hxxp://Google[.]com

Analysis

max time kernel
2339s
max time network
2343s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584490224061072"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1484	chrome.exe
1484	chrome.exe
5504	chrome.exe
5504	chrome.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeCreatePagefilePrivilege	1484	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 4720	1484	chrome.exe	85
PID 1484 wrote to memory of 4720	1484	chrome.exe	85
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 816	1484	chrome.exe	86
PID 1484 wrote to memory of 3460	1484	chrome.exe	87
PID 1484 wrote to memory of 3460	1484	chrome.exe	87
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88
PID 1484 wrote to memory of 1472	1484	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc147aab58,0x7ffc147aab68,0x7ffc147aab78
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:2
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4160 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3016 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4452 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2312 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4808 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4252 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1540 --field-trial-handle=1860,i,16364473342293941850,17109524845857454937,131072 /prefetch:1
  2⤵
  PID:5868

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2792

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3cc 0x300
1⤵
PID:1168

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1036

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:3380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
21KB

MD5
522197806a1b028e910ac108552c7a52

SHA1
7d641ede9328a4c957fee8eae98965275efa8577

SHA256
4e180dc9c77dc60092ad1dd64b2131ec8a31d0a4ddf380240b19f66eee1aad49

SHA512
4977a335dba3d2b29a708ad4f63d7c097f2251de55cc2221a425a7b76a1d4ea479f0dce27e7f099ffbd5d054afc7a0a31ecca997f89afd95e59fc33d1a62668b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e32634c7cf707017f9d2a373beeb5bf3

SHA1
ca6828c0102aac39fa765ccaa702c89e80731aed

SHA256
811131ff17f43fdd447476c8541f499c536679b4ad0ed1b39e551b55e3ca58df

SHA512
aa2d8617c9248422a0edafdf4d1667e26a84ae93e0f30d294548f93f8de415b970ac2aa2d91961468462bfc3f2c55e9d8bf99d9a084723ba625e0f40b0d6f596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
37d0d42d69e477a092dfb3b1acad0277

SHA1
f2a6679a572317b90a96a7ec070aa4b6b805fa2a

SHA256
d6761d0195222a5b1d7913f7fa684af4d6d1e6178444b71c4a0988c13457d340

SHA512
8e91a1d53620eb72b2f1f4dce845a456176daa9511be91ccfa9de72f47155357ad3495b2b290f1a124acb187e038a26ac0d332802dc7930c2c56ae0a6d0be844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dba5c9aefe0e6ee19f60f0216b4f612b

SHA1
b361ebcbbee8583c754bf0a013f56f2a4cbfb64d

SHA256
dc313d96ce2f0f78906a2939eb04e19c88538a2251d3d414a4aa999c4b874280

SHA512
ebbdeda216c5829fc1491f2aaca2d1303ca3f6d31f7abf27c76e1a7507290883f97de004c784e246c022938f16a1c3a03f2d35895a05e6963ebef5a019433ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d84be9100ea13266f0e76ba33378eb0d

SHA1
e6dc0bf1797ede9a66de5dfedf1ffc9160be9ab2

SHA256
7c46e9796c75285953db81484377c1dd0d6fc127103d21317aa3603ca33845a8

SHA512
19bca45014220bf8dce62b4d99951a2ac83583408a6d07c6e4ce5679c2c94730f1ea729b4b43ba081d354858161de68df292d73b4efdb3b1ba52f8e5b81a1241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_now.gg_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_now.gg_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
67412b27d88305c96064e8434690fd8b

SHA1
188f9becbc4e15dbcaa8c58b8037f2bf1b70647b

SHA256
76758fb12ee99f68e56fce8a4a8252912c4838848e7389d524dabe94abc3a690

SHA512
cfa10cda8ec624cc5df0cdbc9177d4c9ee4228f36a52da34b7c8fba9f0b0c958c9a968867feae76f83d29cbccd18da09c3332a4834091eed8431c3cb36c1a4f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d4689b1ebb1334b7d83f76ebd729ab0a

SHA1
29a0e852e4ffcd7ce0675277816e1a02cec21d5d

SHA256
b067f1d3e72f96c91dab96a8ea592ef99bbfa75ec578a990aeb43966844c8fe2

SHA512
1ebabf1b942bde967a75ea4c24e35f160e6801d9924de4e20a5b48a2156ba0629a0c4cede08eff8709aafd288cf0ed6968b82b4281f1d0943a6b640a53e0d729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
f00f26f925772d46f591d92d180bcbd8

SHA1
d63aca80182c250d02cf191cbf73d014303f37e5

SHA256
805a6fae036577b759729f9b115c14a352a84f867c8b12cc9c3da34a4ec09784

SHA512
50c678d263851ab7cd371bec454a1b8cf4e9404ecb85b024a0629d697e4915cbfa3149232368be7f2fabf59998b5036819b6f4e02287b026b14def762331fa17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7988539cade8c1de11542d2b1fe6351e

SHA1
002b0b77122408019ce9199a1e604b1e6a0f0706

SHA256
61c81a88812c2c7aafa89e7c502c4e67b82fcceb5123911e45b190df89fd682a

SHA512
392ffe9a1e57f6aaa9663fb3e9f86a5c1ae9973f7198cec3a4754bdef247ae68d0ecbc457b133f354eb9081e401e94c8f134d2947711490544add41f62ddc5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74495d9524d3324c4dd3bd4f9dd866d7

SHA1
fb6938dca54a35aada456ec27ee97c9d5fb71f73

SHA256
2ccdc6068eb9cdb388938c5f1a959043c9fc551c00478f6ea31ed98bc7d48e18

SHA512
964f43138bf84e3fc62b50549878ef321cec6cf6ca2d496da7980692d31a630b75f1a115eb6ed203dba17b56a6633c5d9903f2b1ffc06a929f2eb19095ae5b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d9713d234f2051964feeaedbb31818c

SHA1
b0a66dbc21c184d4be4bf2e8b0b911f4040783bf

SHA256
675aecf352919308ef691f52f7d1bf5da8afbfa245f0be07d0acd376ce3dd0b3

SHA512
089f348a8a00cbbea55b8669de86e28290f19bb553764ea1525c593ceb4ee2164059d3cdeef46316d0967a986fa36886ab54ecc4ebb1fa00c19f321be9528278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e4670dec9d39348891345d4e34a54ace

SHA1
6da9e93630df299629cd50782c315e1fc5e54f35

SHA256
b32a25501dc88088b7cf786c5b523d58ea65c3b2ec357cedb6f5ff0418f011dc

SHA512
af86c9c5a95406cc670e4a2b4d18cc08a372fe5938f5556811af48a0bc9bf722a0ff66f86138ab7ef6101cd3d4d53c035782ba08038464b55083ceb0e24bdcbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
bd307d49c2d38a9738996d80ba0405d6

SHA1
0be1418e78392d3a9401b710576451e343dabfb5

SHA256
01d2d10b964753f1280af90faf53a32a6bee779c39afd6411fd747b38275623d

SHA512
1bb9c7f1bfdf42b6c1cd00ea88ded1ccf4ae6e9c64f33e287bf9400a2843aeaa501d8896a476db1ca8d3c3b8a892e2b81d4a26ec2238aff74b0fcaa06644ca5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bc64489744ed19ee5b70d3d6781881e4

SHA1
f9344972404609753c19b3ffee6f0dd8215b1da0

SHA256
0bf2003afc7b58327e73a2f7b618241f96a9bb4799c804c4ca54d5aafd28500b

SHA512
0130dfa9640fc8e48cb25d112f22c9bf2161ab6626295d0e4b607d7df8eb7356d2b15fb2ae86d247f406062bee5801e0c3c714b741760b559be4b3c9212d0ce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9523945d944cf519ebd89dc4aa225760

SHA1
d201bc5cc7e08c335facdd671cdf18a6cf09967c

SHA256
a3defc7915f3644f0830303284711725354a2392fd3b849d3bcbd28468360bc9

SHA512
3b7d2654f50237de185251b835a8de972a12540005a0089e0690b65c2cafb72b29274279b8ad0d032ee86bca8285c8e2c8884c09e0ff7fe02547bd344112ca07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57d4d4.TMP

Filesize
120B

MD5
3c303d99c83f78494bb3c69212176b21

SHA1
9094f2b07f798775c9d8775790bad41cec625cc3

SHA256
359254053e75d5901024234f910da556deff40b318e5e179276aeeb6be72e989

SHA512
52743df696eeb41ad0666dba16c51d72acda0246de2740890636f3ff236cec636d66970c67f0ad702c37d2324c3b2494eadd52f576b4da9ccf3adf27c72f380b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
6ccf1899a3b43431dda43b6efa878187

