hxxps://cm[.]naukrigulf[.]com/?redirect=https%3A%2F%2Fwww[.]naukrigulf[.]com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhttps%3A%2F%2Fvxq1ii[.]codesandbox[.]io/#dXNlcm5hbWU9YW5nZWxhLmQuZXN0cmFkYUBzYWljLmNvbQ==

Resubmissions

28/06/2023, 16:36

230628-t4n53sbc61 10

28/06/2023, 16:29

230628-tzpaaabc6t 10

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2023, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cm.naukrigulf.com/?redirect=https%3A%2F%2Fwww.naukrigulf.com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhttps%3A%2F%2Fvxq1ii.codesandbox.io/#dXNlcm5hbWU9YW5nZWxhLmQuZXN0cmFkYUBzYWljLmNvbQ==

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1950FC26-B8B5-4092-BDCD-825EF6CC2A3B}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{11E6EF03-BCDE-4541-B192-255C66BB51E9}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{55EAAB90-B74D-46CF-BDF9-0DD984C36136}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9E00698C-EA69-4BE2-B7F5-626AB5EA905F}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{840205DE-9A58-4B98-9DD7-CD6174B20087}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{6D8882BE-89E0-426F-AF68-3C027704E990}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1996633C-5D11-4BE4-BD93-E29B42C66155}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{44860BC1-AA19-418E-A02B-C41455801566}.catalogItem	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133324434330099355"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4580	chrome.exe
4580	chrome.exe
3060	chrome.exe
3060	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe
Token: SeShutdownPrivilege	4580	chrome.exe
Token: SeCreatePagefilePrivilege	4580	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe
4580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 5040	4580	chrome.exe	84
PID 4580 wrote to memory of 5040	4580	chrome.exe	84
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1128	4580	chrome.exe	86
PID 4580 wrote to memory of 1744	4580	chrome.exe	87
PID 4580 wrote to memory of 1744	4580	chrome.exe	87
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88
PID 4580 wrote to memory of 4304	4580	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cm.naukrigulf.com/?redirect=https%3A%2F%2Fwww.naukrigulf.com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhttps%3A%2F%2Fvxq1ii.codesandbox.io/#dXNlcm5hbWU9YW5nZWxhLmQuZXN0cmFkYUBzYWljLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce0d39758,0x7ffce0d39768,0x7ffce0d39778
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3152 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4840 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1816,i,8157671383935545874,10497970899865612907,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3060

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3872

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4908

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
d1d3af2af5426c768e8d92c9178cc435

SHA1
ef48db0283fe7bd55b7281bece51bbc0ec3d1f5f

SHA256
52897a4734939e9d55817352a59f32912b92b2731d70ad7935801de25cf6924c

SHA512
50eb85274ef7099ef61e42344bc9a791725649932de16d541e22d65021a2f5cd907b86ad4fb63d040b78ae8901656f92ca677a0e633fb379ce506a44cc5b1dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a0424512f252ab1e2442bba141411b94

SHA1
b287773d41ffc211960067efce72a00e187692c6

SHA256
babe2cbb60febc16fff73da079265e15065c29c9221866fb5c63c64e496f461b

SHA512
40ae50bd475a53f2ab056d67400134706f11b247a11bd49c95173db5345bdbeec6063345b524b57d096696665c9bb788837873aa117197dfe3f1d21025305af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e2f34be70497079b01157b574572972

SHA1
19773a7d7bc405557c2bc44060d2a4f6ecbdc0bd

SHA256
2a8c4e2ed7c151116c74eb120cedc822cfcb2c4e38e9eb45d5a9e871703fdcea

SHA512
333f7a67bed29d5d8bd6c43b3e34b81b8411b8c0e36eb5b5179d10e3b693377dcb320ab292fc3ff9ba8f540c7594a9aac02b1d77c154be0c2eae9567ed22e367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
30cdf0feff5b493c9c9db02f6d1e134c

SHA1
3a9f3ce05d2d40a6009e619b2582e687c63c18ff

SHA256
75bd96fd0126dd6b9976b18d534c2138ae61d8ae73c448c88f8f0357f56f6354

SHA512
c74429055c8dd20be1070699cdc641538adafd1d57292a4a6c947a55a1c36b6a797d0d4e32f980212bc59b443d17a371ba7cb5e54938673f8c2b1416be6d5fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
08eba387ff8827735b1b7b27ba87c115

SHA1
9c5410f4e74569413d8c700e3908e8a6f2f96729

SHA256
82ad63854d6d8f73dd52197868937dc15ddba8886d07bf657045c7f1cc084407

SHA512
92920e31622c3db9e063a3969167efb6b5e0230c11de63871dfada2ef278c1e9abc675a22cc92da43275e0801caf78c8ae6b3ed55ead8c91b8f9a9818e71787d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
814389ae5a0ac1bf9b09d2e9e687b38c

SHA1
ae2f4a782121b48c42966477c4cc91de3171eb68

SHA256
ac8458fd4e3051faeca5813cef1b21c709ae1b2ff53a42afef8c9aff451856d3

SHA512
8bfdc013194434caa6e188bcc27c6a5a9128c5f387053d07e1fa5d781cf752c2f83fdb394c46b6146b56c443a635a36a0f83b985c0ce45b440b507f258dc58bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dc49190fe91012cd9da56feee8ad4422

SHA1
bdcb4d2551eb620037bce6a653aad44b5ea5784c

SHA256
063206b468adc4f836c69ab5b4d7c5aa5ceb6b46415d0c5a41035749ec37f8ac

SHA512
91a60d620c592d2cfbdd3fae68f571ab16965665e55bd7c0fdf4cd8f7cfbce85bcecfefc3cc05b8d9557244c780e37b31092b322ae40c4e78f329f4eaaa9a1dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d1935109e888f6f2ba2b68cd00e277a3

SHA1
6c76f42f8b9578ce477ab5e90f4ee2d793f924bf

SHA256
b8e0d499065ae255034d3b877f920ea85ad0684227e3ca94a37d89e4983c1735

SHA512
1ad71faa1233a2126f1913a4cbe9aec0041fd3e85b30f79bc8a4e046673bcfb0f8b5194e5fb46e80dc76c98c73b806f7ccc3fa51911d09974357552b9e48616a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a136ebfa2406eda1d89af425f7dedbf5

SHA1
54e8f8c7b4a76d0d25dcf0b0dc571c631ed56497

SHA256
8b22c1c527543c49f55811d3371192672e0914557d8494443d65056faaf023bb

SHA512
7c6ef5ce0fec9791832aff9e08ac6084fda113e9cb73651aa3a2e5466b034c3b9eae5eac1622a5a3689f529e0f67b4a2c56ecc041e2a755d64977e8f5bfad8d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
463634f71e520deeaddcf602fe38112c

SHA1
ed5f3c9313c4d6f08ade64a265b7ee4270104737

SHA256
715c3a07382115ea7760f7f2087e603472f38bafdcba9c7d0669f2284e64ec35

SHA512
b78f4e34662fa30844df0234b4f659e8b89d4ef42178c5a75a940676a5593b05a703a134fcdf38312e4833ba15e4c8cf19a269b2fc82aeff35b48c93b190194c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
56ec42ecaabeef12329480d707afdbc1

SHA1
ab2723cbb18ace0e925b0918914b4b645d6f1c10

SHA256
e0c794e26f58d9cc2268e1500a1ef5f49201f85866835bb807d77b480a35b70f

SHA512
53367b26a30d66ab3776f83adfa3e3e317b1553d81700ffd4908d93dc20de50d36dd6aacd889bc77d94bafcf32655c082a775e4bff3a230768aa5c53b5637e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit