hxxp://l[.]basspronews[.]com/rts/go2[.]aspx?h=25220&tp=i-1NHD-9S-13e-4Vs0HS-24-4fOg4-1c-21hC-4Blxzl-l8sfLzFZTJ-dKbyG&x=trk[.]getfocusro[.]com%2Fb%2FL2U0Q4s7Sw7xLuDNLeXnuw~~[.]O13-VBoUcq2KGdjVq9RIJvk~[.]drGAKCOr4tNijoP5uSuCFQ~~?q=hxxps://cancersa[.]co[.]za%2Fcgi%2Fthyu%2FxWvNI%2F%2F%2F%2Fjobs[.]sanrafaelca@expresspros[.]com

Analysis

max time kernel
600s
max time network
595s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2023 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://l.basspronews.com/rts/go2.aspx?h=25220&tp=i-1NHD-9S-13e-4Vs0HS-24-4fOg4-1c-21hC-4Blxzl-l8sfLzFZTJ-dKbyG&x=trk.getfocusro.com%2Fb%2FL2U0Q4s7Sw7xLuDNLeXnuw~~.O13-VBoUcq2KGdjVq9RIJvk~.drGAKCOr4tNijoP5uSuCFQ~~?q=https://cancersa.co.za%2Fcgi%2Fthyu%2FxWvNI%2F%2F%2F%[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133345515558705655"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 828	1564	chrome.exe	46
PID 1564 wrote to memory of 828	1564	chrome.exe	46
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 2096	1564	chrome.exe	87
PID 1564 wrote to memory of 3388	1564	chrome.exe	88
PID 1564 wrote to memory of 3388	1564	chrome.exe	88
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89
PID 1564 wrote to memory of 5024	1564	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://l.basspronews.com/rts/go2.aspx?h=25220&tp=i-1NHD-9S-13e-4Vs0HS-24-4fOg4-1c-21hC-4Blxzl-l8sfLzFZTJ-dKbyG&x=trk.getfocusro.com%2Fb%2FL2U0Q4s7Sw7xLuDNLeXnuw~~.O13-VBoUcq2KGdjVq9RIJvk~.drGAKCOr4tNijoP5uSuCFQ~~?q=https://cancersa.co.za%2Fcgi%2Fthyu%2FxWvNI%2F%2F%2F%[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb8d49758,0x7ffdb8d49768,0x7ffdb8d49778
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4904 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4568 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2856 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4604 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3936 --field-trial-handle=1856,i,6712589428618148276,4141190388171032545,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d262084ae11faec606dc8039117978e3

SHA1
7c02c6bf4c235d8ad494475a57c1edd9fb4a15a8

SHA256
66fcda5e987a2f3fb335c1ba5d7499b615a7d3cc092bd447dfd62754fda2aeae

SHA512
87129b611dc501742a116cdc1e6a56d66a7c2dfc10e45527434fffddf929fa57c6df3a39702fb6e0253391a3068d956a1750aad75e518022896336e24022beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f8bf3f9cd352a9b3faa533501ca67b4c

SHA1
4884532322332a140cd467dc8593314661c35b9c

SHA256
532f7171665f5830d94641d3ef6a6cb7333d982026562630b468d9c9956b2cfb

SHA512
e1e5c5cd6bacba054ca8514b213c36a083e92a6186143d0b401140a070f72b1b1daeabb2d1500a5f16d8e19a08af45482776c61d5f12c601f260a4e3bccc4f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1c84f549a6720cbea99af989d06a5ede

SHA1
196d3e6b318f206de49836ae2ec3562c863c6480

SHA256
f9a8cb0f49b06e72b5fe2d69a8c23e2d5f7b76a1d9b7a80e8814b5cd7aa81a06

SHA512
3bd8d2696e5630967c9339a678d759b74ecbd14f76efe7e7809b4e8115add0e97113e83b4b9a7a6043fd5b215da477a08c3c26281464081722f607961e862e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
4b6ede2a0d66e9d020c409f431addf55

SHA1
e370244fe7881e73479c18ea5cba7e972645ec08

SHA256
14d581e7d9d3543377f2630bc7b98ce04fcbb3b6146ea08fe1b9a14b6b92f69d

SHA512
56b290aa17459f5080f0cc0b9761779b1d8e84767c4571dfc6f9d835ca179476beff828e2aa77a82eed5896216e1b13cacb45bdbabab034bdf02d182c4a7d9fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
71eee35e064d93d2916211f52605a4be

SHA1
792429fdbbf1d5892aaa237e727b5242901dee72

SHA256
9016d07e9bf9e182dc218cca23bd2fd29f4bd6378d5e9468ca99d992dfb38685

SHA512
e75c881a753333ae1b9613e1047daf9bae314fd4a120f95e48dd64cf098c61934c8c420395fb9c39818876cf71dfd322d091cdf643e71467efa841d20e633449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
857f08d5eb60b442ad01e739e3defa41

SHA1
452c2d4ee474bc9818a06fa07e14ffa0614cdb7d

SHA256
dfa0689b96cc14524ef5e9a6c5be40710a32f5dadf342d12e2f547675ee04293

SHA512
c2d9ca5138b77e7efd438baf89e521cb0eb444514a4aa23216dcfd6c8c1e3c83eef149b344c8f0681172f0181d782df24d6d5662c4509bdcd61e46814bf89b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
14fd77d9fd816c7407bd2fcd7bb17656

SHA1
839b002e204dda4c6e6e925e56937e8dc8976865

SHA256
cd381b9f1ce56794e5a2abeca5cc1c9d0bc906d8443847997dcbf1d80276e67e

SHA512
63f1f7e045466ded2d0283aa4e08121b5775d62347b9648a8844fd50e67c862ebd7330d48ee34d87e5227d31c4368a9f3190ae39dde821a8783c39ed564e764a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit