hxxps://cdn[.]growpai[.]site/growpai/Growpai_4[.]53_472024[.]zip

Analysis

max time kernel
74s
max time network
81s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19/04/2024, 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.growpai.site/growpai/Growpai_4.53_472024.zip

Score

9^/10

evasion themida

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Inzector_protected.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Inzector_protected.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Inzector_protected.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Inzector_protected.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Inzector_protected.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Inzector_protected.exe

Themida packer 10 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1696-51-0x00007FF681F40000-0x00007FF682E65000-memory.dmp	themida
behavioral1/memory/1696-52-0x00007FF681F40000-0x00007FF682E65000-memory.dmp	themida
behavioral1/memory/1696-53-0x00007FF681F40000-0x00007FF682E65000-memory.dmp	themida
behavioral1/memory/1696-55-0x00007FF681F40000-0x00007FF682E65000-memory.dmp	themida
behavioral1/memory/1696-56-0x00007FF681F40000-0x00007FF682E65000-memory.dmp	themida
behavioral1/memory/1696-57-0x00007FF681F40000-0x00007FF682E65000-memory.dmp	themida
behavioral1/memory/312-69-0x00007FF681F40000-0x00007FF682E65000-memory.dmp	themida
behavioral1/memory/312-70-0x00007FF681F40000-0x00007FF682E65000-memory.dmp	themida
behavioral1/memory/312-71-0x00007FF681F40000-0x00007FF682E65000-memory.dmp	themida
behavioral1/memory/312-72-0x00007FF681F40000-0x00007FF682E65000-memory.dmp	themida

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1696	Inzector_protected.exe
312	Inzector_protected.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579915357244720"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1456	loader.exe
3312	loader.exe
1696	Inzector_protected.exe
312	Inzector_protected.exe
3460	loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 372	1000	chrome.exe	74
PID 1000 wrote to memory of 372	1000	chrome.exe	74
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 2496	1000	chrome.exe	76
PID 1000 wrote to memory of 4292	1000	chrome.exe	77
PID 1000 wrote to memory of 4292	1000	chrome.exe	77
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78
PID 1000 wrote to memory of 1588	1000	chrome.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.growpai.site/growpai/Growpai_4.53_472024.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff3c259758,0x7fff3c259768,0x7fff3c259778
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1756,i,244836636974261649,12686296612639955695,131072 /prefetch:2
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1756,i,244836636974261649,12686296612639955695,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1756,i,244836636974261649,12686296612639955695,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1756,i,244836636974261649,12686296612639955695,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1756,i,244836636974261649,12686296612639955695,131072 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1756,i,244836636974261649,12686296612639955695,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1756,i,244836636974261649,12686296612639955695,131072 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1756,i,244836636974261649,12686296612639955695,131072 /prefetch:8
  2⤵
  PID:4976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:292

C:\Users\Admin\Downloads\Growpai_4.53_472024\loader.exe
"C:\Users\Admin\Downloads\Growpai_4.53_472024\loader.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\Downloads\Growpai_4.53_472024\loader.exe
"C:\Users\Admin\Downloads\Growpai_4.53_472024\loader.exe" C:\Users\Admin\Downloads\Growpai_4.53_472024\Growpai.dll
1⤵
- Suspicious use of SetWindowsHookEx
PID:3312

C:\Users\Admin\Downloads\Growpai_4.53_472024\Inzector_protected.exe
"C:\Users\Admin\Downloads\Growpai_4.53_472024\Inzector_protected.exe" C:\Users\Admin\Downloads\Growpai_4.53_472024\Growpai.dll
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\Downloads\Growpai_4.53_472024\Inzector_protected.exe
"C:\Users\Admin\Downloads\Growpai_4.53_472024\Inzector_protected.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:312

C:\Users\Admin\Downloads\Growpai_4.53_472024\loader.exe
"C:\Users\Admin\Downloads\Growpai_4.53_472024\loader.exe" C:\Users\Admin\Downloads\Growpai_4.53_472024\Growpai.dll
1⤵
- Suspicious use of SetWindowsHookEx
PID:3460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a601ad3ddfa63b3d98710229d270425d

SHA1
f47b033561c28e2dd30f35d3e0bdf11f8da6f20a

SHA256
dbefea370549f6f0f537fe4bc091b48522c1692d908f48f1daec1aeb072383a1

SHA512
e7e4972e30fe842e3c6b971f52c1f7a5efe063e25ae4783551240d7ee109cc9e55245a000f0210f3606f35f2027f32ceac579ab3e03392719fb5ec99e8019730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
7844206fe2d03bc989de8785d125a66f

SHA1
eeb1d7fddfbc929d9df8cd64b3d8feafc4d53d18

SHA256
1bdaf0039c42ede27070d595ee6b20395a25f31844dcd40ea3670a2b3d6ed10e

SHA512
dcfdeca0f1323210ca90e9ceddc144add1870ead6b91b6cd93af9f2c19e5fbbfbdea5d9bbd524e6e976e97d718da2c26497d7cbcf6d72d27530880795790aa7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
4d9c89032dc670b74dab6105c99e24c8

SHA1
682fb7adbdd2b637937ed4a9e6458dda35aceba1

SHA256
f9f5a7d27a265c6785830445c408893d617bc73577483f0ced59717192d0278b

SHA512
5008d42a6ab9feb3e41adc38148be459bd6e8511b5126b0760ebcf8181290bd34cbbadef41f8189fd6c8720f53eb72b38cc318d394857bd2891200144361293f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
973a8434bba3aeb33d341ff8572ccd81

SHA1
4f8207985f3e08f9b78407ee37107c6c053afa7b

SHA256
f7a74a8f936ab6b3380785949cf8ba0483b4ac9e18038b39a5e54b67505c26b3

SHA512
ee4a6469a68bc5c2a96f67c3c253374af49f03001f2354d1a365250902aa54a637e50997b5bd5537be444aab0ba2df5b55121293cbe9c59491d0aead653aa59b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b646277366898fc29a16f7ec8c5a805c

SHA1
e39793c93881c3731ac0322f96486b56589aa628

SHA256
077efd865a53c09ac96c1a83c8a5b49af492147fdc6489b227fbc4e57d8200a5

SHA512
497390cf84879eda8324f49c578c698c88dbe71044c6d8bbedc301557278a40b71c1d472f39f020a201d725168ee80c9ee88515e20dc86dff126ccadffb3a630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
08a73599db483c9728b7ebd44aa0d469

SHA1
573130a00dd3b2a3a08f4f781bd79acd6622c882

SHA256
76c42e3f04349708fef413ecc9ee6605ddfa2e29f4f44c5c06b461093e078995

SHA512
a9513dc6adb096b1acd8368ac7a98d8f14925f6f77a99beb597528741d0014a840f88989afbe3f01513e03e859142c85c441d967f6c46ce05d7d85bac26b2927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
82a3b4010cc3ec2566440a57f7f9b4ca

SHA1
cee61a26d0ef41a68757f8ec4f99b922c3bc22eb

SHA256
e91051e37ad68d9882fe5609d12c817cc22d029ae387402d315fd2dc6ae33d9c

SHA512
171b365e872109d7b7ede4e18d86def78cacfa552194bd2c1f84fd17ba346c4d0f62f4cf6b69b8b9b965acd809ba1ed1c91b0ebd2539b3dc37e52f4021230abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Growpai_4.53_472024.zip.crdownload

Filesize
14.2MB

MD5
6423819e035c76e462d03a304b82d729

SHA1
3e6b38a1c74dd45e5af260affbd52929d77733bd

SHA256
79fbe1aee93d886f928528d18aa1abc2a2f1807990080fff30bcbb2ed817f2be

SHA512
7ce77c8cb206bdf567ea4b2d686c7d5995cd9d9f2974ffde6ec87e2a8906c7c6fa24a5c3bfc32968ab9bcd0021ede4e57a262c9d09a7afe1c1be1d1a56eaae09

Download Submit
memory/312-70-0x00007FF681F40000-0x00007FF682E65000-memory.dmp

Filesize
15.1MB

Download
memory/312-72-0x00007FF681F40000-0x00007FF682E65000-memory.dmp

Filesize
15.1MB

Download
memory/312-73-0x00007FFF497A0000-0x00007FFF4997B000-memory.dmp

Filesize
1.9MB

Download
memory/312-71-0x00007FF681F40000-0x00007FF682E65000-memory.dmp

Filesize
15.1MB

Download
memory/312-69-0x00007FF681F40000-0x00007FF682E65000-memory.dmp

Filesize
15.1MB

Download
memory/312-68-0x00007FFF497A0000-0x00007FFF4997B000-memory.dmp

Filesize
1.9MB

Download
memory/1696-53-0x00007FF681F40000-0x00007FF682E65000-memory.dmp

Filesize
15.1MB

Download
memory/1696-58-0x00007FFF497A0000-0x00007FFF4997B000-memory.dmp

Filesize
1.9MB

Download
memory/1696-54-0x00007FFF497A0000-0x00007FFF4997B000-memory.dmp

Filesize
1.9MB

Download
memory/1696-57-0x00007FF681F40000-0x00007FF682E65000-memory.dmp

Filesize
15.1MB

Download
memory/1696-55-0x00007FF681F40000-0x00007FF682E65000-memory.dmp

Filesize
15.1MB

Download
memory/1696-56-0x00007FF681F40000-0x00007FF682E65000-memory.dmp

Filesize
15.1MB

Download
memory/1696-52-0x00007FF681F40000-0x00007FF682E65000-memory.dmp

Filesize
15.1MB

Download
memory/1696-51-0x00007FF681F40000-0x00007FF682E65000-memory.dmp

Filesize
15.1MB

Download