hxxps://youtube[.]com

max time kernel
52s
max time network
56s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
19/03/2024, 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553287097948987"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{6610D605-0474-4EB4-A073-2DF0998CC131}	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1968	WINWORD.EXE
1968	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2548	chrome.exe
2548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: 33	2272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2272	AUDIODG.EXE
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1968	WINWORD.EXE
1968	WINWORD.EXE
1968	WINWORD.EXE
1968	WINWORD.EXE
1968	WINWORD.EXE
1968	WINWORD.EXE
1968	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 3088	2548	chrome.exe	80
PID 2548 wrote to memory of 3088	2548	chrome.exe	80
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 4316	2548	chrome.exe	83
PID 2548 wrote to memory of 5064	2548	chrome.exe	84
PID 2548 wrote to memory of 5064	2548	chrome.exe	84
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85
PID 2548 wrote to memory of 4432	2548	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa8a339758,0x7ffa8a339768,0x7ffa8a339778
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:2
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3264 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3780 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4744 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4504 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 --field-trial-handle=1808,i,4809012456762079573,740513143097315044,131072 /prefetch:8
  2⤵
  PID:1352

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2272

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
0588ca8c8094bcfad9d99180da6917f9

SHA1
0f64ada28f19a9b10d3aee7fb8e330a64a5af78d

SHA256
6a3013b00546c0247a338ebc244249c8391b4c41bce55da7bf39c8648ad6701b

SHA512
fbebfe49aecdbf94e42bcb152bda7c3340e57f0a651dc6e80f0be959209a3de69dd1fc006fd702c72ae5d41585b9aa12d74862bba651f79a626359d57455c0cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
9ae71e7384998cf1db9a048db3005dde

SHA1
d4567395a0aad40debac7783dc13e60060a41494

SHA256
9941aea12dc24f3bd4bbf5a45d396f2e601336a03bdf8ba83d3203804b3acc36

SHA512
4520da3d4d704e28e9dfe9d7ddea237a5c6d3fa9e4efbc6d2bc09de348e069a312c4b2fea5f18cfe52dc480db6a499dc52de25ab24553149ba11b88bd98db55c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
aabd58e6cc8957ca187e52f2f8aae66d

SHA1
7be2cc712d69fd4013af346c24e21ed8ffa4a39f

SHA256
4f88eae254c2ae5de64c91d0b173e41a79d206c2d3aef76712f79ac6dafcdb8d

SHA512
819993f5254c7d5605c4be594bf5f094cb409fad650d805c3652430dd5a4b0f2d775f1370446e84acaaf550e7fbe3fafc64a00fe25c599e9e249a31054847d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\61f6a54d-a31e-490d-b051-a66a1d521164.tmp

Filesize
874B

MD5
48ff8cb791cd667404dc920a6b2b2e4a

SHA1
c8ba2ab8d731ef66ff1a06fb74a87723637f2107

SHA256
dfc85dcfff45ea4fd2503b133a32175802ff64c6ccd3b985f6747da925490ff2

SHA512
521ec82d4374b80540216ab191935813e02bfdf4c35f0eed3f49a80a08a9d1f632821064949bcae47342e98cb30e76a0b0f575353fd5fde64492287f12e7e59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
05039d761835a0fd4504e9255143c92c

SHA1
9ada9a39b8325e8fbb5f013b5b159675339e44f6

SHA256
51a6be1267a8d99cbacb59b1c6c88e532ac23474b4ac0822c49f381a901b3978

SHA512
540c5f4d19b71ebcdef5a97a02a26b4cbf298bea7059bc97e9b75dc5e138ae3079d0911bbb8cad4f1c69a346b3a39ea31ad9aad7305c0e292f26036bd7c8ca37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
d9700aebf4083e60121acf38ee64b005

SHA1
eeb2c31cd237634b82255dab57e83ecf16e64202

SHA256
6be2c39d4ba79203c0f7ac5b89c3453f07d863963ac8de1ada35406c692d1d99

SHA512
711266ab93d115216527c90487225b1676fe6dc755be896acf89b90f196777a51590ee8e5b29d03f2d18ed4ddbcd5790fb3b9ca380c54babb905238458d08f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4b18719f6712195a17a4b5a590eda410

SHA1
8316251ab2b92fdd95ba5eb8f46454385b998034

SHA256
5d836c9b5f4105a00284e246e7fe8afd28716b0f4489373c8a2160eea2d054a3

SHA512
848e60f5d4f5d51a54e480ff81df60b1db4294d2c6778e1f8216b0e67c4dd5e6f8024982ef2076e3836d98987c881660777bb1f98a8bc40640e46b07edc441b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd2a0cbb699a9437c2c14e65c9992855

SHA1
77d0f0de0fab96e9fcbea12044c3dadb99722034

SHA256
e3aac220889067f93bc29b189451b0f49f2ef3755a3f8f32bc8f71596200c1d1

SHA512
bf4a4a72f6c119bc74dba007973c2697701dbf6cbcd6b87a6f5f05f9ec17ae3a9159679eadaa39c50e3cf46a478c1f3282383f5ffdf86006bb8af52cba0ba87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8b6095081a2a026ce5a7e47e657d09ca

SHA1
3e6202607cd2db0b40d89bace9adebe595f61e60

SHA256
2119cd89a6066c2bdbc1c5127cd13a1d4bedd34428cc9faa9a95a64f03c6318b

SHA512
0571c186eaf68ab9f5140fb4ac950d4b941833393cda10a55ccc25f5e8b800fc1c00ab6595c36856e998232fda5557138417d6a27bb73fb3d60c0bc695d57a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fa5bbec5-08ff-4649-8f1e-144a7b7fc609\index-dir\the-real-index

Filesize
2KB

MD5
b90568807ca87c207ac8a764a7d3840e

SHA1
d04709aef2e17e21e9c3d131407814ba3645bead

SHA256
ca1e453f83578fd3c93591e35b5572efa0dae51066974dca576fef1236b1767d

SHA512
0c75de0c5286ed7f5d32c974a0784ed402d6c19ee412410190e8e80d35f44dfd634bb7c891bff76e5950ca61e3379a43dcc8ba1041c70cecd23d693caa6076da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fa5bbec5-08ff-4649-8f1e-144a7b7fc609\index-dir\the-real-index~RFe57f906.TMP

Filesize
48B

MD5
d4842fa27b8b508618073659e66a4f1b

SHA1
cfc93545fc5c9693375b58a3df52a3e67072eb06

SHA256
63eeff6aae72fb7493883ac2809ac39549128a172080003be506506d980a5dea

SHA512
b716f6b8e12e623e2e7e494b9674a4f210ae456e5173fa58106da20b4ab96d568fa7de260890fbe59c4bc48db02970b1367d7f85e240b2e8294f397d402c482c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
521e5f7f187cf6b88c11674b545bab28

SHA1
2c7e3dbcba17b1877aed8e01d36e5f34a1efa309

SHA256
872ec8ff6185b9c761ce67114748d510b3b16863e276cf832fa987c737458149

SHA512
b5eba50e7453b75fd59499c48fd36315e019c9efee571843160abda2902145db8d8971be0283fe8ea524780421fb1613276a566c2d3264a4d3ab728eebc35433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
9e8bfbaa4bf0cb38ea6dbf1ce038df51

SHA1
a20e12c7014cb44bdb739c527d709be717811d13

SHA256
97ac44473c75af1841f467d8b20e5f53bf3c9c2cf06df4545e2b7773746c058d

SHA512
90d27d5be0b63dc0ce0dab3a01823bce686914f2fcbe2312c962383a7c32e36aa63001f0c506d8563985fa283e8f282b90d67d6e7fa5d215ccd6d92e30c4ea32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
61a386b166a9ed6853d5f0918165a059

SHA1
d8aae50bd74da6c0031eb62ad6d30f0ccc1bcc0a

SHA256
ae9ad1127c201360736d0da27363c55a282b8845179f25bc1e7f34c08aa4f824

SHA512
56a875841414d80939f7d793d4c0f9c3bcf1ffc4a6227bc75f0921dda1fdf35c442639487867edd4c22f407dddca5726c0720b8fbff3798bdc302c3ee1acd834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57d6e7.TMP

Filesize
119B

MD5
7faf7fbde41e3e7b7c5cf31a84bc920f

SHA1
5391db8bc9f838bcead08ffa7cbdd82bfc0599b5

SHA256
e36760c5fb5f2e27c187323ad5001517fec3878013bf2eac9b622c62222412d8

SHA512
cd64d15ae921b7d8088e7553e6f76faada3d0154c5ae97b4f2a1fa003f68b7e911461a56aaad11ff671b3952baa1d4a779ec0d288439b20691635531a4443dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1ca03e5c9704b6c97eeca1303f0c504a

SHA1
9ec8aa5af7977adf3ba303f1b485bb63259a631a

SHA256
d7b6edc2a80579f874fe755cd126684a5650dd7706f90a8f8178021abf03720f

SHA512
5c685410e17a306df00232a648b9508d65fbdae0f110a10e99640e690c24eb1aff058108191128ba8818483875a5e596a3e14fbda25261bd360897cb6d0f625a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f8f6.TMP

Filesize
48B

MD5
2e1f394906c6ef14fd2a2f0d940ba6fd

SHA1
0c91469c117f477a5d52634a79af5b98fd4b11b6

SHA256
766ad9d70a6fbe75a604a1e7178b324657ad60d0a380446badd74b17de8729bf

SHA512
c749dd72f52ae5c06e7bd816b2bec6a1ca7ea18be013e945df21d70d9aed229d2de2680dd7869bbc2980a20ec68e107a774fedd2e337bb7e3a06e001b32b4b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
a92e8df4ca21c6882353e160b9b5a9c3

SHA1
338c9b1ac65dcb75f984be22507a6b1301b541d9

SHA256
8b1813f13cd140ca9ed8b33fc1bd243e6c730c4527740bb6bec1a69e12966381

SHA512
846c9b14c407eb65762abe16c476278c1c89caef16ae52aa078b5bac21d24b2e1fc66f836aa7ed3380ea27d595d508d3f7c9ce986a4780eb99ce97917ede2a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
649b0a8ef11cb744d4b751941b41f23c

SHA1
1d796021ec04b9fb70cb58dc061161627fbe6142

SHA256
834d687139f570190e739e978063a5921e7b9bf6b459047f4585bd54af7b13ae

SHA512
1f1706f8fff167c59ce2f68176dec1af0616c618d4e164388db4df24f61ffca0b463825c9b56fd093a57ce817964c1e898d73bcd72c66342fbdcbe8c3c7ddb54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
202B

MD5
4566d1d70073cd75fe35acb78ff9d082

SHA1
f602ecc057a3c19aa07671b34b4fdd662aa033cc

SHA256
fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0

SHA512
b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

Download Submit
memory/1968-418-0x00007FFA59430000-0x00007FFA59440000-memory.dmp

Filesize
64KB

Download
memory/1968-433-0x00007FFA57150000-0x00007FFA57160000-memory.dmp

Filesize
64KB

Download
memory/1968-423-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-422-0x00007FFA59430000-0x00007FFA59440000-memory.dmp

Filesize
64KB

Download
memory/1968-421-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-425-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-424-0x00007FFA59430000-0x00007FFA59440000-memory.dmp

Filesize
64KB

Download
memory/1968-426-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-427-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-428-0x00007FFA57150000-0x00007FFA57160000-memory.dmp

Filesize
64KB

Download
memory/1968-429-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-430-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-431-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-420-0x00007FFA59430000-0x00007FFA59440000-memory.dmp

Filesize
64KB

Download
memory/1968-432-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-435-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-434-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-436-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-437-0x00007FFA98260000-0x00007FFA9831D000-memory.dmp

Filesize
756KB

Download
memory/1968-419-0x00007FFA59430000-0x00007FFA59440000-memory.dmp

Filesize
64KB

Download
memory/1968-467-0x00007FFA59430000-0x00007FFA59440000-memory.dmp

Filesize
64KB

Download
memory/1968-468-0x00007FFA59430000-0x00007FFA59440000-memory.dmp

Filesize
64KB

Download
memory/1968-469-0x00007FFA59430000-0x00007FFA59440000-memory.dmp

Filesize
64KB

Download
memory/1968-470-0x00007FFA59430000-0x00007FFA59440000-memory.dmp

Filesize
64KB

Download
memory/1968-471-0x00007FFA993A0000-0x00007FFA995A9000-memory.dmp

Filesize
2.0MB

Download
memory/1968-472-0x00007FFA98260000-0x00007FFA9831D000-memory.dmp

Filesize
756KB

Download