ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb

Analysis

max time kernel
35s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file01.ps1
Size

1B
MD5

0cc175b9c0f1b6a831c399e269772661
SHA1

86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
SHA256

ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
SHA512

1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exechrome.exe

pid process

2168 powershell.exe
2656 chrome.exe
2656 chrome.exe

pid	process
2168	powershell.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

Processes:

powershell.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2168	powershell.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2656 wrote to memory of 3008	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 3008	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 3008	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2732	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1284	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1284	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1284	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 2592	2656	chrome.exe	chrome.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\file01.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ea9758,0x7fef6ea9768,0x7fef6ea9778
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:2
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1548 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1148 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:2
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3216 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3596 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3992 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2688 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2812 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3408 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3828 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2832 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3792 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:1
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2264 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2668 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4192 --field-trial-handle=1360,i,18114980209743256263,11251000620899544492,131072 /prefetch:8
  2⤵
  PID:952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
39KB

MD5
e3b7c1f55a368984a5ba8cba843ed6b7

SHA1
3362755d9f77b6eb0801ea9b3301a24ee63fb22d

SHA256
7bd1a844aaf30cf44b61e3e9266a2db03f61dad8c851d78b170df9034ceecce5

SHA512
64b0d6689a59da5bf40762169b925eb0dc0d47d0f60c8a83c3cb3696af2c036eba4fb7336e77b99509d9c80ec3b942649c62950c179185ebcbaa132804bb133c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
216KB

MD5
530f5281cb2a808f5d83e29941a25f2b

SHA1
ab22859d6aebd7621602a44b3b39349a8749949e

SHA256
0cd4ee64b33093789d565ef7520f2805685332e104b2ea01750f430e0b699439

SHA512
b226b209d0bbbbd839e3afcd64f246e3d3a9142174b315752d20130c9efc766866e96e628cfe4421817bdf3861d7c81e8a9701ab63a1292e7e997399eab36224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
47KB

MD5
045937268a2acced894a9996af39f816

SHA1
dfbdbd744565fdc5722a2e5a96a55c881b659ed4

SHA256
cc05f08525e5eaf762d1c1c66bef78dec5f3517cf6f7e86e89368c6d4a1ef0cf

SHA512
71a025a421384ed1e88d0c5ffadc6450a9e1efd827fe929f5ef447d2901cd87572fccf13dfa8b2706c9fab8160163e3a0c80bfe1ab49d63ffbbcb0e4e591a84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
785KB

MD5
d36a279a33de96214071fd7f70c747d8

SHA1
ceac09f798320386352d961e3b8a1c557361c2eb

SHA256
1b07b593ad68e1a8a0d1b0e3ae27ef5c9d9512f6638bbef8555dd046580b92a7

SHA512
d58b0a54678ceed317222ba60eb1ed34c08e92a44839e83047640294bd79edbb2237962892be029110843de7c9c3bcf8ea6d5d9dabe687027669f27d5fc2ffa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
33KB

MD5
d6f27248d0b338a5e9aa64b7969b301d

SHA1
f222d3d95d3b6df50a66b19392501a90ad60c4dc

SHA256
677bede5209907bc7ebb241580d7e5b723477fab974cf86a96bfce1036816b74

SHA512
787512056bd45957c202d13710ae382f3c55480a1c6fc28b1c4e4bbb62aeb2d072c27a1757bd0cbbb1eb185bea0bfd2173b8820ea64f3364072996ef768ad49b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
32KB

MD5
5416adda2605f64197034c00ba971124

SHA1
f2b3e5949b05bf493a7d846d5f2d157ead8fda23

SHA256
17abe76f8cfd85312b9e957dcce49b26eb2b51b7f55d67ff5cb5008a31861857

SHA512
6f27ec864db9391ce6e3d39277366702ff0c05c28b0b665aba86738877b83d8e3517006bdbe56e4c6136b4dfe243571f9ee2a8b337d2aa6d91598203cb57f53d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76da19.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
a26d7849024880a926a724ba232dcc91

SHA1
e7eed0df4821b4e8f68f2799bd5820ba1f35c14f

SHA256
e79aa6228424d713bac57acb6b1c58bfed406e291a40ccea188588a1e4f16646

SHA512
bcf896e56b29fea4c848cb05b44aec33d173b9732cd8c4d0df7da259f28438addf4a32344c0e890462f4fa158a6e19ee78bbbef8418b275321d4c693404a01fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
361dcddc7316362451ed4e3110b1d15c

SHA1
c9a6e59feb71f2e6ad0066df061e2b3a1504f984

SHA256
d813fc214f19e9f175e04b9fbb1f58d674957450ef10542daa6fbaf2da87b99e

SHA512
b2cec94699492f93863f6577fb730133edafbec50341c0a0d75f63aee07e0a2ee0e8b07b48614d0823079db2f09838acf9449d73baf12042670c587228d453ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
75fcf5484cfb08656773e456a69dd443

SHA1
00ed2f178781ecba8ff16496f60a27fdd52e4d60

SHA256
042d741a455c243e50e77a5facd83029770b79fe0955575281ccef5095eb00ff

SHA512
8de69db6d75375b9e551ec6ace2a5266e754f6c9c5367861dc84c323f96b2358a4fc6c21499aaa1900a28276f158043964b233bdfaa08d7b6d644bd035b33876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
6c4a4316c5894a573890db7a6ec4d7fc

SHA1
db9be9418781377d0fb3870490b4277e56260283

SHA256
271b115fe4b571099a8b72af0265939140a83f43f2ae0903fb9095e666be1148

SHA512
6be59a06643473f24388ba0d784799c7823b3f199d09afa9775e7aa6ed51ad1fa6c696f09cbac21b4a407368737c79b80abfd5157e81eaf903cc37fd117df0ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
49717b8bb500a1a98a31089f15a63dd6

SHA1
5e65e77a2df95e4d347a04fce30714e3d4e9110f

SHA256
24a1b50d58464483cc06fb232f074a045078e260904ebfd289071e722b080a96

SHA512
5247ad31ad4332d2259b07c38bab9a7ebe9d3c050e0bbd4cb36663b868fa84de4e4eb90244138775db9c69987dca521c7ef8fa1cce5d43ae8ffa91ecf4a35c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dabe3505e128f090de18c52c1daf6b57

SHA1
33c8e3b1b996defeb123d5c648da35bb5bcfc4aa

SHA256
d7ce190c0e56462f4defc4b6f55fbe26b344e74c4491698096e88f1f0324b13d

SHA512
deec135873e705a06cc25f227332157b50bdd36f550e68668178b15a837fe0a103e7eb0b781f8da5895979c82e3fb8d9adaf9da25ebaa47ad9e1bf25a0ee06cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
622e1499cb68f521e451e266d2ac1a14

SHA1
d680c23518f9591cb2fb8666e107583423968264

SHA256
f1c947fd925b33926ba1415762dbadb03fd51dea5630e4305b75b588af5069ae

SHA512
4e053ead160795c8e331f6cf9ec1f899c9cdede85b14c4895074e281b5a8edee79e3c56ce6cb94b0c82d5d4d8a63ecb8b2cd01b90e81eded588636ac8f7a3ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6adc7940780b436c21c8626f5638634d

SHA1
3fba3ff6c75367f28574189fd1d17e90ba7bef61

SHA256
2750f28d98541c6e008e9150e64ef0c403607f70dfef2a2708f207b8e5c4b2b5

SHA512
1dcf98c1dd7ddde3219c698f3bfeb76615391f5e907dbf0b9697441561f1974b1ab9b8f1b025dffbc9972918d357ecf4ba0588d0ff032a767f4f4941152bb791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3dfbd7c14c541588c6a80b5da66b4924

SHA1
68dcc32ff6ba04dd57238406c7142173b9d82c97

SHA256
bb1d2ee1d44f75df0713ac9ee31380235f24c09b1e367067d17ae5b64a43d6e1

SHA512
e86459b093a2f8f0c79db0c0e0d278d00bbe9f3620e209040efce6d0372ea4cf4c1bde11552f260bd8814adf029208b61e30fc404923c23dafe49703afeeb65f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2172f3bd6622ff9e3bc8e5463c74e5cf

SHA1
040e7deb2d1bea5fd5b91a9e0e8c9a56bb5a3d07

SHA256
3f88a983326042cefa501777984dd8ac7a8650bfeed99e93dbc3f7e483e89e2e

SHA512
f4be19cacd394e4fd3b78c9b22050e8152f249d9b42615f2415a1a761422bb33155964e4739595d58668837bae08b48521f56819e99ecedeedcc76d7a94eb315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\70d80778-d7ae-4537-a71e-49239620225b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\70d80778-d7ae-4537-a71e-49239620225b\index-dir\the-real-index

Filesize
2KB

MD5
4ffaabdf8a743e9b1a68f40fb614a7ea

SHA1
7cd42494bd6a50a773a66ad775ed65e28d191de6

SHA256
b5ff148f87a7fdb32478f66bcf7d33314cece99274ed147eb7d4faf783273613

SHA512
35581d4368843be2d44c61125fe142e374a58cea3b4602385cac6af6df236310b085a08b3615b6dc03fcc6ef63c1f3cd9b5629783337f09ab5f72cf9a9e7502f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
2f17451404fcb4a700c3333bb1410c71

SHA1
d4dbd122cf59f97a609f42569025787bd39a8d15

SHA256
69b65b460cdf2315dc2a79c9434b4ef87765689131286b31021715bf488503be

SHA512
8a7ad5826cdb398d9244c0545f3a55e5244d688c877ab405275bb657549ec48e28e0ce5e880b6e902c4ae04afb42e0fd1911ab2c0ffde7bb1334ede1182d5f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
6679edb1dabe12255c7d6ed5bbb35bf2

SHA1
a89f62a6cbd827e037a4fb1af579b05d5209f555

SHA256
6c783030b57acd0cee2381d7aedea08b9144c7f96142f92b48173ebb47fe0515

SHA512
448b1e03a7fba28ecb39f2a5150ffb8d9011c828bea6eb8329b7397cc1329aec0164e7c8db85ddf8153fb275dfac3197b5524d31f45866582f7cf26c98f4d8d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
362e8b164ab7eca43f9ed2d88368df8b

SHA1
6507271342fad1834eb23383ad37a045807d3b6e

SHA256
15653dd47d227dcef62c33bda400a3f7ee64331972a0df9c464f74871e1a90ef

SHA512
fb81423d1813dd0d9ecb45f2442513e942406e681c386d7c126c637dca8fe4a03b4132f0e6fff0badea9608e6dde07312dbb0085d36c2fda30962b2d3c1a7b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
80d351aff1517fef87df52725609e514

SHA1
cab00a0f7d29a085f546a30686fc639310078581

SHA256
e100b19bf146ce3c7fdeacda79b34944a67646c282bc2e94f107db6ae8fdb4fd

SHA512
2392645face283cb7de758010aa775bcc9418226082a1da7976d120e7260f3442b17570504dc7a9d617d2a09ceb96980e010f40990c6f942e29db71b07babd07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
dbd869d21997b81b43639f07bf8d5d87

SHA1
afdf38c1027e18bb460c146cb528dea03cd0bdb3

SHA256
3ac117d9485fb9ae700d7422d92aa7c7639b5fc6601f92da3f055f854aa7ba1e

SHA512
345aaa2d78e4a01f071944928a859f9194a1778ed9c15b465164d3f936461773a853b02fc8381f72d9eb0c5a5f9bb6508be2d9cba0ac9cd8a5903a6b8f5e9ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
119B

MD5
e45221e449ee74e6de53c59a7d3fd909

SHA1
53e1ce50f970fec3dd611144a89c1634c6ab23b5

SHA256
d2cd17ee473b560d10e6b169a45e87d922956df9a38516ae5b8476dcc781da86

SHA512
8f0f95cf9a61cde346cbda70a57bfc5ab73cf74249c9c6b1ae743eeb7e95f93304fa84f816f359de992c3b1823e6d9a113e7f82a3970aac0b6fbea60194c9f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
e426442e498546fea51524592b6a1e90

SHA1
fc9b9dff1783c21b2f56e91148073531aac0ed6b

SHA256
35bea0c91990b4678ab588eb7641fcc53a69f4ee6dc6e04e35ec78fe1a2ae445

SHA512
5066c69c6fcd51a1ffcfdee27a4938471c49bcfe83f7cadd81e2877fb86de08a278d2ff1c766d4cd4b095634212364ddeb921cebb745db5bc9ba30a8e5eae41e

Download Submit
\??\pipe\crashpad_2656_HHEZXVNEXCIHZWSV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2168-10-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/2168-6-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2168-5-0x0000000002510000-0x0000000002518000-memory.dmp

Filesize
32KB

Download
memory/2168-7-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/2168-8-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2168-9-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/2168-11-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2168-4-0x000000001B210000-0x000000001B4F2000-memory.dmp

Filesize
2.9MB

Download