hxxp://youtube

Resubmissions

24/05/2023, 15:43

230524-s58qfadf7s 1

24/05/2023, 15:40

230524-s4l52sdf51 1

Analysis

max time kernel
1050s
max time network
1048s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2023, 15:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://youtube

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1537092021"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0cfec63678ed901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1598653951"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea1512c60bdaa64b8b6a96e7ceab687d00000000020000000000106600000001000020000000a2018cc7a1a35ceb925f5935232018c2d0fa81998352ca8b65cfbd1fec99de8d000000000e8000000002000020000000b6bdd2acddfc17addc7b3dae5fcb54c670374ee83e7485457b7443295e6292f620000000f2e55d3caf77247ee376cb144e16c78a328a38fff7d7e0e1b56a68592c0fbaa540000000cf51f550dd2c50e46a34895ef7e52d549a588f5c4c92dc78da69d8e1b853f7b24840e5e8c516a2d66374bd63e443167a5818243c2cab05ce704c8fcc389ffe40	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0aecd63678ed901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31034983"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea1512c60bdaa64b8b6a96e7ceab687d00000000020000000000106600000001000020000000cd64d18e15a9c41a2de22a76c67ba3b43e1a0d7ebc9659f4a889cefa99b45949000000000e800000000200002000000054297410517f65e11807e3c247a715b796ffeaf7f2fa06634ac7b5db0b79feb720000000d371b473e42d50d79af7796dfe67784eeadbaf5becd8009c2086e40cd792f9a540000000706ded1d73f3de789b68e81d355659b5ddf29b6e1d447a781344fea5af65f230b70d60a3def6edaabab616010ccfc799e951c622fd0c49c1615f9efc961398b2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1537246653"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31034983"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "391715203"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{868113C3-FA5A-11ED-BDA1-62507EA95193} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31034983"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133294239010537604"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4238149048-355649189-894321705-1000\{8125CEEB-76C5-42F9-B038-CF294232526A}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
2068	chrome.exe
2068	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4408	iexplore.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: 33	1416	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1416	AUDIODG.EXE
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4408	iexplore.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4408	iexplore.exe
4408	iexplore.exe
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 2132	4408	iexplore.exe	86
PID 4408 wrote to memory of 2132	4408	iexplore.exe	86
PID 4408 wrote to memory of 2132	4408	iexplore.exe	86
PID 4288 wrote to memory of 320	4288	chrome.exe	102
PID 4288 wrote to memory of 320	4288	chrome.exe	102
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 4928	4288	chrome.exe	103
PID 4288 wrote to memory of 3316	4288	chrome.exe	104
PID 4288 wrote to memory of 3316	4288	chrome.exe	104
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105
PID 4288 wrote to memory of 628	4288	chrome.exe	105

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://youtube
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4408 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd97b09758,0x7ffd97b09768,0x7ffd97b09778
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3308 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4988 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4696 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3956 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4576 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3220 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2792 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 --field-trial-handle=1792,i,9474894866616782406,3508835820003629110,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x44c 0x3d8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1416

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
3fbb8ee33354096d9f116c557a402d14

SHA1
f75756c42d45d1047eb04fa54bd7702f5560df4b

SHA256
13e2696561dd0955e1d61f7e18166c8bd7a02faf1dbfe04e738b5d68cc2ca57e

SHA512
cc21e56f9278282b3c15964b5618d42bdfda83b245d7bf01d12550aabd69a9747d1deaa5a9a9830e6d6a47465f580e21e0a7621cf992b56244ad4bee8779c338

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
ef6bed02770b8aff75a958b3ff8b33c1

SHA1
79907275d6c980e5cd613f57e99b5924c52de006

SHA256
8354757722200f5acf8a2d7dcdcf676c3c8e360698bde0209c60122e49c3c22f

SHA512
30914464fa5451dd88c8d99c3e01ec7e50a98cccd6fa5d815c749a0d68be4b2726c186e5b2208c7744f17d78511c555f466bd8998e8bb9c5c7cf0a1d71d00eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
22KB

MD5
50e2144d0c203e6ab1f3fa1dc43dde5e

SHA1
ddf399bc0ab753fcd5f594860b8758bc56785620

SHA256
5cabd2f6d5c53ac987f5dd220b3e4f3ba5cd016331c24dfe348e9431c3178ea5

SHA512
1d715d8899ee8ce651b0e7c54525311c73530586597b042148feef5b1c783ded081eb00e021fae0b0754c08514fa133eee08ce81e7300e63e9dfcb264c75292d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
41KB

MD5
1bc32f798ad1ca2747a8113e7a4cc9ed

SHA1
3fe203a10c319ec26b6bf3bb957dd8ff0a671c4c

SHA256
eaaa6009bbe83779cd06568c1869423e4ef4dc6a594a7a7afa1c3d3607ffd2d8

SHA512
696f124f0fe530dc704a99f183b429772569d4df504d120fd0a71cdd7da8f40d922b2a6092fadb9fd267bf29a62d8d718fb4feb2eb71add570494e69b1da7e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
83KB

MD5
ae6c426c4207574fbb5d68250cc03849

SHA1
8868c288b5f67ba4928d7e6d210baad9147aefee

SHA256
32a74029a9ac53f7c0be8e7d04d5bb63f391d4dd67c00cf92e7c9d0fc2cf84ac

SHA512
76d9ffad03f1b3899cbeec83f9e4a807199b167be36642fb706269ad0a84b193d6d2a7c80d10497aae6924df0412a1043dd64df8efe0b5a652a5e37ec86bd3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
22KB

MD5
0dc0e3adcf19220196dc2f21a3e53565

SHA1
defbb59d779713d4a9fb8bdc6400e710622bcf08

SHA256
9ff42919442815acc9d438581812b80db0293eb68ee3412d7fbd2211324ee918

SHA512
49773bedf88558b950f2a122757624c06f5680661b87252214b5faab78547f1bd200f5e42dd20498e4afa0e5e5934336b0b9a0575a035656b498c480f6467410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
22KB

MD5
b3b15b0f3bbbb71c6977d1eee4584d4c

SHA1
9ca033fd2b7e5fe38dc865247c6ef27cb58b7500

SHA256
626b45d96994508568195deff3f95db0aeb93baf4399929e884feb1238648fae

SHA512
71739ad56c5050c6acf9aeb6bbca96d48518055c513e077c84faadcd8526da590904902eebf42d085d57beda9914fb25910abdd604db3dd17ee5a2abc284df73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\55fa218ef1ee7263_0

Filesize
257B

MD5
ddced6608aaff58d9aeb33a480867713

SHA1
ebd25fea2f779a2e574eb1a3dbd57a1af3fa10d6

SHA256
875c9bde12e063c377df72cd7b5fa5609fac0e71c6b479079a26ceee67c1c257

SHA512
6478c4dadb35099967ae38c7273c4ce2c27a57ed1c64562e22cbb45216205a06b34683c848af019c76e0dea1a8b74c6586e6a98bca74393b0b1ddcb73d7a3974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6bf86e9a7b13e6c2_0

Filesize
38KB

MD5
072b37deb777235ab62aad87546a4709

SHA1
fa3b28833f23554a4f91e85d43c95cdb9b79fade

SHA256
78ac706d5a763431999782f48ca021b4344ab319a41fe1e72acb27e2bb678911

SHA512
342b622204fea978917a38115794418b0c32a6918daa76644f65473e7edfb9900f85215969828a4d054b31504a4a47eb5ce3eccaa1c6270c1db25fce40fad860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4412a5f103c0c057dc1eb06bde519764

SHA1
a7208b3d4f035ce4ae2dcd641239a53bc1a07fbc

SHA256
aab61c3e9860ab01cf2ecc05176cf696e85dafee5990ab068bf8b54e6dc61558

SHA512
c56175ce48c43b083b9287b4ee07f4ed730eb72415c9b8bf0cb3188f45f8c77302a29e1895a5ec63662a6ec0ac0af3a868cffa47be59552a7b24a3165913a6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b2405a63d195c561c931deb9d6b6ec83

SHA1
c8ca893fcd51800421972ad560da459ea92670c1

SHA256
700e53fdd70bf227b3bdab3b114e3e30cf34cb6203584e42f936fe561d3ffccc

SHA512
ec378b80df1a56dac25ca993b46d075110c4d2583c87bbd0365d5821a2b0881e39f8738ce7b6fdd45034e6dc5ba6b3b862e078ccc0625044fe7745a51afbfbb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b0c41619fd00f38e46045ceb49c8cbfb

SHA1
efaee5d5c9407c353b100638d3d9e475f932f82f

SHA256
eff351c1385c1552e6ddea45cc1e6dc065d83708e45364092074d153f90de238

SHA512
5ea41c656bb215e165d78f709103cfa430b2c4a96757b570ba964362a6c8614dfccc9a3002bf5079be3e8e078df5397e79eee196e7c4377ef8c56839e23ad01c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fd6661ab8e9d064cee27ddd3335b0503

SHA1
1cd25305a68c321796177c3a64abef092a1566b4

SHA256
507d26861fc10e549f2c034b359ac1138a858e3b0bbfc387a64d37266fbed099

SHA512
0eccf8fa0c374a320dcf9b6c50e54e31650fc1157019faf1aad5461e0e5aaff1180ed9362e88737f189a665539e9ad2102684eef4e2e4ca2967386444039b5f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
d6252d79fb0a40bbfe79017554e638c8

SHA1
56e03698c566a4db5e06c1eba54d9e1998fe4cc1

SHA256
ee7235252d4e736a42fb0025640c367b2b81b3b0edc130223d2baf1805426f20

SHA512
908f45cbb990885effead6ba0fa318e02504b1e0c3d2e57fa971f22ba638ddd3ed833a31be25e3192e28729866e5fe703cadc5b3881427462c8c4d53c5a90a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
b3432dd76f1bee33458823d15c69a7c9

SHA1
2ede16c5c31208f86d22208600d38de65b819fc6

SHA256
71a7c5c8607a4a3c55b03e5c50723e71404c19fa3103dc5fc55e377b5a766120

SHA512
e4db06380118710478808071ceaf1fe6a513be6278cdf5793ced393b06264d59f855b431c0232aff04edcd04dd998eb8a555e7a871f1217626748b221ab0942c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f4249d5e11ce1db56feaae4bdc673f65

SHA1
b8414118e461434b8dcbc1c801f6f9ae9369bc8b

SHA256
a1370e48ef01488c49ddcbb4c111bcd99e811cde3ddd4a45c4a3e8c7c34ba54b

SHA512
274e046077bf8189161a2c61b0d01dfb17a9fd19bf9f96a21eb3b2db606fe8276f7a3932844e337bc5155fe81ef19a05ca672b70cff8e7c86c761b61e05560d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
7d8da94cb9d42f33fce7d4363266ab43

SHA1
a7d0dfd1d04e69a09334ba169968a6935c63e80b

SHA256
ceee1c24f23ea494e20d07a74d18cad0f7e0d03253fa8cdcd0899b8e0706e4f7

SHA512
b77fdc47f679c863d02b2ff098f5f9e57ddbc7917effc76706917da2904d76a1d2227eb44534adbb8c23e73463db6bb4d62b9fedc04ee997a32a500bae2f78f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5b65642305f9f43c856987723b10e4fb

SHA1
3b96479b76e203d687cfbd33bffec54542135871

SHA256
d832414a250eda5f3d3314a02df44ea342bd5568419c6592942f7badaf9df52a

SHA512
efb67c02949725777b9f57a70aad594e4ee043c54222981516edacb248ad1eae8728d7c4beb8f7a7ca44c59e205e665c15ce64961b60767757a08892fd515a8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
e94a62cd0ca864274cf110c4221f4612

SHA1
b0cc6861d029c464dde610e6d2cc2b7dab103c8e

SHA256
48448f3e167cb506f5fdccd7a2e5a94f8d17165c3241d1ed4e8a4689a4150445

SHA512
94aff77bbe35c145e2900ba396a49c609d655f405b229ed972ac06706a3daa40a2fd060338945d15bf28c373d8ce244ed071533b0b4b65fe192936b454c7d289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
5041e159bfe1191a47dbe4268d4d1d9d

SHA1
6b105a664363a32f75e5d77d2c7269c73c90d074

SHA256
0312d65d64cbfefff264969ce2b6f2a3619d622e4b6eb29d15e07605e4627363

SHA512
9f921d4bfce3f1b4d29957009951488aa3fb6171bb27040d66778284f072389fbe16daadcd81b9541593c7d35b48bc53f17515d7b31dc352ef5bdb949c98abdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
6fb6fb35b530ef15bb91c3a4e0617c0e

SHA1
8260180193b04eee23ec92f87d374df5ea38c29e

SHA256
2c770de2347d0dd7e19b34741f5c6167bab29cad27df9c4ba4eacb2a74781db9

SHA512
7dc2a685ae61d79138baf1019466be40072726f015b0a451366a5cba379a354d785c8285180400b9036300924e93e0c5ad6c0fb6e4909d4b1df2cfa0134756fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
30d52187df4b0dc7fbcd223c992ad954

SHA1
1f90c0bad4da013d0b889e67ae6d798a0ee82520

SHA256
414097fe6de5e56b5e10cf71ec3346a1e39e01a414ef878b16f4f8d6ea4e8e88

SHA512
9e83807883e5228a686693f8427dd1d082d6c3da8a14ec99f285fe7bd782ec527ecde5684a50867ff46f28a7d5d6d701cd30c887fac46696c3e3c33736d37376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
7262a556243960a7bf5314eddeb90455

SHA1
9ee7f4c0f21f8264f7e64b534e8fb1a8e1c86b1f

SHA256
523e3bab5a1372ba52b9de9f602e999bce8aee072c636194421ab69891eb3794

SHA512
96d9f3064caee73c0a7e7c4a5b90231afa2a37ca1f10d712ce9d1769ac3237f2e98c819e912fae95ed59a5cd38a01bff77bfc28295f1d8442da7a827c81c5b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8241e5cc030fea3777f29a7d9b10996a

SHA1
ac1acabc02acf972a08bf79c77fe3d0edeac254e

SHA256
c8bd4182557d47d92835c8abbe3af0accaa1aa900e07afe60526094ffc958bb7

SHA512
c26f891068696d91576f45300003ce101f8a702d9cb0b4609a5d076b19b59ff550360bfe9d7996456c796bf2190a45b855e52555daaf4c98c9794114ffdfbdf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3e802eff68c23d4d47b61d41b0a8888c

SHA1
be0d62a39e50f68c8076ed74131a670c7237d34c

SHA256
639e0ce73bbf912c2b5227b7403adb066199226aa74db003e29022bfc8323226

SHA512
6023fb59c3400b02e1ab0cb7be4e5f6743129e72e9f4bd8a06cce1d53f10c68ff5eb094eb425154fea8d94d660bbd590d3f64f0563254da469c6af310eca7b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
57d047884e8bfeef26f17c4eaf3fb81a

SHA1
55ab0c3a6933cc365ef1d70dd4fa89cb4832935a

SHA256
2ea130a249312c66e7ef49f53b9ccb1270a00ee31ddea63e6d0d524feec123f8

SHA512
05dd5a7cf0101fae1cd891c14c9f95d0a5afd22d34382216f09d10ef8f6f725057bd18a6874a7b309145f4f80abcc7d3f6251d3a70435217a1995f1cac3e8f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e4c42391dc0523b4b9ef0441f8709ce3

SHA1
5fe50aa383f19776d72030a8f7d454cb934dc4ae

SHA256
67f1440309e6f4a265dac3bcdd65f645fd87d82233a5634fd78904aa17b22da2

SHA512
0972dca1e153c2f63c443de58adebc5284a065f69a745e26d07bf8c39d5d69b1cf38ed50ef2684d8d01ddeb652147f33fb3fc3be4bf8b505f63cb73a922eca57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ffcbd737-a5da-4005-ad2a-75cf041998d5\index-dir\the-real-index

Filesize
624B

MD5
a2e7ed9cf5371ab9f339896462c84676

SHA1
cd3a1019bfd73f7c1d8a43360c45522b97912064

SHA256
9717eebb6aede45f6fba8442d05d694c0e98e170fe85a3117b6725bb5773d0ad

SHA512
e590c280a7b5b55fb37d4a444a197fefbf08f39e97e3d26f0ecb648789d3641dfeb4a1f02906f01d05dd1d35b61ac1970b8699716f700e308e475fd3bda857a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ffcbd737-a5da-4005-ad2a-75cf041998d5\index-dir\the-real-index~RFe587395.TMP

Filesize
48B

MD5
48374774d2bdf8e5bf6e13807754525f

SHA1
9c0c0b46a65cdde7eeb5ac8bbb0d8e6fa9c86e3b

SHA256
807a379cc2878d198e1dd9be0883fff2dcf67b71e08c61ac2fd1b8d939c9714c

SHA512
c1df6dab9b6f007e4e952a91850d50c157895f431f3d952c9e7b629ac547af88541a76c75cc5a5ccc97c80effbf732bb66c2d15bde84a70f57780ea5eaaa30c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
96906efaf8d694fa426458fa6808ec25

SHA1
e29302d99cd01486082b7ddb345465278239af13

SHA256
ba2a8fec9524921bf14c475de628be3b11b9ff474182cb8b9f0147bd2f0d19e8

SHA512
c4313c2ba076e5367a93b7cf649602157abc5cdc8bd39b448f3e0fb034a855921e3fdd19fb832ed99d1bb55816ad3277b7411ce9f1dbf88774ab4c4faa749573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
22ee3862c21ee175b407cacd46271f4a

SHA1
e05c1d38c108e187103e4494a1fc381e3103bd36

SHA256
5f50673c762aba99f81348f6b32f42f5f8b9aff2e1c02a9608884efa8ea90e7a

SHA512
a4517136e6ede78098b1d9e5c049fca74c2838c8dce22cddae2aaf83ac0e11dc704576d42f5fe8b2a2a3dc645782ae0395677f32d75665e6643946d116cb56e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580990.TMP

Filesize
120B

MD5
672bf0474b5abdfb9777db2e4fbbf943

SHA1
13da3cd814cab7347c0efa27d189f2fec09efd48

SHA256
91882a2df6e22b03bf8d0fbf6fe2850ec8ab56c5a2aaa72c3d11b07ecd913874

SHA512
41604c02c8784880a74cc08f9eb38678a26c398fe8976e2f214b30cbacb39bf1721b6587ce26fd1318199e92363d9c9392c5251eb04cff0c37a7544787fcb3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4c443f29366fe6acdb3f3d4257d833ca

SHA1
640806426b28e911b313e77ec2d0f06a9eecc4a9

SHA256
f1da5c5ae53564105a5283532fda8a86734ace2a148f65786ef21c1376893161

SHA512
652fdac4431252391b189ba721e21be57e1dbdf58b7053cca11fbbdeb4f38de1175f13f67ca76897a2b337e48e30f421e220fc219022585f87c3f3d2db7106ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5862ad.TMP

Filesize
48B

MD5
f376749ff19b7f7825ded87f8b916de5

SHA1
60be00cd085eea47c8eadf4106b36cf23e1f6083

SHA256
0aa461d171dc65d63b73bdfd2f95f58f5fce98c6c2e1dbf806224975971c690f

SHA512
174b817c91968f86e58a63c744f5e894b4fef23939262ec802485724ecdc8ca73110b828cc6512f2298060f32caff3ac2ab45e6b10414201591c05c3e8252d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
0c206002ae1c642bfc7d5e772c46ebd6

SHA1
f86e8053e04fe228c88c0bf87b0349c1b50569f7

SHA256
433a510fb478ee1b3fefb2518cc10ae0c82bca505ae569364b3e9ef9c75d7045

SHA512
f36192dfe4fdad7b75044b4eeda2b9f814aa80511da5d8d2d3c3934053b14cffd675a2a22338b85f60668711c0045a099df9517a220f9028351baaf72c349bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
ed1cf64635da89d3cdd864ff07b7e458

SHA1
eca94c910db4e0e2362282473f4228d9c811390b

SHA256
b7eb433c9df6a30632846e3172efe8c496025881db468be817252982ed8ba872

SHA512
bb33d373d61345af8949695ff673640e179d35faab47a611e3457bcf80f5ec973ad51d26b4d4f0903e5c4a6ac27100fe12be389df4d510c823dfead47e09dae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585704.TMP

Filesize
96KB

MD5
3f543aa99740c1caf2c30e483846722e

SHA1
0ad2573a3f93817604233262871e7f8f95185ce4

SHA256
5e23e25909c68d1c3b199d3f07b680cfa81c4e3126d38e3e749d12dc27bdb736

SHA512
59fac77a9de2cee1fdd780e52ae4bbb250f7d8267ae748b32d5e5ebbfeaf30f35a042672b2d3bec74ddcf5a97b2e858f8be6d707f4b1afc4c4f5b50cde25ad20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF7FCAC0B18E7CBD5C.TMP

Filesize
16KB

MD5
028e77e855441f92c80f4f1464370750

SHA1
f9f4d2d397500b797d0b37f64dfa0476a39890cb

SHA256
66cbc9d7056c42295b690d4ce8ff9378a2e8cc583dad765224b23ad28f608198

SHA512
02b16a3607c503d6fd1acee0e0e6e5e5a623359c14e24bc0ccdbfaeeef8ee1e8ad6e1149184d7f475e5a0c3554c1a1b6cb671b00bfb2aad5f64239c6490c1e68

Download Submit