SHA1
c5de79be2f353b0f74ff0cb90b1af48c87b418e7

SHA256
3b6ff23b236905dd6477045b8de0a15fecb1e6ede4aab75be741761e5f74bf3d

SHA512
b9e63af26964c9a43294f24b4f9ec8171f74d36d393f023d831929a20e1e1bb42526d1677fbf477f1b48c1b526cebb949cd2d5c4359b88ed3538e8c828c5248a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
d56fac7dd371c3103eae6b736d981a3f

SHA1
78693c8ee8fc5a6736cb92de96026b38cd1a8676

SHA256
a5b5242bc5d03c42fbb1babc4a58e011ea7fa337c2e9cfb7197ed1b0348066c1

SHA512
f5a63203c4af3ed0fddff8abb6715626fbe78b7af1e53953cd037ce36feb77da4ec854aab63e7ed86175c42241b436f89446e8f8fb11cf551285201dae509e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588037.TMP

Filesize
88KB

MD5
419f9dcb612bf22b80b267bf9215910c

SHA1
604caedacf7152fe26582d3a1d28e5fb3c269a4c

SHA256
422ff99fbf6ed2b0323d9919d6c825a43de3fcf36c717544de6ed28832254e90

SHA512
d574637dc066b26c30683f6f57184700fe1bd98b7d15e0be728119d75de0af4088d9bfd4a8d255b6284ee19e5836572c0f69bc12412c78781858d02afb427f3e

Download Submit
memory/3380-719-0x00000129AF240000-0x00000129AF250000-memory.dmp

Filesize
64KB

Download
memory/3380-744-0x00000129B7820000-0x00000129B7821000-memory.dmp

Filesize
4KB

Download
memory/3380-735-0x00000129B7800000-0x00000129B7801000-memory.dmp

Filesize
4KB

Download
memory/3380-736-0x00000129B7820000-0x00000129B7821000-memory.dmp

Filesize
4KB

Download
memory/3380-737-0x00000129B7820000-0x00000129B7821000-memory.dmp

Filesize
4KB

Download
memory/3380-738-0x00000129B7820000-0x00000129B7821000-memory.dmp

Filesize
4KB

Download
memory/3380-739-0x00000129B7820000-0x00000129B7821000-memory.dmp

Filesize
4KB

Download
memory/3380-740-0x00000129B7820000-0x00000129B7821000-memory.dmp

Filesize
4KB

Download
memory/3380-741-0x00000129B7820000-0x00000129B7821000-memory.dmp

Filesize
4KB

Download
memory/3380-742-0x00000129B7820000-0x00000129B7821000-memory.dmp

Filesize
4KB

Download
memory/3380-743-0x00000129B7820000-0x00000129B7821000-memory.dmp

Filesize
4KB

Download
memory/3380-703-0x00000129AF140000-0x00000129AF150000-memory.dmp

Filesize
64KB

Download
memory/3380-745-0x00000129B7820000-0x00000129B7821000-memory.dmp

Filesize
4KB

Download
memory/3380-746-0x00000129B7450000-0x00000129B7451000-memory.dmp

Filesize
4KB

Download
memory/3380-747-0x00000129B7440000-0x00000129B7441000-memory.dmp

Filesize
4KB

Download
memory/3380-749-0x00000129B7450000-0x00000129B7451000-memory.dmp

Filesize
4KB

Download
memory/3380-752-0x00000129B7440000-0x00000129B7441000-memory.dmp

Filesize
4KB

Download
memory/3380-755-0x00000129B7380000-0x00000129B7381000-memory.dmp

Filesize
4KB

Download
memory/3380-767-0x00000129B7580000-0x00000129B7581000-memory.dmp

Filesize
4KB

Download
memory/3380-769-0x00000129B7590000-0x00000129B7591000-memory.dmp

Filesize
4KB

Download
memory/3380-770-0x00000129B7590000-0x00000129B7591000-memory.dmp

Filesize
4KB

Download
memory/3380-771-0x00000129B76A0000-0x00000129B76A1000-memory.dmp

Filesize
4KB

Download