hxxp://lds2[.]sjhejw[.]cn/

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 07:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lds2.sjhejw.cn/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766481367292190"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3536 chrome.exe
3536 chrome.exe
2956 chrome.exe
2956 chrome.exe
2956 chrome.exe
2956 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

3536 chrome.exe
3536 chrome.exe
3536 chrome.exe
3536 chrome.exe
3536 chrome.exe
3536 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3536 wrote to memory of 3584	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 3584	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1796	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1064	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 1064	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe
PID 3536 wrote to memory of 4952	3536	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://lds2.sjhejw.cn/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb7535cc40,0x7ffb7535cc4c,0x7ffb7535cc58
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1584,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:3
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2040,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4824,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3220,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4176,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5008,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3060,i,4219124366148451817,2107121968282969447,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2956

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3192f6fd-ec85-468d-84b3-39bdb3e2c551.tmp

Filesize
9KB

MD5
32116c1eb8dbacbc23701091bd80a91a

SHA1
e2408ab7184cb64c49f03d53a07550318826e385

SHA256
267ab5d7f26de7b176864d004d9b99e9090e42c96d60021f76e4f1fb84c0ce6b

SHA512
a8e07b8adff64c326f182add161dcbb8dc60ad3e82cd35bea297cd83e32955cde5294f3fa89a51551af68fe60e93cdca27a4457c06835b1262c9bf05dea7eb7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e0ef857cdbfa9ba19d1aba8422aeaa4c

SHA1
a411369a532dff02c138a928c76a013ce0a40932

SHA256
3f47f0516a0e10ede06a5120cc074707b73f1d30672689d92388d7c7f8db6c1d

SHA512
dc02f5205e346e319847c4974dd796927b401989686e85c938209d61ad5b44ef611f495b1effa038cc61d8b551ddc1d87a889a7b0eb2d93ea3bed76d89813a02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cb4361e2e0e57a756a7f6cd05edd823f

SHA1
302baff9c83060e07dced26555f9ca15ef34a161

SHA256
f66f3551bceda2c9fdb276a4f684b598b7407c304b041601b558d8be2f6351ed

SHA512
06ffd1076fc67a6f2658b959097cefe2f0738530c7bc03695d705f59cbc915bb5cc6fa682bbd576d4009663d793bf491d4dde0584f53933b13ab0cba90ee0dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b14cb12051839aa8e5491cdc37f9ef1

SHA1
bd70bfcf8e94bb5a0261dc1dc37aa69c32b652f8

SHA256
a7423be23e56434fb89084e5897b94ce2422973a2aba72d15b5bd5e105e6fcd7

SHA512
35a9479a6e03f1d6330a7264cf28925570c1cfea8e3ee5b01f302aa27c912bb1319da28bbb43fa7236e91c48e99431d50e52e2f2169dcccbdde8153855f830c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47eb568859b1b928c333e34252f24259

SHA1
2176f5a2a04e1b06836d38a4ab3c2c57869b9d69

SHA256
143c68be9cf1bc83b7ad05f81d082f3ef33bab2870cb063565514203f3616330

SHA512
34997853c0368b3c125de0b296e9c3002dd6891dfc6c8e2885b33e430356e11c5ac13728ddbe7007ec751dcd72c3a4e3eaf7f4c6e85fd4febb774be6c2559e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1861a04f8154354dd5d4b4888b4f5519

SHA1
8ea746363ea5af04d9019f7a9d35e112cb0bd6ff

SHA256
e2f314d61ecc23bf48a6b17145664501a0e249df975b5928fb5cccb9b5f60e34

SHA512
e632c37f33b033ecae8001167345828b879b8e2608cbaef08d8fd9ecbece1ea6dedc178723fac7f139f41ae66a9e4da79bb651c1b7cffdab4a286e941ecfc441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d24201d8842c04c3ce72d58248dc33f6

SHA1
d6d439a04a500920814eda84134f570c94451587

SHA256
7e86fffb54145063b210fba011d591ea76b4cef1be0836ab33f577b1834fb3d5

SHA512
bd152b4216811df5c9fe91abd8a2b16a8d9437cf3c5396817d43fb473806aed800d412355444bf3e4dd088861ec7ce76c4078c9faa1b680fcecfa19ff886cc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46ea17ef2870313ebba6eacd998aacb4

SHA1
09b9529f8e08511b9f8d6780d19c09239c13e109

SHA256
11140ab2fa5332984e18d162a485f33dce4d78a41b96c513a5211dea051c9c1f

SHA512
70590a4cf4059d82fc8367d6df1339d7ef1a02f13d2eba1b276db492727a858ae51f1812ad99abbf1a822d9c5f55aca91606e28a48858b4a02d0657b84ce2ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ae8bc9f0966178308126fbb4e29da42

SHA1
d92d3d1cbf34ab594a41ea07308738119831a514

SHA256
e8efcf1650840230a2d3951b8d13d5e2dcf4bb37d3a756032930d93eabfdf3f6

SHA512
b373e7615821672804066c4500e09e4af90f776265f9e19687288d6952096830e714f868ccb5cb432f47c9e0caff3288b204757163e021d83a0c335fede93f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
830bcf29825302af86e676f7741bd5c9

SHA1
5728ea63cf250625410fab5ef32ebb6c0487c292

SHA256
e523462398835fea796986b7de988b690995b76187de3f5995530c28fc8eb45d

SHA512
75f60fbff49abea824a05cdfb1d68257572f2a097a1ad3223d9fe15a904c66b025a5efc889a433c93b21e8381cfcc0efd37c72f233060a3f8cdfc290799030a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
717a54e7dff254139f26ebcef2ceada7

SHA1
8a77f34513bab262a8fc55e7577e0ac8968e7b92

SHA256
544e3a378993f4ed834d665e3d58d3976491641c4d085e73feb929f6b8d4b524

SHA512
0dcd4c633a312e15980e72e032c2916b863ec937aae89d44f69ed788113b8520391eda8ff4f9b0afaf543e5916479847f237f259b7da3e0722b19b4996eb16b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
7247f0eeb5e3679fdb436acc90f487b8

SHA1
af539768b5177a686cf21cd71759ec997109770d

SHA256
2f951f6dec0c649956dbb7ed5222650f3835bf0550e619baac4afcb430888cfd

SHA512
ae20aeefd2b2b5bf7697b8be4d40b7cceb42d81ddd5884d6a9506feaa2600a65b4c11d506185cdd03e2e83d72b2003d63a837d539870f6763a801cf237b038db

Download Submit
\??\pipe\crashpad_3536_KTCPDOQUFQXWJHLM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit