Analysis

  • max time kernel
    156s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2024, 16:50 UTC

General

  • Target

    275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    275ed964b4feb7d2d12053dd8eeecb7a

  • SHA1

    8c33019c08529ce2868c7ed86a04a16c5046a718

  • SHA256

    82d2e2a8529d4704d2eabfb845dc262234b73866819ef835e291c7f9818aa9b1

  • SHA512

    8cc6c9912dbb6482b2481d8924d4dd17aa7765b40655f2cf946b930335ec0f62cab939158d13f89155ea3ce15d2e0eb3d712fb0fb74081be5756e3d893347246

  • SSDEEP

    24576:dxpXPaR2J33o3S7P5zuHHOF2ahfehMHsGKzOYf8EEvX32Z1qsa:npy+VDa8rtPvX32Z8s

Malware Config

Signatures

  • Socelars

    Socelars is an infostealer targeting browser cookies and credit card credentials.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops Chrome extension 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe"
    1⤵
    • Drops Chrome extension
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4208
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im chrome.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im chrome.exe
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4808
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffa38989758,0x7ffa38989768,0x7ffa38989778
        3⤵
          PID:2524
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1884,i,4517761732585977562,10070565218192888700,131072 /prefetch:2
          3⤵
            PID:3716
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1884,i,4517761732585977562,10070565218192888700,131072 /prefetch:8
            3⤵
              PID:1360
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1884,i,4517761732585977562,10070565218192888700,131072 /prefetch:8
              3⤵
                PID:1412
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1884,i,4517761732585977562,10070565218192888700,131072 /prefetch:1
                3⤵
                  PID:4552
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1884,i,4517761732585977562,10070565218192888700,131072 /prefetch:1
                  3⤵
                    PID:3732
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4712 --field-trial-handle=1884,i,4517761732585977562,10070565218192888700,131072 /prefetch:1
                    3⤵
                      PID:4456
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1884,i,4517761732585977562,10070565218192888700,131072 /prefetch:8
                      3⤵
                        PID:4284
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 --field-trial-handle=1884,i,4517761732585977562,10070565218192888700,131072 /prefetch:8
                        3⤵
                          PID:4776
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1884,i,4517761732585977562,10070565218192888700,131072 /prefetch:8
                          3⤵
                            PID:4888
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 --field-trial-handle=1884,i,4517761732585977562,10070565218192888700,131072 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4868
                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                        1⤵
                          PID:852

                        Network

                        • flag-us
                          DNS
                          217.106.137.52.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          217.106.137.52.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          41.134.221.88.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          41.134.221.88.in-addr.arpa
                          IN PTR
                          Response
                          41.134.221.88.in-addr.arpa
                          IN PTR
                          a88-221-134-41deploystaticakamaitechnologiescom
                        • flag-us
                          DNS
                          www.listincode.com
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.listincode.com
                          IN A
                          Response
                          www.listincode.com
                          IN A
                          3.64.163.50
                        • flag-de
                          GET
                          https://www.listincode.com/
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          Remote address:
                          3.64.163.50:443
                          Request
                          GET / HTTP/1.1
                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
                          Host: www.listincode.com
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 302 Found
                          Server: openresty
                          Date: Fri, 29 Mar 2024 16:50:35 GMT
                          Content-Type: text/html; charset=utf-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          X-Frame-Options: SAMEORIGIN
                          X-XSS-Protection: 1; mode=block
                          X-Content-Type-Options: nosniff
                          X-Download-Options: noopen
                          X-Permitted-Cross-Domain-Policies: none
                          Referrer-Policy: strict-origin-when-cross-origin
                          Location: https://listincode.com
                          Cache-Control: no-cache
                          Set-Cookie: bc9bd58fe1b6ef954d6d794db6d30e25e8ff50634d24346cf8006ef422e3c05c6e48b07678e34d08c97ad3f91012c80ac690b50f51fbd49b16e301de58d9c5ca=OnISfUZB6HbBsfOgnu%2F7ffvBwtFvZjsHS68XycdhR317v3z%2FW1DOZJBvjMJ6p%2BcC4vuhaglT3TzmtSPiq%2B12Bra2WTFKOEyZOPNYvQWi1V%2FllxcGT9LSJfj3qLDZqWEu3iD9tcAWl3Fdp0T%2BlDkLuoUz6mLHuRxauhShIuKDoV%2FNkzfST%2Fw9x1UrDnPm16yp%2BQ8jDoFWelKGjAEjxK7ZlKpluAmdHU2Hv67zUEr31gvHcrWEH%2Fxg1FyJdCDf5R0B8a30w7m69q7tahqSqY%2BLOc49Qi8v1jq4RLYrFJvENi37TrXX2LGbfgZiXEc43ykgMAqp%2Fp6xX2F7V6FqFUHPY%2Fe4npRYTF%2FABdx8cQ%3D%3D--ugpi%2FUwtNuZnq9ms--RCAoBGSKuUMBAkNv84WDcg%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
                          X-Request-Id: 477a92e1-38d4-4444-9209-d699cc5d9a62
                          X-Runtime: 0.062297
                        • flag-us
                          DNS
                          listincode.com
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          listincode.com
                          IN A
                          Response
                          listincode.com
                          IN A
                          3.64.163.50
                        • flag-de
                          GET
                          https://listincode.com/
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          Remote address:
                          3.64.163.50:443
                          Request
                          GET / HTTP/1.1
                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
                          Cache-Control: no-cache
                          Host: listincode.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 200 OK
                          Server: openresty
                          Date: Fri, 29 Mar 2024 16:50:36 GMT
                          Content-Type: text/html; charset=utf-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Vary: Accept-Encoding
                          X-Frame-Options: SAMEORIGIN
                          X-XSS-Protection: 1; mode=block
                          X-Content-Type-Options: nosniff
                          X-Download-Options: noopen
                          X-Permitted-Cross-Domain-Policies: none
                          Referrer-Policy: strict-origin-when-cross-origin
                          Link: <https://cdn3.dan.com/packs/js/runtime~public/product-a388502b2ade76cdf5dc.js>; rel=preload; as=script; nopush,<https://cdn0.dan.com/packs/js/vendors~backoffice/backoffice~backoffice/support~development/style-guide~old/backoffice~old/server-b~d526015e-b02dab7d57eddf972a96.chunk.js>; rel=preload; as=script; nopush,<https://cdn0.dan.com/packs/js/vendors~public/buyer_control_panel~public/product~public/sitemap-7375aac70edba1f1839e.chunk.js>; rel=preload; as=script; nopush,<https://cdn3.dan.com/packs/js/public/product-09a4c515c90890da03d0.chunk.js>; rel=preload; as=script; nopush,<https://cdn0.dan.com/assets/for_sale-83ee68c3777184a15d745d6845ef3e1c9a72613f4087a302c39e0739af42184a.css>; rel=preload; as=style; nopush,<https://cdn3.dan.com/assets/cookie_manage-fc91a8adaf9f7b42b33d3607ed64db7c4aa75169408c6a326b32ee9bafd6c87d.css>; rel=preload; as=style; nopush,<https://cdn2.dan.com/assets/vendor/svg4everybody-1f5a41bf858a5454d7923542e3380530fc2c4faaaf6ab58f29da7c6b2ebe2313.js>; rel=preload; as=script; nopush,<https://cdn2.dan.com/packs/js/runtime~public/shared-a5c4be6bbaaec9b5b487.js>; rel=preload; as=script; nopush,<https://cdn1.dan.com/packs/js/vendors~public/shared-92033e5339236b7a059d.chunk.js>; rel=preload; as=script; nopush,<https://cdn1.dan.com/packs/js/public/shared-927c1034397d84d3caf7.chunk.js>; rel=preload; as=script; nopush
                          ETag: W/"f76b79ccabca2628a39d0f67ef01548c"
                          Cache-Control: max-age=0, private, must-revalidate
                          Set-Cookie: bc9bd58fe1b6ef954d6d794db6d30e25e8ff50634d24346cf8006ef422e3c05c6e48b07678e34d08c97ad3f91012c80ac690b50f51fbd49b16e301de58d9c5ca=YeiZAqRCkLUzm7DOlcv08qw8Ih8%2BStxHL5Lxe%2F8KRv0yZp80M2xNDhk%2Fsv%2FyjWr2ENmtA%2F%2BsD9mj%2B%2BdMURs9kqaXmQOLKpS2u1rI1NMqygJB9dQPvPcMSlhFpuY56SR9stDPhBTwmmQaFP57ZBRwMR847P2XTisvV%2F9935xrq5dURW21vjtH4LR%2BBjvkwhGARptzlLt1rQ%2B5M0Yrhwn0AkzfQp90btyMvto%2FrloYl3RxweeWGGz4gPj6WQmWrmNfuf%2F7m4HFR3NDZUq61XJl2JiR3KlkZ2Syu51d3TI1Jo%2Fd69BC6MwDHFCjCRMBGEKS2AjHlNAKfDUr11HK8FmXQ7D0ALRSd4ltR27EUUyWM4gClsLez9a05d8pmGRSWw0uIz6QPz%2FrSY%2Bhmeuc0a3wFM%2Fiu3RwH82iHRN3ETCeWVKtMFVpFnw%2Ffzi33PoVJk%2BK4mtWBarU87xex43%2BMR05rQ%3D%3D--veydeZIXe9bNpZHk--zjOJmDAX0RGiyCLLQ8tysw%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
                          X-Request-Id: 11425c91-cbb1-4916-9d12-689dec3f2cba
                          X-Runtime: 0.119444
                        • flag-us
                          DNS
                          50.163.64.3.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          50.163.64.3.in-addr.arpa
                          IN PTR
                          Response
                          50.163.64.3.in-addr.arpa
                          IN PTR
                          ec2-3-64-163-50 eu-central-1compute amazonawscom
                        • flag-us
                          DNS
                          38.109.16.96.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          38.109.16.96.in-addr.arpa
                          IN PTR
                          Response
                          38.109.16.96.in-addr.arpa
                          IN PTR
                          a96-16-109-38deploystaticakamaitechnologiescom
                        • flag-us
                          DNS
                          71.31.126.40.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          71.31.126.40.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          iplogger.org
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          iplogger.org
                          IN A
                          Response
                          iplogger.org
                          IN A
                          104.21.4.208
                          iplogger.org
                          IN A
                          172.67.132.113
                        • flag-us
                          GET
                          https://iplogger.org/1XJq97
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          Remote address:
                          104.21.4.208:443
                          Request
                          GET /1XJq97 HTTP/1.1
                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
                          Host: iplogger.org
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Fri, 29 Mar 2024 16:50:36 GMT
                          Content-Type: image/png
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          set-cookie: 206285291425502895=1; expires=Sat, 29 Mar 2025 16:50:36 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                          set-cookie: clhf03028ja=84.247.114.175; expires=Sat, 29 Mar 2025 16:50:36 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                          memory: 0.41180419921875
                          expires: Fri, 29 Mar 2024 16:50:36 +0000
                          Cache-Control: no-store, no-cache, must-revalidate
                          strict-transport-security: max-age=31536000
                          x-frame-options: SAMEORIGIN
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7iuS%2F0juffT5jOfwrhMu3incMQIf1df%2B8DdZb53mqK6jCrVZIRLEHbIMC4xa2C53P%2BSQIEKjQOq2rqwlLqfpSvTRhdgcyeF7sm23%2Fol9XrjSEYLt6CAPR5MYp5PMs3I%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 86c15c24ff59416d-LHR
                          alt-svc: h3=":443"; ma=86400
                        • flag-us
                          DNS
                          x2.c.lencr.org
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          x2.c.lencr.org
                          IN A
                          Response
                          x2.c.lencr.org
                          IN CNAME
                          crl.root-x1.letsencrypt.org.edgekey.net
                          crl.root-x1.letsencrypt.org.edgekey.net
                          IN CNAME
                          e8652.dscx.akamaiedge.net
                          e8652.dscx.akamaiedge.net
                          IN A
                          96.16.109.38
                        • flag-gb
                          GET
                          http://x2.c.lencr.org/
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          Remote address:
                          96.16.109.38:80
                          Request
                          GET / HTTP/1.1
                          Connection: Keep-Alive
                          Accept: */*
                          User-Agent: Microsoft-CryptoAPI/10.0
                          Host: x2.c.lencr.org
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Content-Type: application/pkix-crl
                          Last-Modified: Mon, 12 Feb 2024 22:07:27 GMT
                          ETag: "65ca969f-12b"
                          Cache-Control: max-age=3600
                          Expires: Fri, 29 Mar 2024 17:50:36 GMT
                          Date: Fri, 29 Mar 2024 16:50:36 GMT
                          Content-Length: 299
                          Connection: keep-alive
                        • flag-us
                          DNS
                          208.4.21.104.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          208.4.21.104.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          www.iyiqian.com
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.iyiqian.com
                          IN A
                          Response
                          www.iyiqian.com
                          IN A
                          34.143.166.163
                        • flag-sg
                          GET
                          http://www.iyiqian.com/
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          Remote address:
                          34.143.166.163:80
                          Request
                          GET / HTTP/1.1
                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
                          Host: www.iyiqian.com
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Fri, 29 Mar 2024 16:50:43 GMT
                          Content-Type: text/html
                          Transfer-Encoding: chunked
                          Connection: close
                          Set-Cookie: btst=; path=/; domain=.www.iyiqian.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                          Set-Cookie: btst=; path=/; domain=www.iyiqian.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                          Set-Cookie: btst=5a8cc3fc8cbad82bf0b68d0f3133cbf1|84.247.114.175|1711731043|1711731043|0|1|0; path=/; domain=.iyiqian.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                          Set-Cookie: snkz=84.247.114.175; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                        • flag-us
                          DNS
                          163.166.143.34.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          163.166.143.34.in-addr.arpa
                          IN PTR
                          Response
                          163.166.143.34.in-addr.arpa
                          IN PTR
                          16316614334bcgoogleusercontentcom
                        • flag-us
                          DNS
                          www.google.com
                          chrome.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.google.com
                          IN A
                          Response
                          www.google.com
                          IN A
                          142.250.186.68
                        • flag-de
                          GET
                          https://www.google.com/async/ddljson?async=ntp:2
                          chrome.exe
                          Remote address:
                          142.250.186.68:443
                          Request
                          GET /async/ddljson?async=ntp:2 HTTP/2.0
                          host: www.google.com
                          sec-fetch-site: none
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: empty
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-de
                          GET
                          https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                          chrome.exe
                          Remote address:
                          142.250.186.68:443
                          Request
                          GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
                          host: www.google.com
                          x-client-data: CO7eygE=
                          sec-fetch-site: cross-site
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: empty
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-de
                          GET
                          https://www.google.com/async/newtab_promos
                          chrome.exe
                          Remote address:
                          142.250.186.68:443
                          Request
                          GET /async/newtab_promos HTTP/2.0
                          host: www.google.com
                          sec-fetch-site: cross-site
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: empty
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-us
                          DNS
                          202.16.217.172.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          202.16.217.172.in-addr.arpa
                          IN PTR
                          Response
                          202.16.217.172.in-addr.arpa
                          IN PTR
                          fra16s08-in-f2021e100net
                          202.16.217.172.in-addr.arpa
                          IN PTR
                          fra16s08-in-f10�J
                          202.16.217.172.in-addr.arpa
                          IN PTR
                          fra16s65-in-f10�J
                        • flag-us
                          DNS
                          131.186.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          131.186.250.142.in-addr.arpa
                          IN PTR
                          Response
                          131.186.250.142.in-addr.arpa
                          IN PTR
                          fra24s07-in-f31e100net
                        • flag-us
                          DNS
                          68.186.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          68.186.250.142.in-addr.arpa
                          IN PTR
                          Response
                          68.186.250.142.in-addr.arpa
                          IN PTR
                          fra24s05-in-f41e100net
                        • flag-us
                          DNS
                          clients2.google.com
                          chrome.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          clients2.google.com
                          IN A
                          Response
                          clients2.google.com
                          IN CNAME
                          clients.l.google.com
                          clients.l.google.com
                          IN A
                          172.217.23.110
                        • flag-de
                          GET
                          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D32%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D32%2526e%253D1
                          chrome.exe
                          Remote address:
                          172.217.23.110:443
                          Request
                          GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D32%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D32%2526e%253D1 HTTP/2.0
                          host: clients2.google.com
                          sec-fetch-site: none
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: empty
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-us
                          DNS
                          110.23.217.172.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          110.23.217.172.in-addr.arpa
                          IN PTR
                          Response
                          110.23.217.172.in-addr.arpa
                          IN PTR
                          mil04s23-in-f1101e100net
                          110.23.217.172.in-addr.arpa
                          IN PTR
                          fra16s45-in-f14�J
                          110.23.217.172.in-addr.arpa
                          IN PTR
                          mil04s23-in-f14�J
                        • flag-us
                          DNS
                          196.249.167.52.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          196.249.167.52.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          86.23.85.13.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          86.23.85.13.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          171.39.242.20.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          171.39.242.20.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          217.135.221.88.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          217.135.221.88.in-addr.arpa
                          IN PTR
                          Response
                          217.135.221.88.in-addr.arpa
                          IN PTR
                          a88-221-135-217deploystaticakamaitechnologiescom
                        • flag-us
                          DNS
                          43.229.111.52.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          43.229.111.52.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          beacons.gcp.gvt2.com
                          chrome.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          beacons.gcp.gvt2.com
                          IN A
                          Response
                          beacons.gcp.gvt2.com
                          IN CNAME
                          beacons-handoff.gcp.gvt2.com
                          beacons-handoff.gcp.gvt2.com
                          IN A
                          172.217.169.67
                        • flag-gb
                          POST
                          https://beacons.gcp.gvt2.com/domainreliability/upload
                          chrome.exe
                          Remote address:
                          172.217.169.67:443
                          Request
                          POST /domainreliability/upload HTTP/2.0
                          host: beacons.gcp.gvt2.com
                          content-length: 1323
                          content-type: application/json; charset=utf-8
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-us
                          DNS
                          67.169.217.172.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          67.169.217.172.in-addr.arpa
                          IN PTR
                          Response
                          67.169.217.172.in-addr.arpa
                          IN PTR
                          lhr48s09-in-f31e100net
                        • flag-us
                          DNS
                          9.179.89.13.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          9.179.89.13.in-addr.arpa
                          IN PTR
                          Response
                        • 96.16.110.114:80
                          http
                          1.3kB
                          3
                        • 3.64.163.50:443
                          https://www.listincode.com/
                          tls, http
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          1.1kB
                          7.4kB
                          13
                          10

                          HTTP Request

                          GET https://www.listincode.com/

                          HTTP Response

                          302
                        • 3.64.163.50:443
                          https://listincode.com/
                          tls, http
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          2.8kB
                          58.0kB
                          50
                          47

                          HTTP Request

                          GET https://listincode.com/

                          HTTP Response

                          200
                        • 104.21.4.208:443
                          https://iplogger.org/1XJq97
                          tls, http
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          1.1kB
                          6.6kB
                          13
                          9

                          HTTP Request

                          GET https://iplogger.org/1XJq97

                          HTTP Response

                          200
                        • 96.16.109.38:80
                          http://x2.c.lencr.org/
                          http
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          345 B
                          720 B
                          5
                          3

                          HTTP Request

                          GET http://x2.c.lencr.org/

                          HTTP Response

                          200
                        • 34.143.166.163:80
                          http://www.iyiqian.com/
                          http
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          469 B
                          872 B
                          6
                          5

                          HTTP Request

                          GET http://www.iyiqian.com/

                          HTTP Response

                          200
                        • 142.250.186.68:443
                          https://www.google.com/async/newtab_promos
                          tls, http2
                          chrome.exe
                          2.3kB
                          10.6kB
                          24
                          29

                          HTTP Request

                          GET https://www.google.com/async/ddljson?async=ntp:2

                          HTTP Request

                          GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

                          HTTP Request

                          GET https://www.google.com/async/newtab_promos
                        • 172.217.23.110:443
                          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D32%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D32%2526e%253D1
                          tls, http2
                          chrome.exe
                          2.1kB
                          9.8kB
                          18
                          20

                          HTTP Request

                          GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.62.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D32%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D32%2526e%253D1
                        • 172.217.169.67:443
                          https://beacons.gcp.gvt2.com/domainreliability/upload
                          tls, http2
                          chrome.exe
                          3.0kB
                          7.0kB
                          15
                          14

                          HTTP Request

                          POST https://beacons.gcp.gvt2.com/domainreliability/upload
                        • 8.8.8.8:53
                          217.106.137.52.in-addr.arpa
                          dns
                          73 B
                          147 B
                          1
                          1

                          DNS Request

                          217.106.137.52.in-addr.arpa

                        • 8.8.8.8:53
                          41.134.221.88.in-addr.arpa
                          dns
                          72 B
                          137 B
                          1
                          1

                          DNS Request

                          41.134.221.88.in-addr.arpa

                        • 8.8.8.8:53
                          www.listincode.com
                          dns
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          64 B
                          80 B
                          1
                          1

                          DNS Request

                          www.listincode.com

                          DNS Response

                          3.64.163.50

                        • 8.8.8.8:53
                          listincode.com
                          dns
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          60 B
                          76 B
                          1
                          1

                          DNS Request

                          listincode.com

                          DNS Response

                          3.64.163.50

                        • 8.8.8.8:53
                          50.163.64.3.in-addr.arpa
                          dns
                          70 B
                          134 B
                          1
                          1

                          DNS Request

                          50.163.64.3.in-addr.arpa

                        • 8.8.8.8:53
                          38.109.16.96.in-addr.arpa
                          dns
                          71 B
                          135 B
                          1
                          1

                          DNS Request

                          38.109.16.96.in-addr.arpa

                        • 8.8.8.8:53
                          71.31.126.40.in-addr.arpa
                          dns
                          71 B
                          157 B
                          1
                          1

                          DNS Request

                          71.31.126.40.in-addr.arpa

                        • 8.8.8.8:53
                          iplogger.org
                          dns
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          58 B
                          90 B
                          1
                          1

                          DNS Request

                          iplogger.org

                          DNS Response

                          104.21.4.208
                          172.67.132.113

                        • 8.8.8.8:53
                          x2.c.lencr.org
                          dns
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          60 B
                          165 B
                          1
                          1

                          DNS Request

                          x2.c.lencr.org

                          DNS Response

                          96.16.109.38

                        • 8.8.8.8:53
                          208.4.21.104.in-addr.arpa
                          dns
                          71 B
                          133 B
                          1
                          1

                          DNS Request

                          208.4.21.104.in-addr.arpa

                        • 8.8.8.8:53
                          www.iyiqian.com
                          dns
                          275ed964b4feb7d2d12053dd8eeecb7a_JaffaCakes118.exe
                          61 B
                          77 B
                          1
                          1

                          DNS Request

                          www.iyiqian.com

                          DNS Response

                          34.143.166.163

                        • 8.8.8.8:53
                          163.166.143.34.in-addr.arpa
                          dns
                          73 B
                          126 B
                          1
                          1

                          DNS Request

                          163.166.143.34.in-addr.arpa

                        • 8.8.8.8:53
                          www.google.com
                          dns
                          chrome.exe
                          60 B
                          76 B
                          1
                          1

                          DNS Request

                          www.google.com

                          DNS Response

                          142.250.186.68

                        • 8.8.8.8:53
                          202.16.217.172.in-addr.arpa
                          dns
                          73 B
                          173 B
                          1
                          1

                          DNS Request

                          202.16.217.172.in-addr.arpa

                        • 8.8.8.8:53
                          131.186.250.142.in-addr.arpa
                          dns
                          74 B
                          112 B
                          1
                          1

                          DNS Request

                          131.186.250.142.in-addr.arpa

                        • 142.250.186.68:443
                          www.google.com
                          https
                          chrome.exe
                          5.1kB
                          19.1kB
                          29
                          26
                        • 8.8.8.8:53
                          68.186.250.142.in-addr.arpa
                          dns
                          73 B
                          111 B
                          1
                          1

                          DNS Request

                          68.186.250.142.in-addr.arpa

                        • 8.8.8.8:53
                          clients2.google.com
                          dns
                          chrome.exe
                          65 B
                          105 B
                          1
                          1

                          DNS Request

                          clients2.google.com

                          DNS Response

                          172.217.23.110

                        • 224.0.0.251:5353
                          chrome.exe
                          204 B
                          3
                        • 8.8.8.8:53
                          110.23.217.172.in-addr.arpa
                          dns
                          73 B
                          173 B
                          1
                          1

                          DNS Request

                          110.23.217.172.in-addr.arpa

                        • 8.8.8.8:53
                          196.249.167.52.in-addr.arpa
                          dns
                          73 B
                          147 B
                          1
                          1

                          DNS Request

                          196.249.167.52.in-addr.arpa

                        • 8.8.8.8:53
                          86.23.85.13.in-addr.arpa
                          dns
                          70 B
                          144 B
                          1
                          1

                          DNS Request

                          86.23.85.13.in-addr.arpa

                        • 8.8.8.8:53
                          171.39.242.20.in-addr.arpa
                          dns
                          72 B
                          158 B
                          1
                          1

                          DNS Request

                          171.39.242.20.in-addr.arpa

                        • 8.8.8.8:53
                          217.135.221.88.in-addr.arpa
                          dns
                          73 B
                          139 B
                          1
                          1

                          DNS Request

                          217.135.221.88.in-addr.arpa

                        • 8.8.8.8:53
                          43.229.111.52.in-addr.arpa
                          dns
                          72 B
                          158 B
                          1
                          1

                          DNS Request

                          43.229.111.52.in-addr.arpa

                        • 8.8.8.8:53
                          beacons.gcp.gvt2.com
                          dns
                          chrome.exe
                          66 B
                          112 B
                          1
                          1

                          DNS Request

                          beacons.gcp.gvt2.com

                          DNS Response

                          172.217.169.67

                        • 8.8.8.8:53
                          67.169.217.172.in-addr.arpa
                          dns
                          73 B
                          111 B
                          1
                          1

                          DNS Request

                          67.169.217.172.in-addr.arpa

                        • 8.8.8.8:53
                          9.179.89.13.in-addr.arpa
                          dns
                          70 B
                          144 B
                          1
                          1

                          DNS Request

                          9.179.89.13.in-addr.arpa

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          945B

                          MD5

                          850ddc8ab94b9f15994a75a53d1ee206

                          SHA1

                          5c04b2c63013eb70d87b66ef0462b09ca0ab7f5a

                          SHA256

                          9f2b9bd0869f7746ae3b182d82d3d92548ef29c09622daae4b26c20a09a46544

                          SHA512

                          a393f197eaf62ee3e48e73c05e3751909eff15b427f5f3f0d2dafee12743090a1d67454079d27208cc0492c67debc9fb4176fc91b02fdcbe1a357df43f6b6967

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          371B

                          MD5

                          70e32f60569824cdf4b338024dfd476b

                          SHA1

                          e4cd359545f6c039f6481b6e917fee385de1b316

                          SHA256

                          2456f42561a6653c328c50bee01b5243645170ce38443c9b0d56f032ba19b48b

                          SHA512

                          f3e4d2e506d0396817942e5eb7a34e342c3ab89cc7e80540a435df2145822854d412bfad9b8b07e56d0283d9425e1cbaf2ffce7f0eccae8e0c2f78a4bf577b65

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          f0150643bb8c1f59b4b8d1c42eac1837

                          SHA1

                          7ae077ea94de852acdbad3eb207cadd0deb43533

                          SHA256

                          b7426e7ebccab26232be5819890129ef824357c65529dfd19943846f934543a8

                          SHA512

                          a35c177b071927bf6286772ebe8eb3598c546e23905282926c1578096f562706b9920c3eef8963fe3af52dd5e03ba0f46b74f728e48ed2fa3a4248e520728e85

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          7cc56004e783ec487f610d753e15f015

                          SHA1

                          52a344f348ac1f0ef02fe2b6d87219d80f6a9d02

                          SHA256

                          972911851d101eef7dbe912485c2eafae6a11e80b6f220c9dde8ae11d525fa91

                          SHA512

                          b243262241535e278718f3eabf382866dff57b6c278922fdd6a81abf00880098efdf185adcc808aa335cb7a15319bead79990cca89c3dad5a2e145e0cde68003

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                          Filesize

                          18KB

                          MD5

                          9f01536830c3b2f17383bd899a0f4914

                          SHA1

                          9bed099daebe20dc68fcb6adfcc0ae20c79170b7

                          SHA256

                          4ad4ae8353ed7deaaadecdd3adc7ac5395e3fa68dc756d3ace985c3cd78ecdd2

                          SHA512

                          479d279765dc85703cecb0c55f0bff55a8afe40bbba581e6f53dae2d7698d85eed01c5aa1d40466439ddca472595fbb076f9c86e3799a91b912dd90d96c0b3e9

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                          Filesize

                          18KB

                          MD5

                          c22056362ba2aff0dd4c81dc64367a51

                          SHA1

                          509357154e1baef5a4d058b556781d577020db10

                          SHA256

                          5c9ef333b539a4fca415761cd66785e5ac20743b5883fa379e891ac929bf43ae

                          SHA512

                          09519882d3b22247b98e1c723fff39a9ed1cac6e1ecd92e2f23fd8c87e6f8fa92d609e506597a7ca12885c95ef407077c8417159e5940c8e2797280a7ca5bef5

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          260KB

                          MD5

                          08dadf3e49f8bd5668a9fa060678679e

                          SHA1

                          4853c83e99ae0b5c3fdb361dfcf34fa5dbf17104

                          SHA256

                          38eee2e4af9859532eff2f702b8bd1394f82ba74d9e74792183dc294676dbd80

                          SHA512

                          bd56d8c73971f4771e3b9a887efcb2a41e3ba6c19eabccbf4b3553a1fffc221a3469936c39886939c9387d0fde0040ef9bf8ec0eaf4c13e97ce67f374f1b9a0d

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                          Filesize

                          2B

                          MD5

                          99914b932bd37a50b983c5e7c90ae93b

                          SHA1

                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                          SHA256

                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                          SHA512

                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                        We care about your privacy.

                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.