hxxp://track[.]messaging[.]crystal-loans[.]com/?xtl=255mnz93rsjfq8w5dx5axpqrxylkruzuz85zoexu9wyecxabblqgea2q9tkaugqv4ooe05fwln5mh3va4umpby3y9oaibqlf74p642ltt0pakwn2v0r0il8ovdmbcv0o2vrhczzavk5t71g1oxd9o44c2g7wlc06v4xdqbrslqn7dwtbq5rd6jgyi0yxl3g8lczyfp45xpr1hjrfdz3849g3e9dzwmm4vl4t5pho79fn0rufb669glo35uwuho0mv59cfilzckqop510xxax5jyjybm8jty34vk5u2z8lsjgcvop4bvfeznsb4wfc&eih=lwizpsxub9t2d86hvtk0hsisocxgcpcp&source_list=easy-credit-daily[.]com&email=lou[.]serio@us[.]abb[.]com

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://track.messaging.crystal-loans.com/?xtl=255mnz93rsjfq8w5dx5axpqrxylkruzuz85zoexu9wyecxabblqgea2q9tkaugqv4ooe05fwln5mh3va4umpby3y9oaibqlf74p642ltt0pakwn2v0r0il8ovdmbcv0o2vrhczzavk5t71g1oxd9o44c2g7wlc06v4xdqbrslqn7dwtbq5rd6jgyi0yxl3g8lczyfp45xpr1hjrfdz3849g3e9dzwmm4vl4t5pho79fn0rufb669glo35uwuho0mv59cfilzckqop510xxax5jyjybm8jty34vk5u2z8lsjgcvop4bvfeznsb4wfc&eih=lwizpsxub9t2d86hvtk0hsisocxgcpcp&source_list=easy-credit-daily.com&email=lou.serio@us.abb.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244660280464113"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1912 chrome.exe
1912 chrome.exe
4332 chrome.exe
4332 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1912 chrome.exe
1912 chrome.exe
1912 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1912 wrote to memory of 3864	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3864	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2952	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3516	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3516	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 3080	1912	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://track.messaging.crystal-loans.com/?xtl=255mnz93rsjfq8w5dx5axpqrxylkruzuz85zoexu9wyecxabblqgea2q9tkaugqv4ooe05fwln5mh3va4umpby3y9oaibqlf74p642ltt0pakwn2v0r0il8ovdmbcv0o2vrhczzavk5t71g1oxd9o44c2g7wlc06v4xdqbrslqn7dwtbq5rd6jgyi0yxl3g8lczyfp45xpr1hjrfdz3849g3e9dzwmm4vl4t5pho79fn0rufb669glo35uwuho0mv59cfilzckqop510xxax5jyjybm8jty34vk5u2z8lsjgcvop4bvfeznsb4wfc&eih=lwizpsxub9t2d86hvtk0hsisocxgcpcp&source_list=easy-credit-daily.com&email=lou.serio@us.abb.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef93b9758,0x7ffef93b9768,0x7ffef93b9778
2⤵
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1760,i,8324302783246941094,14637347938168115540,131072 /prefetch:2
2⤵
PID:2952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1760,i,8324302783246941094,14637347938168115540,131072 /prefetch:8
2⤵
PID:3516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1760,i,8324302783246941094,14637347938168115540,131072 /prefetch:8
2⤵
PID:3080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1760,i,8324302783246941094,14637347938168115540,131072 /prefetch:1
2⤵
PID:720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1760,i,8324302783246941094,14637347938168115540,131072 /prefetch:1
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4764 --field-trial-handle=1760,i,8324302783246941094,14637347938168115540,131072 /prefetch:1
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1760,i,8324302783246941094,14637347938168115540,131072 /prefetch:8
2⤵
PID:4816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1760,i,8324302783246941094,14637347938168115540,131072 /prefetch:8
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1760,i,8324302783246941094,14637347938168115540,131072 /prefetch:8
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=920 --field-trial-handle=1760,i,8324302783246941094,14637347938168115540,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4868

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\70ace5ff-1f62-43a3-b5a3-24d0411e1c66.tmp
Filesize
15KB

MD5
9debc42a5d6f04d429df597977470939

SHA1
4c5a9bbec8cf24966431716fc029756ebc665665

SHA256
201cf44527dba0c06c1a4a1dabb0e9d90fac3c9638e9d48020057b1f51365643

SHA512
f9c2cacdc342749ae86f20c82c6b39d6aee47a17c85312344b20930b7b5fd218a793de70df60014570fdba35c3ebac1edf3b0b4f525f609b59a7962abdf16f85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
ec532eb1621e090121b4f0128109a5c4

SHA1
6c2dee587d45c9525e5057be9610eceea6d66835

SHA256
10c4ea55a4535428579cea992588ff1735898a9cfac7f94a15e1986fe0e2a784

SHA512
3e9ce8ab7474d1b734126f5c53f7d6fbeef5f13993f23125e4f0e7132e0a1df8fd77b9ba7a4ddee8f15ab2121657eb917fbde2df6ecd5adeb44732db9ae56f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
0b177a5a91676e48cd83071ab9f0d97d

SHA1
fdb2b0a6033afb74f05013e34aaf8ca4fbc0df95

SHA256
6b7848059f90a1c4303932c0f2427160f18a166a2551c34f9a8b31d6b1c0d834

SHA512
ca74c999a4879cdd78205196453081d84122f5e68bc226405027e5695581460ba994beab7663073e068aab5a1159745c8e585c7f9547bf4fd0b4ca3d5fc3a4c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
94ce73edaff02c081bab1bc203421032

SHA1
304c796223b6d076dc0c7558e2a780b967be418b

SHA256
b2c8e16537c97108cad0ec86bae6547f86248a6c0841ce035846ee5b625d59d2

SHA512
867a6a6a12705645c64a73b60f490d6b50617ea4cd8a967c2c594b254dd0f9af2c87a5312692f6d138acd2015a93aec21d647b95469e3f83359a77be39d0bb92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b1ea80fe8e233f9e901102a6a832e09c

SHA1
7a01be97402459d01ded965eb83c57a0dce45fb8

SHA256
024e67ee1d0cf2a8c0e4f921af3b51fa61687a64e40805b2d4c60adf15da7ab1

SHA512
7c88377c3550b6eb29d1ef65401620b3060836a9e13d43a23f7428ec05ee2e5c1611de94fe7348e20d8cfcde12f37fb7d38802c3da987683667152b00aed886f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
be1a191972cac22e04d53cd5116dfb36

SHA1
37f2b776ec662b712f51fa7f7961211814428722

SHA256
74e0aa1d62e5fd308083ed9bb66ef8fac71cfab10202f69b3e039e2b7b14765c

SHA512
1e10d41fa01d6d0c37d11a6cb467b9e455274841a81cfd706fbe2d6c521f1df6b65da343faccbd5f9c2fee08e1a0ccc297e6b23abb670600818708b5a184a6c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
a4945b30e22834344246efa6b840945f

SHA1
c6415a9ab365c0738de1effe648b15a4c6d9beb7

SHA256
90c881a9da854f49fa3d965ce0a8a8375fd24d31e724483659500e48b1490772

SHA512
3a6da5dcae7fdb27025de5818ed83f336d2b473a454e4288c23c55cf53577d780d1a4b555e66dd22081f182889d8888f9680c1aaaba0467c579a40bc236b7277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1912_QVDUPVAITRYYPBYZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit