hxxps://chaonativo1[.]com[.]br/299011923fixed94641316sfmaxgen-pgx-1142776118ifxclientepartnersisxarval[.]essf-1MC4w

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22-08-2023 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chaonativo1.com.br/299011923fixed94641316sfmaxgen-pgx-1142776118ifxclientepartnersisxarval.essf-1MC4w

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133371644319198922"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3924 chrome.exe
3924 chrome.exe
4396 chrome.exe
4396 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3924 chrome.exe
3924 chrome.exe
3924 chrome.exe
3924 chrome.exe
3924 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3924 wrote to memory of 4308	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4308	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 4880	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 2336	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 2336	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe
PID 3924 wrote to memory of 3188	3924	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://chaonativo1.com.br/299011923fixed94641316sfmaxgen-pgx-1142776118ifxclientepartnersisxarval.essf-1MC4w
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3b1a9758,0x7ffc3b1a9768,0x7ffc3b1a9778
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:2
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:8
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:8
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:1
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:1
2⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:1
2⤵
PID:4484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4988 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:1
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4832 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:1
2⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:8
2⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:8
2⤵
PID:3448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3796 --field-trial-handle=1876,i,3843334555502666630,14651161348210836310,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4396

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
181KB

MD5
4c75aa07dd23352ee1225b5a64cc6b59

SHA1
387c73c282f9b15d8f62b2c9d830945772c88c7a

SHA256
edeab1e3b20750bb1c0d394b111109c0c7ab74d34117d16ee1487cc1cb8c23fc

SHA512
a0e185b33114a19e6ace4b7f6af1983c45b124ecf4ce82f92ff832ad9a57ae895798ccd4473a46b9fd530831482b3ec3dc729b10c2c85095a54a6834c563d86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
51f4dc074111631af57a4ebf2b90a471

SHA1
b062f34509808a4da9c33876ecb502eac72527ca

SHA256
b6f59e21611ae2b4f8382bd080e33d4de800f2b36aa43bdd5e66555a7f9a7ca5

SHA512
11e3f40918c0f619d7718b08daffd2fe8b7643ce0862ab6f6f8c393b5466acfdbba86267e5a93fe50a40dbfb921036172371de0ef21664a51d9a0d510ee6ff86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
ab7ba464cf8667b5296d6d46f54607ce

SHA1
c957bc84a0ced4a1c07161d21c02aec386763180

SHA256
7993b2848f3689e118190710462a3d0608e9279ca80d20306b5358c00a477af9

SHA512
969bf5f2fa759b5c1fd567d30d5f0525ce3ca8c35de982241b67f9267057d749107b7b29fd0ef79129787caa5b7bb7a8d25869f76db3999e2e9d72a9d7fefdee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dbebc2b7ffd4c4c83a619d8cd0413f65

SHA1
6e5ff850d56294980f2a5f9d3ae5ec28b1c59c4c

SHA256
9a2a0011cc41188e93082a04df02babbf30be4962314d2a970baa9d83342055b

SHA512
6cc20c576cbdee785b6a64919f6b61236cdfab3a39cac7ecaaddcdb9064167c15fe93f3f0e44462c749e0c33c7b3d4f450be0531a3acfe580cfdc2ba4a11e862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
373a61516329bc869ccbe1154a0e3705

SHA1
e6f7271b44998ac4b980c2e98b7a76579f87682d

SHA256
630ea4cc8fb84d8ea2af5a50e75322bc6e99e7434812723e9bbe7bd9e97cd24d

SHA512
62308ea4a5ccc3669f8ba0ab9ad3ccecd620fafd94ea7a112b4eac25e88fbe60990e44f32480b515e281b9860d2d3d0152e0a0be936198fa1cf72c76659fcc12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
193f2e38425b9862129cdc027559f71b

SHA1
d4f075891acea647aea4114f020f2720b9f30abb

SHA256
31837478eb9341deb3e49f0e6212dbd99a862ccd528cc068204a55f46ff3313d

SHA512
e13c5e5539c169bb9535cd5b999017d508e4b4fcf896bfa6dac35ba4a74701dee8a0271f94fe738334d89ce9be1729549bc45b8f83a6f03969820656891d9057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0d1b478657a50a6e1d11756d2d16bb14

SHA1
cd220229ebbc3d5aa8d2262b28b0ef62162d8323

SHA256
e27499c5fbe1fb0421104906f101fd04afbb59e4c4a5887fc4c0e70f53dda25c

SHA512
28a17df70ec614cf47397de937c2a21ca264a6ddfc32e29edae2c27b5724e207caf173437d743c3cf5f2e2c0622de91f356e940374ee44ea465bacc93e3b9f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
87KB

MD5
6b045a29f035c4cecb08212388817d0a

SHA1
c490301adb9d59893b23605d0bc6639aa4f2def3

SHA256
b8aab5fc89e4e6d123b16f6dcf5edfcb247e943a72feea995590e286bc28ab88

SHA512
96045be3f26fc3ae51c4e41ee223beb1d90f37732d797dc8c9d7f9c62092264467a4dd6af228e5b10b4647ed3d0eb8e4f086fff17bf381fc24d038a977f137c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3924_DMQYVHPWBMPKJPTU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit