hxxp://jdsyw33[.]com

Analysis

max time kernel
46s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2023, 04:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://jdsyw33.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133328323740963530"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 4532	3208	chrome.exe	85
PID 3208 wrote to memory of 4532	3208	chrome.exe	85
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1076	3208	chrome.exe	86
PID 3208 wrote to memory of 1640	3208	chrome.exe	87
PID 3208 wrote to memory of 1640	3208	chrome.exe	87
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88
PID 3208 wrote to memory of 1256	3208	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://jdsyw33.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb41f39758,0x7ffb41f39768,0x7ffb41f39778
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:2
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3392 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4948 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5084 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5400 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4944 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5568 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5352 --field-trial-handle=1796,i,17508170062014282650,4408672085098514560,131072 /prefetch:1
  2⤵
  PID:3720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c045d2dae38d04695d44dd8148562cc4

SHA1
4c22643ea753cf45e79b89deddea68124ebdd95a

SHA256
95a4b912403e492852a63f7e02a484c5d9a2a398202c61ed94811b8b5046baee

SHA512
747f1a7bc583e49e3ca8cff1062ca15b8ad6b979151bd37509d2dcf3bc544b277f889dbb44d3e268dabe7d891f9ca55c57384b95a0a8dfe90e48c69606469f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
acc269f0e679256057ab8be8975a9003

SHA1
3bb139c00dfcf32d117f3fa919f8c923ba61c123

SHA256
54916460205a552eaa5aeec27af5668d643c2fb751f1f422fa87bfcac7773853

SHA512
550f6e4cbae0c7085c3b8b8ffc71dab757823675459f60cf304c29eb8724be51d07ba1c72fed90867c57fe82ba0465ca4ddd9c87ed25b5e3ea8c6112d996dce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e6689372c5708ade127c4382eb16ee4a

SHA1
9249b67f37c84e05963b1c0da974f2577be69796

SHA256
24417e264048271dbd361585e61d94439cce1d6f5b06741f3658f2c1f077dc0a

SHA512
82f11f0b6db5d2b3a56bebfeb13a310d1ba9456d5425bd29d4627847b0c9e33f565ef6b7918108d403347b2d0dc1bd18b88bbe711f77f6b058a4f892971fc3bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
acecc137f8cf0630533c36611ff55b3c

SHA1
79b93e2b88e202fed46ba97a257275668a656437

SHA256
f9157d1b937a7cda894b48ff2a4a13f8b86a2f3830e1ac8a98934a7319b09fd4

SHA512
0016c439924a5228031e40a64439ad26506295431198ec9e6221c8b629a1695baed87df509bba81c80b23abfa8e563e34954a8aa89590db0a2c5b44171b55d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f011e72115df37b72df063f8d1ba10ee

SHA1
e9a589a3a5f2576b6a7710af35ab31f209058ae5

SHA256
79b644d3f321a6c8fb58af1a08fca880673dcab729216b22f11c84660ad31970

SHA512
7f0625100f603af5145e10b77364643d546de0f1bb70333f9e2fb4fb0333aa990e13849c5e0b2e36f4c1505a7cf562524cf1c91afbcfdadcc707ee75a4f37185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a385b6576852c6abea0360f94a8ead7b

SHA1
7b3339214f8686d62ae41234cd64ae03b54b7c2e

SHA256
30b981502de5e6cc04c62b45063ce64be2f8d4b8dd2910dcaf04411cc7912b81

SHA512
ec63a4969469b254d1c99c2950a274da2c839cbc3b8a6d0f07bc24a760b6f13c4fb24c51d33a48907330924d3fe586bb5911658c9d3daaed079f8e609d530221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
f5957da9627c9bee842e08bb72399926

SHA1
578a9fd028789386d4991cb08c7197e7386ea195

SHA256
72990d6bd40ba49bdbc025bfcd6c28b1d9348adb5c01b3500a5b7e8a2ed932c2

SHA512
7d1e7111a684c14225d0917ac70fdf18e1c5410d51407745bba813a9d0593459040af2b028eaeda8029650203626927e3a105399861c0cc6b736289c2e2d6a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
d7eba47f97c997a9c3f802350aa889d7

SHA1
22b0e367ffa839f95c9ae9966d6df6acfb941ec0

SHA256
1644a32087b05bd5e5ce9310233a23282d3d504daa447551cbc3088e139d0633

SHA512
68810119102bcea3de85f7bbd6a775bb37695a2d8b3c677c4e401e4b05db60c25221d8b1ba0666633ab8a7754d89ca737eed69c3780214654ba1527a7ffccf28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
c112d5cc8bcae0d42d0c8687ca4fafa5

SHA1
f9bafbaf81db64bbf44e56a799a488ff319d7d19

SHA256
0587486e78748f072181630caa1484a412b6db236349af236d53421101ef4b4c

SHA512
12114b8cdf3d2208ef824bf5ee5fe01bf7ae6ae609b77743c40e56461a037cbde481923a2d98dc988547c24a26da26f15b874f2c0d9e1bd192f5cb8eba10e43a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe571b29.TMP

Filesize
96KB

MD5
f9404d72494d724477212e50425832c5

SHA1
dfd3b36d84a476f93ccbaa4469de67b958dda769

SHA256
1300e122ca456501497b76350dbdccd3eb8b8e838ee1b53a98bde958c8bfd64b

SHA512
ca48edf59c44608b437412e1e6faf19e96a712013a4b455cf85d71b91f6f43550bffeecd07206b6cbaa176962fe845f77bb1a00f86360fa1894b2e384a4fca3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit