0b03291fa4b78e921afbec9268ac561776948748a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
97b15f62bf1cb00388ce317f55fed4dd

SHA1
b05ebc1446569255893dfee4b86feeb8e7cb8a99

SHA256
b38a57668de11a0cc5278e58a6ef46e129adfefe794f9295e6a5fafb35298291

SHA512
35b4f31220e45873ea568d00bf9146c76b573dc329e48e4e210fecfd5c561e7be5aef50b3cc4d9020f18925e58040f51cedd69a210819ce7c9a23b1e3e794000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f771ce6a8028720c17e85e511081e710

SHA1
df2af3830c60b891779d8c5792e3f2d48865666e

SHA256
e456fcc0d1383d74ec7ed5d018c78d81420584b170ffb28fc66f9c8d8f267e54

SHA512
8cfa3673789e70b93703e8dc2bac507b7786167dcc3fd9fe2175f69a9475e468457b0b2b625f93a4c386c1d60cb2885a7bb7dcd4b619611657f2c5203fcc7857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
11dc851a1b5a676d7786146b33b7bfc1

SHA1
126bb942ed9233213528b3dd6f029399c7f58e15

SHA256
d8b68357e87f894da8c44b105b0d244fb8a88805489c171d3a14370037bd8e39

SHA512
b1e42f8ab4e3619d6dc9d30b78d8ea60537a76f807df3abad76a6b6d4528cfffe63ae0189dff496e062f8a40014084e786a40ca8c51239e34b21f089ff903e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f283dcc880402d4cbf0c9190adf55b2d

SHA1
e9ef69b0a39c301c6cb4199a3a6da1e5a380d85a

SHA256
77d271d81c10da99b9406b125db8ed2444ec348b28ed4664a1c81a732c0b52f7

SHA512
17c40e285bf70501b087ed2fc753c9cba3dfd2b32ac4b4d30a00f95095c8b954ec9969c3e1a1f8b2da8ff5f27be163cc39589d17edd3ed7a6946c5b7185db0b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
33139ac8e794525b4e868525de08db2b

SHA1
f2824060f374497203eb0185b8d4540cc3b2f898

SHA256
6c7cf43935ea1bec9a7eb6f565e3fc9c9493973bc57cea71c0f0d859b7087fb1

SHA512
b0b95ca7b0600ac35e7f9fe31df284021144b779d41400aeb38bee99052ffd6d93afc8712ac6b4bd87166063f45b1d0d058fb7cc034085702f9cbb7e810bf989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8703fe3d1edd43362fcf21de3b8b240

SHA1
8a732e661fe5fc93e5b5ec8e84e287bcc3357e4e

SHA256
7dee61222c2eb01893b9162087ce50a16b1e418944ee7ca8d49e5d3906df81c1

SHA512
7ef678934fc9d914c351dad8c712104d962f1f304911fc99e0d5999a0f948390a41f1a62f0e7ebc2d1614e6ef0fb4b161a44b24298be24853bacfdee457ff8cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c762fed934674de08360f92e989f8c97

SHA1
0548387fec8309137143772af67d1d8b44319242

SHA256
25461d2d8bf55df8006ddc72312b018dcb9c431ba6226f870db909297659a0a8

SHA512
cdb3aeca515b325396ce0c420b901a7f0bc1253ebd960c66c4420eeec85a31339cd27f13d1f4be0d02e42bbac07ae42aa23b528086e523c664d8961d0f0e9b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
eb97a584f11a7b078084c526f048604b

SHA1
c26e28b2e3ad7886f631abf3a062b9cfbfb968e4

SHA256
bd4809fe982c4df275dc2e5603da9bce922d3bd66d0a4badba92899658ac8f8f

SHA512
3708a50a0b07882378ae35a5d0e12a9467bed79be1058d75805074b74a9f1ca530e1efda1b6860973f21d215418e2144c9d5ab24d097d8fa1293e26118509545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7225b02eefea99a0fed321749a5239fd

SHA1
c7690e1a5eebad0b703e4037c6dbcc429039872a

SHA256
92a10f0b88bb799c7fe9e9044db8c1048ab19a99450af9ef3fe985b0549c5a93

SHA512
0e09581e1e07a3e0afaeb514eb4ad9d2cfdea0864378780558a73c0bc8b7568650a4b2f8f02c32fd1600c93621871c06b4eb0eb1a61b7843160ac375a5d43e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
29eea688c0fdb892eb7b97850eacc134

SHA1
090fe90c44ef9d1d438d9b3135558ffc7b491eab

SHA256
bd9dc21e9435c5cd1bacc3bd233cac0d3416eea696de55e154130ed44b4605ea

SHA512
2dc4cb893045422769d7e880931bc1376fae063400dbc2a0df80a168b594e8dbaef338492186628e1c5b9ee81e0c9897f579902326e054e42b9a51f1d8fe6d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
6028ca2fefb5c9423e82fe152e0566c6

SHA1
ffddf76af9f151e64b0a082ca3135124b3fd520f

SHA256
3d198138ec047091b666c72975c490141f5c65b667e67329ef50ff9ca7ebfbb9

SHA512
effc886ee5e4da0d9028c0ceb7131aa0ea5ec3fe82024a76938e11db4833cc0b457e18f294634ac86c9ce1172303bf40d707632f60ef9f64482525b48f6a0ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit