hxxps://grandapp[.]sa[.]com/secure/auth/ngb25ht/uwe[.]reiffert@de[.]abb[.]com

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2023 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://grandapp.sa.com/secure/auth/ngb25ht/[email protected]

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133236122611297424"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3508 chrome.exe
3508 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

3508 chrome.exe
3508 chrome.exe
3508 chrome.exe
3508 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3508 wrote to memory of 4164	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4164	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3772	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 232	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 232	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 4868	3508	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://grandapp.sa.com/secure/auth/ngb25ht/[email protected]
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8abf79758,0x7ff8abf79768,0x7ff8abf79778
2⤵
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:2
2⤵
PID:3772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:8
2⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:8
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:1
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:1
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4840 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:1
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4956 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:1
2⤵
PID:448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:8
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:8
2⤵
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:8
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1836,i,16197567008126430006,7467837801325860165,131072 /prefetch:8
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9cf923218afc451f44f9f5f301d6164a

SHA1
b8b36f35743fdc6ccf292ddf028401c1199c7e19

SHA256
91a28f37163b0bc3cc53cc500c79a9d945db950e6284e1d4b952570ef109e234

SHA512
eb3b9304a969085dd9afefdf17fc6c2b3c3acf03868523df445cecdc92f9ce05cfb7842dcd5262e2c887c8fe8e1483fcebd5e4add712ea3d5042d0157c8cc83b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c2c0d977a8b7c5337250c23810343446

SHA1
95a7aa61d5bf91ef6ba4e5dd047b8ded978ee10f

SHA256
246d5e964910f7d9c868c62d5a0c941222d53b5b2f5df1adc0b434f56b287c74

SHA512
4305f9b341de61d5f1b27cb181249b3e9e4c77f4b1666a101130d17f2c238538f20c877015bdb2afd8246d4a8ad2b9d7a1ce18fe8fc1a19d526a9b173c16b0d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
702fd574cb8f9b7d99ad03e7b1edc557

SHA1
a9a6f105fcd884b575ca882fd3e0eeb387293af7

SHA256
b9f9362c7009981ad9a62baeea9f91f273473575f3ead76ffd3f9a7cb28c0f3c

SHA512
888cdb0b6d724868e6d01d6da27cd7bd38ad00e012224c0a645c1aaf961583b97ae2d106baa3c53995e64b3da532de29e9bfb492d6a3199c23545a09b271aaaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
584b6fe5cee6e9d030181beb7a6af77d

SHA1
9a9984ab51f12efe690de9d1cbd61a07dadc5230

SHA256
0eb211912e067983c07db28ab92d0884a0e8224813aaa3015a2170b7d9e0e449

SHA512
f79d29de972e4c56fbbca67b60491ecfbb2ff97c3afcbca5d176beb75c40c583901f29cb6b0a251aca844d97584230c989cce98854ff87733fdf567f1423810c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
a8d5a0ec014a42a1538d4f09ee77a660

SHA1
e014b3a5cebbc339ed1ede27b74553c39bbd592c

SHA256
cbde816c20e069ce69a2bcc653ab393617ed830004a7d34de8c4c342f3fce14e

SHA512
5cd7db9a2483fc8533bd50f7f12943dacf33548ab00a9f5f51ec10bb4f3723d85ce4b02b88c58cc6af5d2a1165afc59cf53869a700dde5fe3d32d71d2c7ff5a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
1b3b47e85ce9d60eaa4553b9af083a05

SHA1
cc654a5354137b781604e065239dfd541a55cb29

SHA256
2a8d774d6a51a0cc01186027268284bfbf7b3aab6dbef9fa68f801f5f58b97ad

SHA512
9b525f743297ab318ce05a18da018313603d7dd86fd5a726f9d384124a6d9ca57c8debcdfa0fbfdf0de5539e46311885a815badf86f16a517b6f19b37fb4e11d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
43ca09d9eea20126ce76454bbb38c6c2

SHA1
b7239e1a816740f46bbe7c487941604f9bf8a7fa

SHA256
5c0a3c07bc2850c2e20d86ab995a899f9c6aaf9fc0772247f2a80336e4dc59ac

SHA512
17b7fed72d2a9ee3bdafe0e3d48b9b053bbfe9ab325dd7bc204197879590f529f671bf527d8b38cd8cf648b7a6302b46be3a80229fde7c6478b482f91a1b5315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
bff0301967fbbe0072dbda11fb4f87aa

SHA1
20a193bdafc1e99634a2a9842ba9a7e25713f488

SHA256
8c757b6d4c9841e8d5286a1dd52fe4e71a3c5705c99e6b6a167c03433f98741e

SHA512
6d816cf570d9185e5b59038c75ac8cae3e891e228ab5ff1fbf0952a82a9764ec9cbc93de666a1b0d773b1a8af20fbe49c5c111539a40d6d15921ecec02ce2987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3508_TPJPHEBIVFLKWCRE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit