hxxps://drive[.]google[.]com/file/d/1-CbSUQqL6fb1PQgf2fOlJTxpmivZLpEr/view?usp=drivesdk

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1-CbSUQqL6fb1PQgf2fOlJTxpmivZLpEr/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
98	drive.google.com
3	drive.google.com
7	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687254449077064"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5076	vlc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3636	chrome.exe
3636	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe
4516	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5076	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: 33	1624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1624	AUDIODG.EXE
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 2700	3636	chrome.exe	84
PID 3636 wrote to memory of 2700	3636	chrome.exe	84
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3048	3636	chrome.exe	86
PID 3636 wrote to memory of 3024	3636	chrome.exe	87
PID 3636 wrote to memory of 3024	3636	chrome.exe	87
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88
PID 3636 wrote to memory of 540	3636	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1-CbSUQqL6fb1PQgf2fOlJTxpmivZLpEr/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9687acc40,0x7ff9687acc4c,0x7ff9687acc58
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4004,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4724,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4504,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4500,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5332,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5568,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\screen-20240613-180641.mp4"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5500,i,16307426547210606543,10728408671989520110,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4516

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:756

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5c61e177b14161cccdc0f82284a5dfff

SHA1
76479bdca3bcd58859c0f22b0abf8d07deda9975

SHA256
94103b19ffcce44d690049818dc1b449d5ec5d99cdb169af849414523e2dbce0

SHA512
60d54028961da1eda7bdf721f775e063b7d70d94d34be3f51be73d46725ba3cd0c8844245628e4c21ed9fff4d14d31b2a8f6d43f382569a7437f6612429ccecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
adf7c957f3355b427ba6b3054ffcbb7d

SHA1
c6d88e4461611dda18126370fe0392f3ced69e7a

SHA256
fcc1795bf741820f2d21ab4d04ecd5d347069a19e603b64766b1f4a4b03719e4

SHA512
ad181eef044e8b452134555e2ddc843630619e2398a5d72eb758cc3ff28aac593462c954db2ca3bafc629932ec51c1a6ddc90ea98addcfbeb57d589bc4317a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8782e16be526325b4f6434e4028d64e9

SHA1
e962e546e79a9fc06c6d550931063601b0541970

SHA256
c5539779ed3e6fd80ac3d86ff04d1e4d4f6bf1db5afe71997aaca90aa0126510

SHA512
f1bece132881f264d327e390548e9cab0f0753188ecf562d0f58580b89bb80278f2025d3081ba62bbe790867103daeccfaebe1b7ca92c42fde671952aba115fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
99fbcc3e8b4c9f59ec2be2b48fc626c8

SHA1
550e6e4b6d3dc617902a5365a866a1bcf3bc7668

SHA256
101c2d6326575fb9e65680e6dac60c06eaf6d1785d8adce7c16a29e1c9dfdfd1

SHA512
7eb05100afdabce264e56994a2154362d3aea12ac09eae951ec4c2b9057bbf8aa3c97c3fd7d4f2294cc45d93be998817e36a708fb81139263d374c1023761add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
7f37c67d31e4cd6ff431b5515cab6920

SHA1
e541f332488c33d3b5da6278f691ff719ce8db22

SHA256
fd3eaf4a782ad3e506e35bb357f66171051d9f0a81dd62232ebbec074f7252ae

SHA512
a607583ee2f790c26865a214030011434b62d9bbe58be54695c0dc6458cdd5312168796c718b9acc0fcc5911f74d7dd35c57dde625047932cfc08335d5b40d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f773f05f0a0f90bc7e4e47b2a3bacf36

SHA1
82424e8aa809d61ab10f6844cc190a9347506f27

SHA256
852c728ad5b20777e1ea58e56689bfd06c2f55fd63dc1b32f494e9be4b2c162d

SHA512
c396b4d63429f4c873eaba6a15efd7a3eaa75df08b09d47af82111fb745f79d3443c3faa95c63bd93168cc89630792994227fbeb9e292310d1e55ae1ac56f52d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a89b04fdd110cb9a3adb709ba418179c

SHA1
075aa5b1568d9c4d76af745c2cc746a3ab6ea0eb

SHA256
673efc6213942a28bb2dc596ef9b5fd996f1d453334032a5f6434b28ef7d2d20

SHA512
f87746000c6a20fbb2cc00fbaa4880853cafc737463576b576d11498c9740c722850ff01bce35dc0561303cded21d7e802254c1fbcbfdcbdfb9d517b000ff076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c3da9939eaecde1e9c4fc45a0c7e235f

SHA1
d5439dc4714fff401a186879ca99bcf4c475e7ca

SHA256
fad5a03e5a55cbfaab2aca2f0e6259c858c573341fa07d50240616aed00f24ba

SHA512
7e0ed3964e4f6b0460af7d1bab60ce80c024c7c412fa3618f84799d84b7b2ffbb72659b01efa5386f1ca77d4c7d6aa72b7a7bdc4dfbf043c595e04e5e4526aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d42b0e92d0f05a2cb5e392fe565379f

SHA1
ab64e9552055d1bcb7be736763584242672a9b20

SHA256
93fe1a7d4ea7000ea563d9dd047cc69fbb329091cecb1a391de99bc291c1be89

SHA512
2c02fa65dcbced15cb60173e7a3a4d9c3aef7fb6c3ff9da742a0ba91cf42916bb60eeeb1649c2bea721e17e386923b87d015a11cab60fdb66bb367deebe938a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
94f9acf70863c05b037a7786a32131aa

SHA1
3eca69bf4b52ceb75f51602a02d01f863a571444

SHA256
c181f621b0fd76b7cbeff00f4e82fd4bc2c74d44b04e61e2f909ffe777504113

SHA512
d40430bc0861f58d90be4afe625ed5134b5e749f276d0a6dd713f472eb27f251ebcc791b9c84e05d8b84efc191fc5d3d6c67cff85992112ecf491c56f2c2a9a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a5295e5502a359a8b0e50ae9f521aae

SHA1
e3be9767774488d5325eb7000eb6877d260e3630

SHA256
6c016260ef6044a8505d920e1784167a1cb16d563b3a7b318a52ff1217d29fa5

SHA512
c15ebf5232689349955ad4beb7d2ec82284002f6638c5fdb19da2d9321943894a506311d2f83422f47ea5644ca30ad396093c83cb7dcdf341f94676936a264fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
06b7e16ce26cd2e7e7c26af1792e741c

SHA1
201267eba5da2e5d57ce67cd2d6dcec180360971

SHA256
9bfcac1fed75c29a0f0a96b69cc0aa368405f42f57b94d1d1ae766275732c002

SHA512
cb6e4d1a9b7f5d78f32cb09f4cb7a4b3c152f1f6d32e176b04826b2de9d71f55f83bebfbf40751d864bd18381e98e083cfebc871b7f04f7684120505f16d86c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b2ec31681dfa2078aaca0ea94d8f9d09

SHA1
238ecf86de12c1442e5b4322680f5f20adfec25d

SHA256
e0a86193e5b2305a7d8e266672fa3f27ca55e92925ae09bd2571a7ba2d54435b

SHA512
51c8688dc83b326f6a43bb2cce98ce093b944f7366c8792ed7db915d5862274853c9605087b60f519f974626c04a2f62464f980605e3ed03a34bf99cde33f51f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5b1ee5fe11c7d7326b16202671d8ac0

SHA1
34b54f0e43927e13368d5d59a28dbc35e5b43ee8

SHA256
4c9a4e4001cff0c30255d9594f9d5e25a96afb85ad93cd249c6d55dec2c3d845

SHA512
b8df4b2f540d8435e0ec4cae4aa47706bbab3480a880a470c9d100a6d783de673d7e27c354ba2250767d3ef670eb25e5e8576e2fa8ac322ef9166fe04be8aaaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d7c1db318978388275d74efc520f4b3

SHA1
59dd45d16a6a44df61ffa08df79d0d7ec7765443

SHA256
d015bbc9faeabf780b55234c3afed05f10b49f514753bb4243e39ce8f12eb8f7

SHA512
f452a3344d7405d0c15f5c2fd75a9fc1a57c26e696d02c64711bc6fcba182ef3512cc9f040218996b8aee2d8e7f1ea765da859525758bff1eb0bbf72449fb5c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
90B

MD5
e27be7852bd2419f1bf32a34a1dd3787

SHA1
4183f695e225b322cded5e11795022ea9098ce18

SHA256
45d35c262c222f03c368d3d93ddbe4fd9dede1544ab2e3a50940427472767004

SHA512
ec672fe201dae616c6816a20a41baf34a879939f87f965296e7494e29421ec08618eae20936da7d3fee12a47e8901da15eff0c098b1d2484bddd4f082f50c35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5798a6.TMP

Filesize
154B

MD5
62f17c128a44676e7a169b5c16fab2a3

SHA1
d8deaefa201411261ddd66ac35a3de62550d7f69

SHA256
3a1c7fb7c678c164a123f2ad138330541650b6c72ec5d6f9d57750edc5aec6cd

SHA512
bd33cd13696efe721bcf1d7ab003bd1aac5b72e39d735c79109346d4cf1e65d76261943447960771be6e90bbb92d664844887b49152c19de7daa5479081efd0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c99135239f21c3bce6e6650c6011812c

SHA1
bd95f169397e6326cd3f83488687cdc9d2f276d7

SHA256
9b3dc35b7c668c41478d9b0e41f38eff910d51536590272f9c23479b8479bceb

SHA512
954e319ab90fb06530bbcc967d504a2a622d394beba7743173429852c4e308e732a503a7cbeb530c3824c40a55436841086be7ef3a47be0684007e41b99c7e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
cb65a5ed484e1f6d72749f3705350fad

SHA1
b3819bc4f40c3d9e601944a4a99723394a0f5953

SHA256
ea88af58e4b375a6241d7e06f6fd0eb386ee1388cc2e9b1940624513ef7b38c0

SHA512
1fff67476faa8ac9f776b966f2dbc0fbd5b6a85d839cf292b16b554efce7b519d07ade72dc6c63558dd66c3d22f5cf8bbf69d8e48c06d878d8baca4f3828943b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
84d17b23d8303912f27beccc85b1868f

SHA1
48b183b84620d93e691865c3de007efaecad89fc

SHA256
45e3d218b52ccdfd6a112c8705dd304151121b11e4a0a16200d7f706bff77def

SHA512
ba294b61be805f2652be941734b11c9957f88cb1c1ab1ff2b05732c057b2db7ef23b40d768d52177d8e1041517b78fe7bbcf747313916ff0f9a1e648ea01a27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
5c53b68ef98e4df8e7a41ca52be04627

SHA1
93bc5d5a9de6b768703fe78980ed5957960eaeee

SHA256
ea976dd56ffb05635ca2e0b41481c730a62371b76687f816fcff87355791a26f

SHA512
7f9325198061daf50348536e71afac86b8a2c3575fade74806e8b7f9eb8048c1f22286470dea26cf555a10ccdc70ffca2582b7312629ca3f9ff3e2f0b2a3ecc9

Download Submit
C:\Users\Admin\Downloads\screen-20240613-180641.mp4

Filesize
18.9MB

MD5
df07579f855722269b9550a0b7e8ccfc

SHA1
b68846120880e55679c085187a10a1122103c547

SHA256
ca23274ddfd552446c3ef1348a6bf84b471c14f13d76f30daeae462fc8af3587

SHA512
13958f86da25740b070045df2cef145fcf91911526821f8f090673d311506c312b8995a64bc45467735aefb5a7be7fdfd931f5035a467d083ff1544217a28afe

Download Submit
memory/5076-229-0x00007FF953640000-0x00007FF9538F6000-memory.dmp

Filesize
2.7MB

Download
memory/5076-233-0x00007FF9561D0000-0x00007FF9561E7000-memory.dmp

Filesize
92KB

Download
memory/5076-232-0x00007FF9561F0000-0x00007FF956201000-memory.dmp

Filesize
68KB

Download
memory/5076-231-0x00007FF959650000-0x00007FF959667000-memory.dmp

Filesize
92KB

Download
memory/5076-230-0x00007FF9688E0000-0x00007FF9688F8000-memory.dmp

Filesize
96KB

Download
memory/5076-244-0x00007FF9548E0000-0x00007FF9548F1000-memory.dmp

Filesize
68KB

Download
memory/5076-243-0x00007FF954900000-0x00007FF954911000-memory.dmp

Filesize
68KB

Download
memory/5076-242-0x00007FF954920000-0x00007FF954931000-memory.dmp

Filesize
68KB

Download
memory/5076-241-0x00007FF955D70000-0x00007FF955D88000-memory.dmp

Filesize
96KB

Download
memory/5076-240-0x00007FF955D90000-0x00007FF955DB1000-memory.dmp

Filesize
132KB

Download
memory/5076-238-0x00007FF94D120000-0x00007FF94E1D0000-memory.dmp

Filesize
16.7MB

Download
memory/5076-239-0x00007FF955DC0000-0x00007FF955E01000-memory.dmp

Filesize
260KB

Download
memory/5076-247-0x00007FF953640000-0x00007FF9538F6000-memory.dmp

Filesize
2.7MB

Download
memory/5076-256-0x00007FF94D120000-0x00007FF94E1D0000-memory.dmp

Filesize
16.7MB

Download
memory/5076-234-0x00007FF9561B0000-0x00007FF9561C1000-memory.dmp

Filesize
68KB

Download
memory/5076-283-0x00007FF94D120000-0x00007FF94E1D0000-memory.dmp

Filesize
16.7MB

Download
memory/5076-237-0x00007FF9541E0000-0x00007FF9543EB000-memory.dmp

Filesize
2.0MB

Download
memory/5076-301-0x00007FF953640000-0x00007FF9538F6000-memory.dmp

Filesize
2.7MB

Download
memory/5076-235-0x00007FF956190000-0x00007FF9561AD000-memory.dmp

Filesize
116KB

Download
memory/5076-236-0x00007FF955F20000-0x00007FF955F31000-memory.dmp

Filesize
68KB

Download
memory/5076-227-0x00007FF743DC0000-0x00007FF743EB8000-memory.dmp

Filesize
992KB

Download
memory/5076-228-0x00007FF956210000-0x00007FF956244000-memory.dmp

Filesize
208KB

Download