mercurialgrabber | 44398ef8657a9fbb73eb1bfe7b3657241d0497318dcafabdd86669ee5dc32dc6

Analysis

max time kernel
145s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GFX locator by 89_39.exe
Size

41KB
MD5

50448b99a6ab09d371ba1bb9f348bbb2
SHA1

cdfa4b634d498af21946404397b9166c395d273e
SHA256

44398ef8657a9fbb73eb1bfe7b3657241d0497318dcafabdd86669ee5dc32dc6
SHA512

4fe0e40ba1396d8e238d5fef255fab22d88a1aaab005ca71cceaa55bfb2f061ea1997e2c0f3e82be3ca3a4bd65fae26edcd9dc4914d72f6d7aed4bcda2a12bd2
SSDEEP

768:oscaIyIbubDIA3ruQw3uZleuWTj6KZKfgm3EhR/:vc1Zub3ueeuWTOF7Ez/

Score

10^/10

mercurialgrabber discovery evasion spyware stealer

Malware Config

Extracted

Family

mercurialgrabber

https://discord.com/api/webhooks/1275113676453580880/9MyUKYUCniUZuZMT3Ww37_BxIGyZdN9irR0Ljml5MW18Tz7TxMIpOI_aDCPDu_qayZOt

Signatures

Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
stealer mercurialgrabber
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

GFX locator by 89_39.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions GFX locator by 89_39.exe
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

GFX locator by 89_39.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools GFX locator by 89_39.exe
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.

Query Registry
T1012

System Information Discovery
T1082

Processes:

GFX locator by 89_39.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion GFX locator by 89_39.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

46 discord.com
47 discord.com
51 discord.com
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

3 ip4.seeip.org
38 ip-api.com

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions	GFX locator by 89_39.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools	GFX locator by 89_39.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	GFX locator by 89_39.exe

flow	ioc
46	discord.com
47	discord.com
51	discord.com

flow	ioc
3	ip4.seeip.org
38	ip-api.com

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

GFX locator by 89_39.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	GFX locator by 89_39.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	GFX locator by 89_39.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Checks SCSI registry key(s) 3 TTPs 1 IoCs
SCSI information is often read in order to detect sandboxing environments.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

GFX locator by 89_39.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S GFX locator by 89_39.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S	GFX locator by 89_39.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

GFX locator by 89_39.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	GFX locator by 89_39.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GFX locator by 89_39.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

GFX locator by 89_39.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer	GFX locator by 89_39.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName	GFX locator by 89_39.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0	GFX locator by 89_39.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation	GFX locator by 89_39.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685574992746184"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2204 chrome.exe
2204 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2204 chrome.exe
2204 chrome.exe
2204 chrome.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes:

GFX locator by 89_39.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4148	GFX locator by 89_39.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2204 wrote to memory of 4604	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4604	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2852	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2524	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2524	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4364	2204	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\GFX locator by 89_39.exe
"C:\Users\Admin\AppData\Local\Temp\GFX locator by 89_39.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Maps connected drives based on registry
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa0ff0cc40,0x7ffa0ff0cc4c,0x7ffa0ff0cc58
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,18164606628182653854,16914068161426179869,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,18164606628182653854,16914068161426179869,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,18164606628182653854,16914068161426179869,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,18164606628182653854,16914068161426179869,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3360,i,18164606628182653854,16914068161426179869,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3160,i,18164606628182653854,16914068161426179869,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,18164606628182653854,16914068161426179869,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,18164606628182653854,16914068161426179869,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:5040

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4580

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\20d6e245-efe1-4a53-89b0-3439fc511664.tmp

Filesize
15KB

MD5
c289b5bf7762bcc8042489625963e4e5

SHA1
acb3562e6314e4cf20c9e78f968dc7ada59d3f28

SHA256
3d8ff5a248c641f6140c8432ed0f9a162eb818ba5e32a24d36abb77e47bf9852

SHA512
04076e8165b503fd693b15bbff367b589f525b4ad0ec7aef140ea71ccdedd523a330bced456b050db635c4f4c76dd7bfff88d0a1386c30766e73e8d5a0e28be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
774bf50e725b3933c42ce679e54ceaa4

SHA1
328ad5a610c161eef1557772880d194bdc572690

SHA256
f3f4081540f750b016229d667661623ff26a993828fbf27f6e7fc999fbc40971

SHA512
a8d24a79c16885ca2165bc85b33541ce179214adf8e156c437b913cd4d8ce17b790d6ff36bc782ce4b7a114687c1b217d4ccd3dcc0a14c624c6e99c9cc72fd06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7958c3372fd733465d48088ed9843b3b

SHA1
ba6f0f8c0cf0334c06e13cf1da57e840ea673a18

SHA256
cd962592acbeacbce4bdd1dd71ed08450cb130ff967390a064acdbf3d89b37ef

SHA512
5c661ca081b99c517b1322c2a7875292be59954dcad41fe19f44520582c6c193e52f119509e8f483338bbcdc07775b7eeb99bfeaa372c1ee6169233a914f531f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f32086fc262465bf4d62549f6d415f80

SHA1
a652e4496fb1b3203b37b44f345a5a6521e9231e

SHA256
77a0b1ac676d785f8dd768d9002a951e8c6a5dd13f4f0484b3391c1919a6dc0a

SHA512
21a7ec9e1a76824c8e90cc113da81c203b944c7eadd9bc28fa3086aaff2911662950ee9589e84103ff87375d77272ee3dfea097c39da33bc5d1943538a68a148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce34f7097dc46899238d5680d75017b4

SHA1
4eec6044e941eedd4bc2f328404acc7c78a66e02

SHA256
12f917bc7578dd1eff7a8c15686678a01ed7d2a9e2585e5a4722138f15024377

SHA512
966dfdfdd60eb4feb8ad3cd1591711cc0b8d767161887b81a36f330cd568bdc0584aee2f7712ed5731132d90ad8b79e12a997ff174c1beb7d74c306a6fb9745c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
48432d0fdce348763cc4d0d6e722ffab

SHA1
0b3655feb1e3955651eeea9d8a0f647db8f431e4

SHA256
b0dcd4d533e238dc5eb0e7850b8c68061c9c9b16053d313b4c66fc21ec6337a1

SHA512
3ec66684fe6e393d0217bc0b5494c5ea79300b6995baafc80c6fb90d9810bfcfcb6e516483559c7b6adab979eb1d8ef1c0eb4bf05bcb045e7723ea0aacbce58a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\crashpad_2204_SPYQBGJMQLBETLSJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4148-34-0x00007FFA14ED0000-0x00007FFA15991000-memory.dmp

Filesize
10.8MB

Download
memory/4148-0-0x00007FFA14ED3000-0x00007FFA14ED5000-memory.dmp

Filesize
8KB

Download
memory/4148-4-0x00007FFA14ED0000-0x00007FFA15991000-memory.dmp

Filesize
10.8MB

Download
memory/4148-3-0x00007FFA14ED3000-0x00007FFA14ED5000-memory.dmp

Filesize
8KB

Download
memory/4148-2-0x00007FFA14ED0000-0x00007FFA15991000-memory.dmp

Filesize
10.8MB

Download
memory/4148-1-0x0000000000260000-0x0000000000270000-memory.dmp

Filesize
64KB

Download