hxxps://zjwyny[.]com/?__cf_chl_rt_tk=VGf2reVqJoObdfT5PLhkX4vShR[.]dxvYcz7FderhlYbQ-1711622096-0[.]0[.]1[.]1-1557

Analysis

max time kernel
600s
max time network
605s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zjwyny.com/?__cf_chl_rt_tk=VGf2reVqJoObdfT5PLhkX4vShR.dxvYcz7FderhlYbQ-1711622096-0.0.1.1-1557

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133561025847147971"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3952	2932	chrome.exe	85
PID 2932 wrote to memory of 3952	2932	chrome.exe	85
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1196	2932	chrome.exe	89
PID 2932 wrote to memory of 1608	2932	chrome.exe	90
PID 2932 wrote to memory of 1608	2932	chrome.exe	90
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91
PID 2932 wrote to memory of 4948	2932	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://zjwyny.com/?__cf_chl_rt_tk=VGf2reVqJoObdfT5PLhkX4vShR.dxvYcz7FderhlYbQ-1711622096-0.0.1.1-1557
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe5bb9758,0x7fffe5bb9768,0x7fffe5bb9778
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:2
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4968 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3256 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3308 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5840 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4504 --field-trial-handle=1924,i,6337080468230352462,14890928906746417265,131072 /prefetch:1
  2⤵
  PID:3516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
a83951f6a94a803f439853a7efd8ffcb

SHA1
740b23f5c0b4be4d43cbe3f12e852f71aa737cce

SHA256
c7da3a7ac8ba0b869de76bc448b30eaa4e1a09a51fe045a09bd7ffdb374bc469

SHA512
8af198c9821897e5094982dc88b27e5204e40f49a581d3cf27eff621f0bac74a646119e146e54e3da10c3fa00afe0ddfbac32522ac3fb6602b24a8680e61554c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
70042acb984ab7b9caf9d5302f73da70

SHA1
6e2c23869dbe2e52259cd9b7f41ed754b5e89cea

SHA256
daa91a61327009556e52de73dbaaf457bf05d6df03e12382ce2e707e281683c3

SHA512
f082c8fd955720fc8791d1afa860006cd8527c33f66683ce5fe83239a52680fb8f5cedde4d702e3f5e811665a0a986fd9436cf30807117eac401cb642b98eb4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
26ee1891de76bebc6c72c3e6311081e9

SHA1
76fd7cc336b976d914b25e4878c900ef2f848092

SHA256
0603c0da23579450384cb965c39b32af018cb559cb546953d5def6ee59c443b3

SHA512
4e1860d58153b03e73ef89c96a4951bd7654e9675c307b0aa559a6613582ebe834c78bdd33a788cee894e4a17f8f5cf19887eef349f3d0c902052ca3e2828699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0da85f7073ee3f41114697b71652825e

SHA1
a8281cd964500af26bf6d28e55ba0bfbf4ec2f5b

SHA256
cccf0330eac4c66d90756a9476fc3d68d9161234f44619936409e0965a2e413a

SHA512
b5aff14a5ddaf8d79a56bb9d9fb0d7a2631c445b265173768ce78ce72e0d517aa766a8b1437df86ad19fd0cf8f017a68997155e387bea677cf26e65e997399db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4e7af25f1c2b22ed136a5bcf5aecf069

SHA1
d301a8d20fb047f377873c53f30189d357941e01

SHA256
d63239adb8a1a37099067751bda218d958b07c45d66d67603f387d2188f17056

SHA512
f5d755894ccbbf6d9b5b848975118d4772d0dec84df8ce6429b3086485012d2363fe4e8c3a2e95b6afe8ed09ea13c8fc2fbbf4d2e065c27e893ec2402a309727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
afa18d8f3f38b07b40b52c79ef3980b4

SHA1
abfd7eeb485827a8ca06de50d4a390bef464fcac

SHA256
f44910bce8bc0c2a4496cd27758a9a1528c32640c0e5676add111bfeecd3d567

SHA512
3eb6d83b8c628a5811163e059b2c56f9346fcfc901720622d46df0c15ecd6353f47581a74bafea6b0cb6645917727211388b7e005576f8e42f9c95f0adb04b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0a00624e76247c200f311a2f48a98b8b

SHA1
461ddb6f623e5f736932cd2b143e30bf75be3e56

SHA256
0b2de483d8269b7fcc85a988c6dffdbf315d17cc0e628cf354bd6543cb399116

SHA512
d7652eddd16b52763e269728e372a8e9e2c6fa4e6a170de2ec955caf7a1f4762053a4fe86eba4c5af3b7fc27eee315ed933bb0c23be7a80a2fa4a937e03ab00b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
16e10c6380bad090a426f5959277844b

SHA1
967bbd1d8e1d88d42b969b5e21e315ceb8ade7f0

SHA256
7d7edc02251102bc73361ce9f7dafaa5df709dd815a373fd9ad399895b0baf7b

SHA512
192944517add733c5672598034b9ddcc118db5b59a256114e4474d9d1e0056998df0d7b87a8657397329022005b67ed74cda8ce362ab2b0ab7cbb9072b2cf62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f71f76a75ebc60fd80ab4517c9fc42ab

SHA1
80e893eef1a25dae2e862983840af0b85d4ea10e

SHA256
1bc57a8b206712cd50320f1955301d920d935b87bf64b713d0ec29e45a7c0327

SHA512
ac41580848894df14695873f8b760d8d07b0503fcc8a039d240420f4f7d30aace5c18b4089ee2eeff7d15e9a2657e0790df466b74efd5a0201a49fde6fb588e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
eedac00b0b140826ca33739e13da105d

SHA1
5794782c4f42dafcfd1149ebfb26d0c5f33b55a6

SHA256
51c76f0d2d1398d778b611c65a83fc144cf3608dd40082583a11279d38eeda8a

SHA512
c19cf5d289dd54be36b19212a2d7d5b7f73686f73e3fc76c4475d1823ced331fdbf65ad3aa4a811771f6fd266d2b6d15adb1ad7b12f81c32f5966d95b92eee6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e2806870475a6459f08fe14fb44123cb

SHA1
d6381b1eecc7e3c80c4ed7ab134d2a8099d6c1fa

SHA256
334ed211f4a111e14c533dcd1b859bca0343a2a652f1938af6bdeab5d84cdf99

SHA512
d45ed0752dd1f044e778b7d29ec5ff0cc14acb7ff9663b826b4900153ddeed36bd36bf3c5d10fec3ba0b0a8ee116878230d73b4f1aab978ebf815dc559dfd7b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a599eac745365766ef1a34c171196aa

SHA1
ddba1a06e3e347f76f5aa3515d7f8ed0da5a362c

SHA256
70e61804a37bbbe101b41c4b42820840c75a4f1bf02362acd30a62ebc44dd9c0

SHA512
069434886cd8481a80bbfb66c5900baa75f5395ee9bc52e233faf47e07db0eff9c7a4c66dd831ecb4c0ddf85b88b248bae6724aa0a9e18876ba5ddd174db58c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d503112d4d0c984b9f1b9ede66b823b7

SHA1
0f7cba1a21ecc0164b592febb94210159ac52e8e

SHA256
6cfb673c8d808e669be80b4d58b25e08942aeaa71845d001772f94bea5b5aa66

SHA512
cb4287a6691304a4da8f4c5a520e619fb673abc97326bf80f302141f6b65cf6b6c403882e79fa789fc2057b84b6ea6c99bc02778b53ffcef1764c4a2642bba0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
8d2260024856a76b65776f5a67804fed

SHA1
591f7faca97b2f3c274bfa9bf75dc441d03c487a

SHA256
c20e49e374fc314e7b4c3037ac875fcd943611fe17ccf58371864e9e64722957

SHA512
2c292f791c3d6db5d034333da641f402e91af35a611cce86e94706430385fb2842094c8f657574e995c6595cd72cbd0a1c898a92d26d4646e8dc4c41a43eb4ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit