hxxp://youtube

Analysis

max time kernel
161s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2023, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "391635611"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006951bb9bdaae974ca3406aff5b05de8000000000020000000000106600000001000020000000e918c0a04f54c6fbce81355c44ab636526e26cf84cef51b6af75dc39b9e9f29c000000000e8000000002000020000000215af58e0cf1c3378a7bf6e92e5645a4312864978ea4ac548580360746bbb67d2000000061a6eac04806bcaa3273a193d2f7265069559658f5d114f4347192e9967d60ac40000000bcb77a35eb72ea2a8f179d1e54c2e1ce9661cace6a13788a5d62c3e3207ff3d4629c18893a35395d7c5e27d818641196804a6ffc383c49a4c6bda1c771aeb4e6	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 902e4512ae8dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31034798"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006951bb9bdaae974ca3406aff5b05de8000000000020000000000106600000001000020000000c40e3bacb745f542b4bbc276254156431100be661f15edcd6b425333f5299adb000000000e8000000002000020000000632a04355a32bfe867a67323b5aabb08623907c802d381fcb5ddc6ddf066cb72200000006c05f709bd940d5ef9ac7b6e40fd4b1def9a0f9e074283650cc5ac181b93745440000000cb1032168a482841620610d82f4c224363cdb48c54d4dad7689788c4f55e64b78c99af9a05578d8898f8d8ef6e5b5a841a5659af1a5422f5877cfa3509f44aa3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{38ED1128-F9A1-11ED-ABF7-6E9A6C474791} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "237040403"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31034798"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0cc6012ae8dd901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31034798"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "224010289"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "224020897"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133293442567706613"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{05C112A1-1C85-4485-AA28-209DFE514753}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
5792	chrome.exe
5792	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: 33	5172	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5172	AUDIODG.EXE
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1788	iexplore.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1788	iexplore.exe
1788	iexplore.exe
4752	IEXPLORE.EXE
4752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 4752	1788	iexplore.exe	83
PID 1788 wrote to memory of 4752	1788	iexplore.exe	83
PID 1788 wrote to memory of 4752	1788	iexplore.exe	83
PID 404 wrote to memory of 1840	404	chrome.exe	97
PID 404 wrote to memory of 1840	404	chrome.exe	97
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 1300	404	chrome.exe	98
PID 404 wrote to memory of 2544	404	chrome.exe	99
PID 404 wrote to memory of 2544	404	chrome.exe	99
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100
PID 404 wrote to memory of 4420	404	chrome.exe	100

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://youtube
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9b1239758,0x7ff9b1239768,0x7ff9b1239778
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:2
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4944 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5620
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x204,0x244,0x7ff7779f7688,0x7ff7779f7698,0x7ff7779f76a8
    3⤵
    PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5516 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3264 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3336 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5408 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4400 --field-trial-handle=1776,i,4084383780205922640,16399607207598094985,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x2d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5172

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
94efe971fd70d9d426978045456a879d

SHA1
97f170ffda6afd79be0795ffcc37c7efd82ee801

SHA256
fcfaf64c502c0feb0175aa72247927eeecd556004302a20e09f6fdaa644504e6

SHA512
baf5e9e1e9bbbaef3cd6365ec2b1c71314c14d0acd5837c1975e71a374b9fe724035929b47fe5bf5aef5845ef6eb17b178f20460b115419094733dfc8a27799c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
b6ee3ddf813d6fc48cf0db82738da52d

SHA1
ef658b59ca0e219688018a5913ee719aa2df68c2

SHA256
6c23e4bbc830c2c65e80ae53c046a15b0201a8151914c862c230a0b10bf296ef

SHA512
6bdf410b806f1cb43dad6bc454f3c1518fb8b9298d3951aa5f5551e58cf32faecf974a3c56b00dfe703fe3a99c92567738e85e8473d2af8f25af962841cdb4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
47KB

MD5
70388d1d15f80f0ddbe58dd2a9095949

SHA1
1f6a1d916905e2dd0347b22085cc1da0fb646a5e

SHA256
395c789048e6fbf5c98ba7562a8b8265885ddd0eec339de55173ab83d3aee618

SHA512
8bdbd091852af9cbca6f9e1c69727a067361c2718cf575f7c543e88bef92da71979ff073d8071386ecfc6be3d7d5ad53253da7f5a830fdeff5ecf6a2b6f43843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
32KB

MD5
c7a6a78339c9ff2eebb5c5ae5490c232

SHA1
889e8618172d9dbd21ad8e380b07c510500af108

SHA256
52d98810c25135040dd0d432aaa1d1c8fbcac19f641f0a2b8dbfc0ff48ff44b7

SHA512
fa84b5f10aeceea3252c8e26d5dbb1e7a9706dd6605f49b93912ef3858501fe8178729ebc9a17ea9e236ed1160edd35abf924d1bda29e5a1a9859f6854385019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2e70e86feb08a51100730111c799db69

SHA1
7c1ded49763415db3270a69bf822c05178883d6c

SHA256
95412c16b8291ecceccca527d6f2da5c8de881d86a7d189170d4eddeeb4d0015

SHA512
952a0f6a7ebba4ae7085517e40376429f26ff9c818f0593937b0fc6510bb0afea10e3099cc6bfa3d57bbd4453ebc0e9a5020c351a9eb2928259619f3499d7ad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ecc3d429c9b474abf1964af09e294df8

SHA1
b0c681a5f9fa91660e8d224fa4d98490aa5d3309

SHA256
9ed0dd43467e740f876dc7d06eb54acfd601b01a2509937e77a5b917e8bd40fc

SHA512
b8990449b6c98888401b0f9a1fd95742ba2d5645c01f9fbc898a78820bb5cb2ad4717f485f221b68ac959bda18e415731d9c26c7348b5d7a970740e26d4b662e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5762eaa219f8005bad1d6775c569cf30

SHA1
828b9bdc67f605b7593167faa056eb355b3cc71a

SHA256
b195a4b51b5af8f17a54ed7da0a5c2eaa5f7f30b578c7aec3faf0f1a277751a0

SHA512
1410e9b09022bf3d2f23d3ad461478c1602e87fa133456bf9d3a828243a8e1a097daa8b20f2dbb8a2dce3dc0353007244a5b8feb33de97cb9e3803815dc5be6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
0fbb19e77eae9f0df3369e98afe9acd0

SHA1
e858e5b6991de1c0632db9212eb50c3e8ee47eba

SHA256
60c3d13d0950c73e5bb75e0f32b7e6f818fbc142cb80c57802ff789b49134398

SHA512
337aea9eb9f965225c3493d7044618e35ad45bd5907367fa57216ad5b90f62cd3e954c7f4d8b686bec817f948c1785e3a99042b6f8bf89a770a4e12a0bf4328f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
0f3ac8f083401d686be8a1bc465d84c9

SHA1
3486aaf4c3ceb2dec64293a8860f73681d965875

SHA256
473be947c8163b571a2d7e99b293ca09d61f71398b098f4aa844eb9a96b85354

SHA512
b8b39362634dae5b364086cbd51bbccf01f9f4c217dd3e2552f9d5727c9c832bdf8cc91bf31a5f7a7ae662c75ef6e2293a48ce81b7dfaf643fc932d198420fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0734da7493dd0d19a6d2f31e2659c2b7

SHA1
8fc9952348cf7bf5def79aab35aa5c9052ade9dd

SHA256
502057bf09d2bb9d4fd5b90ac1de9e66d6463f2fd185a8a4d0aa938be454603f

SHA512
a0b96fcdf98a8740431d8712134e894480e7b426d25efcf43b07e97a26ddd69ab485b139a8585fbde8fd4de37dc00f0cecad80fc182eebcdde7a53a5d0963be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
334cf6f4ebecc27123f83ee04ee0904f

SHA1
edf067f518d444c17b53c802f5ce75d84bc9ac5f

SHA256
15b426efbd9b3d4a090d084898de374d2aff5420587739916cba0863c077d544

SHA512
5fae1a8e7cd3193d8da14adb12aef1a017acc40d57b155130b1637aa1553fc3f375e16c06eafd297c5b48238389cf9cf46675bd597ce8866a779735819e7f7f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2ae001e9ed116e201df62f4c732685c4

SHA1
ed0ac015849c80ce2fb42c7c0772fd8b6e88e44a

SHA256
b1806977ae772b5043b58fd039ceb79117829cfce0b73d21d70e883ed02c107f

SHA512
71f857ad7660c5d109588aea92297490d53f652bad5c46cf0dc560c7c0ec7554ffc909a9938f8ee89162e103fcab100bc6698b575bf3f97c473426351ffa232c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a11181e0f466bda3ace06f69373091d2

SHA1
60897c5a069049f87086e094a5cdf7e731264ed6

SHA256
f40c7b1b8babf93450e7ac5950ea689050144c7c94a48cc707f133b218f474eb

SHA512
88cd6b902a01bcf578f2b75e912565d3335f9c7893d96849bf32900ec4928869492946b6d888a1f37f23657c9554d3823e1c59450b7ed7d76bca3e896e137dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2244dd17e5d329fbdfa2626af9568ec6

SHA1
cfe56d840df311f1585fef48a83700f4a1bc39a7

SHA256
f136685d672879fe09a10e1dadaef7f9d24e20c37a2b381fc2de326eaff98974

SHA512
86029ee964cf2a0aa88a267f5d7450ee7679f8dd4d065025633e9a221c2fedd6ecb5921a352a07ab3350f23b79fc742e79c26d6ea6727f75129ba905f34379e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f17a340b-4a09-438e-807d-6216cd4043ae\index-dir\the-real-index

Filesize
624B

MD5
a7903e2dd995726cba3ee015e9173654

SHA1
6df4a102b5d3c7c5cd62c55541de298468bf26ac

SHA256
c610b7b7e7d729fe0dcb5f08ddfef60851d065e6adf886427de88f5288fea8be

SHA512
e211ee0ef2961678864f6085a5c7321d17ab7b9ec28cb01d6558e7164696a0fde7a80da7d99d6f2962e77208e6a9ad796ed0b06a0ffb699ffd1e92b42f56a45f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f17a340b-4a09-438e-807d-6216cd4043ae\index-dir\the-real-index~RFe57706d.TMP

Filesize
48B

MD5
b8291785aa2c9c3dfa49727a908a1a38

SHA1
175fc6b9ae6f11140c5e826e832b650a8621b02a

SHA256
0f558569a0254130760103858191a64bb75991efdb2b20c0a5083eb25e543f54

SHA512
4f89ee05df68ee846435d368bb14f3c558f51d774a48fbd174fc73165257a30167ae368f0f5d747c42c916bfd3db9c81ab64fd6e1a949420a542caf207a3cd38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
398429d69a547e8f2765b36c512333c3

SHA1
eb4cabbee387fe6cee65219a07543353fa619200

SHA256
a2618ddf65f770046868a9e3ee9124b285c7458522885f05d5f229964e074d58

SHA512
3a79cd1f204f7b4433bee473056ba92be9e7734c6b2cad862b4cae696539b6e3e7cb9e3d2dd0771961747d5fc30d5eafb2e0eb11b5485629979d448f075cdbee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
1893026f223fbb1fe0cea1384e52e258

SHA1
ee8233c20baba37b6f368471e6b4b5bef8bdfeb6

SHA256
6cc03f0c5201f0dcc0647ff08bcf4387865db72bf93d01b422908b9237bd0aa0

SHA512
c1eb8b57cced7425796e3220e996ac5e9bd2fa7cc7afdf861bcd2bbcd3af076ec95c9600c99bb9172f7c67603a43a54428dfdf9c72db6db10431e44fd56908ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
125B

MD5
2844f6b38fbacd86d4643510154d239b

SHA1
b579a90eb98d7d10654cc2ae29733145c1c2ef0a

SHA256
b743377bfd8221a7f418c24b0f98714f543f417e1f87d8d9f9b7328721ec304f

SHA512
b2e9115b5d7e38366f0af6b9ef6ff33fbffd51f2bb44cb35220858db82f8063d2ee7aff693a9f4ad7281e2164e26240acd67475f25cedd4d7f9513ca243957ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57085c.TMP

Filesize
120B

MD5
43ea4a9e67f78882d4bfeaa2ad4efc71

SHA1
0926672a7b937ab63caff78f380e60f3dc6902b4

SHA256
88c008fa6c626d6647590e5d5b3ae3958c531dcb722e56d6fdaeac379ea7d2cd

SHA512
b68d62cf2eb21b0db4d57b7c5df23d630e64602ce57eccf8c76f5ba4ee9aa364355116b1c74737897a4b8fa9407a6db47f778b917b6edc844ab6bc0e7ac1744c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dc7401fc3072e474b675e405f754abcd

SHA1
be386bce897be045d4ca13a57949e2f39a938bee

SHA256
949e412b0296acd463b507f94c15371104dcd0182108f52ee077d6c0f7bd2550

SHA512
e76288309809529dd2c5e7616343939b7e19972f8cb5cba0c4407fb613e018c32a9e82ce524c583ad419ba0635f455874c8b48cbc578cbfaeb8c5f7cef150ec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5761d7.TMP

Filesize
48B

MD5
80935e4032ae60b3af266a19fd3567a6

SHA1
763b820f7ac77901a5bc7cb8300896dbfef02bcc

SHA256
8acc43915dacbf856d5b2ac574b577fa5edfceae264a7d1eaaeb82cac2730391

SHA512
d8cd7a1b426f4f85c5d0d4089095378253fa104efa904ce45b16fbea12652f6c1f39891128688d09ac1c685a1eba742213892c275a0b88d20ed66a5165db9c71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir404_568073834\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir404_833659518\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir404_833659518\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
c0f6d01b0a869ad0562c7ba95cef6faa

SHA1
3d826d4e0361ac2396e2cd0ce9e3db04381e85fe

SHA256
837eb8ec03ede84c0b469ed40302e36094b473bd8542bf625aee6dd203fdd4c8

SHA512
ea1a83b06a3e6f0607db2557a3189b6ed6095439734fc32316415a0a21b08407ce24a5fcad5c253b46c1fa48f2f112797f9a05233243a08e2f8a8f2393a2c028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit