xworm | 1abb33b881408b0341a530de14b0afdb88b96ffcd0254dd397848db3e6508803

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2024, 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cry.exe
Size

1.3MB
MD5

a4c1ea4b6e69e69462efa7659ff6f48c
SHA1

cf71024bf28f10f63bf7cd27dba64d406c2ed97c
SHA256

1abb33b881408b0341a530de14b0afdb88b96ffcd0254dd397848db3e6508803
SHA512

be527013711f308bb9a0deb65b11066570e86cee896041d55556dc8566a2476bc96ab089ca155030397d95fd8d358170bc2f5b0bf97efd579dd464b1ca803507
SSDEEP

24576:/84F/cDq4sTq+gdI2W+7nMS9LJf4bcwGCYVgERFh7IfEx0ECnaf:kEcyjgmkMS9L2cFCER0f+0ECna

Score

10^/10

xworm credential_access discovery execution persistence rat stealer trojan

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:8895

162.230.48.189:8895

Mutex

ZRGtN7NDh24Vx89x

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/5000-1120-0x0000000000400000-0x0000000000410000-memory.dmp	family_xworm

Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 4728 created 3436	4728	cry.exe	56
PID 4236 created 3436	4236	tmp24E8.tmp.exe	56

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
Downloads MZ/PE file

Uses browser remote debugging 2 TTPs 7 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
792	chrome.exe
6004	chrome.exe
5456	chrome.exe
440	chrome.exe
1648	chrome.exe
920	chrome.exe
4744	chrome.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	tmp24E8.tmp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	pedtrm.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ReturnType.vbs	cry.exe

Executes dropped EXE 3 IoCs

pid	Process
4508	pedtrm.exe
4236	tmp24E8.tmp.exe
2264	chromedriver2.exe

Loads dropped DLL 2 IoCs

pid	Process
1436	InstallUtil.exe
1436	InstallUtil.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\github_install = "C:\\Users\\Admin\\AppData\\Roaming\\github_install.exe"	tmp24E8.tmp.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
92	raw.githubusercontent.com
93	raw.githubusercontent.com

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Start PowerShell.

execution

PowerShell

T1059.001

pid	Process
3632	powershell.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4728 set thread context of 5000	4728	cry.exe	87
PID 4236 set thread context of 1436	4236	tmp24E8.tmp.exe	123

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ntdll.pdb	chromedriver2.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\symbols\dll\ntdll.pdb	chromedriver2.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\chromedriver.exe.pdb	chromedriver2.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\exe\chromedriver.exe.pdb	chromedriver2.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\kernel32.pdb	chromedriver2.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\DLL\kernel32.pdb	chromedriver2.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\symbols\DLL\kernel32.pdb	chromedriver2.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\symbols\exe\chromedriver.exe.pdb	chromedriver2.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\dll\ntdll.pdb	chromedriver2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pedtrm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tmp24E8.tmp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752171685883069"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{DC5F9841-C6E4-4714-851F-A7EB5735292C}	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1436	InstallUtil.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4728	cry.exe
4236	tmp24E8.tmp.exe
4236	tmp24E8.tmp.exe
3632	powershell.exe
3632	powershell.exe
5792	msedge.exe
5792	msedge.exe
5472	msedge.exe
5472	msedge.exe
4236	tmp24E8.tmp.exe
4236	tmp24E8.tmp.exe
4236	tmp24E8.tmp.exe
4892	identity_helper.exe
4892	identity_helper.exe
1648	chrome.exe
1648	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4728	cry.exe
Token: SeDebugPrivilege	4728	cry.exe
Token: SeDebugPrivilege	5000	InstallUtil.exe
Token: SeDebugPrivilege	4508	pedtrm.exe
Token: SeDebugPrivilege	4236	tmp24E8.tmp.exe
Token: SeDebugPrivilege	3632	powershell.exe
Token: SeDebugPrivilege	4236	tmp24E8.tmp.exe
Token: SeDebugPrivilege	1436	InstallUtil.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: 33	1144	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1144	AUDIODG.EXE
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeCreatePagefilePrivilege	1648	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
1648	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 5000	4728	cry.exe	87
PID 4728 wrote to memory of 5000	4728	cry.exe	87
PID 4728 wrote to memory of 5000	4728	cry.exe	87
PID 4728 wrote to memory of 5000	4728	cry.exe	87
PID 4728 wrote to memory of 5000	4728	cry.exe	87
PID 4728 wrote to memory of 5000	4728	cry.exe	87
PID 4728 wrote to memory of 5000	4728	cry.exe	87
PID 4728 wrote to memory of 5000	4728	cry.exe	87
PID 5000 wrote to memory of 4508	5000	InstallUtil.exe	104
PID 5000 wrote to memory of 4508	5000	InstallUtil.exe	104
PID 5000 wrote to memory of 4508	5000	InstallUtil.exe	104
PID 4508 wrote to memory of 4236	4508	pedtrm.exe	107
PID 4508 wrote to memory of 4236	4508	pedtrm.exe	107
PID 4508 wrote to memory of 4236	4508	pedtrm.exe	107
PID 4236 wrote to memory of 3632	4236	tmp24E8.tmp.exe	109
PID 4236 wrote to memory of 3632	4236	tmp24E8.tmp.exe	109
PID 4236 wrote to memory of 3632	4236	tmp24E8.tmp.exe	109
PID 3632 wrote to memory of 5472	3632	powershell.exe	111
PID 3632 wrote to memory of 5472	3632	powershell.exe	111
PID 5472 wrote to memory of 5668	5472	msedge.exe	112
PID 5472 wrote to memory of 5668	5472	msedge.exe	112
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5776	5472	msedge.exe	113
PID 5472 wrote to memory of 5792	5472	msedge.exe	114
PID 5472 wrote to memory of 5792	5472	msedge.exe	114
PID 5472 wrote to memory of 5896	5472	msedge.exe	115

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3436
- C:\Users\Admin\AppData\Local\Temp\cry.exe
  "C:\Users\Admin\AppData\Local\Temp\cry.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Drops startup file
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4728
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5000
- - C:\Users\Admin\AppData\Local\Temp\pedtrm.exe
    "C:\Users\Admin\AppData\Local\Temp\pedtrm.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\tmp24E8.tmp.exe
      "C:\Users\Admin\AppData\Local\Temp\tmp24E8.tmp.exe"
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:4236
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://trashycontinuousbubbly.com/wkhy5rzh2v?key=8f87e6d0bc0d653ad051bd077c8dd5ad"
        5⤵
        Command and Scripting Interpreter: PowerShell
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3632
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://trashycontinuousbubbly.com/wkhy5rzh2v?key=8f87e6d0bc0d653ad051bd077c8dd5ad
        6⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:5472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffcd51346f8,0x7ffcd5134708,0x7ffcd5134718
        7⤵
        
        PID:5668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        7⤵
        
        PID:5776
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5792
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
        7⤵
        
        PID:5896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
        7⤵
        
        PID:5288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
        7⤵
        
        PID:5304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
        7⤵
        
        PID:1144
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
        7⤵
        
        PID:5172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
        7⤵
        
        PID:2680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
        7⤵
        
        PID:4776
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3650464752592065557,939741562241345161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
        7⤵
        
        PID:3988
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of AdjustPrivilegeToken
  PID:1436
- - C:\Users\Admin\AppData\Local\Temp\chromedriver2.exe
    "C:\Users\Admin\AppData\Local\Temp\chromedriver2.exe" --port=57085 --disable-build-check
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:2264
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --autoplay-policy=no-user-gesture-required --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-extensions --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --headless=new --log-level=0 --mute-audio --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --window-size=1280,720 data:,
      4⤵
      Uses browser remote debugging
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:1648
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcd595cc40,0x7ffcd595cc4c,0x7ffcd595cc58
        5⤵
        
        PID:3152
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-logging --headless=new --log-level=0 --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --enable-logging --log-level=0 --field-trial-handle=2036,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2032 /prefetch:2
        5⤵
        Drops file in Program Files directory
        
        PID:5788
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --mute-audio --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=1912,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:3
        5⤵
        
        PID:1812
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-logging --log-level=0 --mute-audio --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=2320,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2496 /prefetch:8
        5⤵
        Drops file in Program Files directory
        
        PID:5164
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --autoplay-policy=no-user-gesture-required --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
        5⤵
        Uses browser remote debugging
        Drops file in Program Files directory
        
        PID:920
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --autoplay-policy=no-user-gesture-required --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4052,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4068 /prefetch:1
        5⤵
        Uses browser remote debugging
        Drops file in Program Files directory
        
        PID:4744
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --autoplay-policy=no-user-gesture-required --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3104,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1
        5⤵
        Uses browser remote debugging
        Drops file in Program Files directory
        
        PID:792
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --autoplay-policy=no-user-gesture-required --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4740,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:1
        5⤵
        Uses browser remote debugging
        Drops file in Program Files directory
        
        PID:6004
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-logging --log-level=0 --mute-audio --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=4940,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:8
        5⤵
        Drops file in Program Files directory
        
        PID:536
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --mute-audio --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=4936,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8
        5⤵
        Modifies registry class
        
        PID:4184
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-logging --log-level=0 --mute-audio --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=5384,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:8
        5⤵
        Drops file in Program Files directory
        
        PID:3508
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --mute-audio --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=5624,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5752 /prefetch:8
        5⤵
        
        PID:5796
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --autoplay-policy=no-user-gesture-required --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4948,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5764 /prefetch:1
        5⤵
        Uses browser remote debugging
        Drops file in Program Files directory
        
        PID:5456
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data" --no-appcompat-clear --autoplay-policy=no-user-gesture-required --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4624,i,457296439689718078,6531306161242341112,262144 --disable-features=PaintHolding --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:1
        5⤵
        Uses browser remote debugging
        Drops file in Program Files directory
        
        PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1312

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1380

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1144

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Modify Authentication Process

T1556

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Authentication Process

T1556

Modify Registry

T1112

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
9a31b075da019ddc9903f13f81390688

SHA1
d5ed5d518c8aad84762b03f240d90a2d5d9d99d3

SHA256
95cf4025babcd46069b425449c98ed15d97d364b2461417caa9aa0c13cb372e1

SHA512
a04726a429ae727d685f0836327c625d2f18d6327253216a9a31265a324b68b06bec4e7f1b744d261a0e67fa0a90c43719aeda9d2998f42525b0ff5640c7bf1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9e930267525529064c3cccf82f7f630d

SHA1
9cdf349a8e5e2759aeeb73063a414730c40a5341

SHA256
1cf7df0f74ee0baaaaa32e44c197edec1ae04c2191e86bf52373f2a5a559f1ac

SHA512
dbc7db60f6d140f08058ba07249cc1d55127896b14663f6a4593f88829867063952d1f0e0dd47533e7e8532aa45e3acc90c117b8dd9497e11212ac1daa703055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9018eefe3b235c902b66f18852b13678

SHA1
5ff180d89c19ff6fc889162bfbd97237e9b09ffa

SHA256
3b0ae26585b19ec7581d2503bf11fbd88bb6375a47d4157daf5df897c75ab1bb

SHA512
e8c851c4daa9baa67c325b1b459bec79d1905e202baaff2b43971412967d65c05365605e6460962d491d1ac218ea6319b990b008dccb1a30f6ce943b7526330b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
4136dfd0f7c3dc5e5f27727ceeba6c24

SHA1
4b4a3e5e84d78c2a2d07ba297b217c7e57b80f9e

SHA256
54d3cb3c9c42edfe2140a67491b06ebb77475193727a6975c93326ae193a34d9

SHA512
e76cb61d6cd608767e04fdbd52521583f206606860284bd55584f4c5a5226343aa20d2cb1c543c9165b78a807b34bfb153ccca0e975ddac718ac92e0ddfd56b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
195058e9083c8c2601335186c0794754

SHA1
d942f04578a8a21d023a02a68b5850b3f665eb02

SHA256
7080e7629156796917fb4a4f3e588085badf4e8b0f0c637bdbe2022d5536d026

SHA512
b5d133fe79d4bf450c75f1707129d97a3e55cd725f9b61cc4f1ec93881ec6e1942f283e357c67d02c21785455454e73ed6cdcbda507ba4943e1c8295771e5450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
727ddba6c69d2e855820b57ad8a5cda7

SHA1
2d53b1c7e3ab91a0c3a33cfcf75b7d9d3bf1e202

SHA256
20b34e761ac58e4c1d3be056e0ca65e1372143e4dd4fad25c19f1f45f2e2fc19

SHA512
e3137d4f4b872046c2c0edf72b4a8f14751a2f265ae0703409a78ff2bd54f877924ec445b550e69d09171503cf47e6ddbbd341cfa7e935fb985add2545d3bc98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
0a2342c9f2842f4378b10f3f9989e61c

SHA1
fc180864298f91a35afaefa125ee65f2a87f3273

SHA256
fe09b720b55c9443f8dc5effc68952b33593173fde8c0e194e70bdf045b78464

SHA512
8ae11510f187a912c0e94cd4e1514ae0502bddd0beea043c8abefe3e218c4f2d5778e2b0b9147e93752cb277c6183153008d5253217de67c59fa8e6fd269c11b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
9666d74b18f57389ee2d3dee5073f71a

SHA1
1830bc2670e616a1da1af27157159e6677a5ad63

SHA256
6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae

SHA512
69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
ec84123574b7eab27b7b6d2e9220d8c0

SHA1
3c0cdf18bb0232d24b342ce32cd9285034ad4353

SHA256
747842cd958baa5e19ca98963e6e22c3805a55b1f02ea5b4c3ee8ba1e17f51be

SHA512
07e0fd133f9af37b581e3bad0c94a284906465a76c1c56c31c7fee70985ecd02fb4c2826c21009980747a4f0c7b8e1a0789ec4ed7be72bd7054433de45fe3c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
d9c315186d82b70915eff6fd0acf9b98

SHA1
eaaa21753a289a80142ac5e79fb464403e6dc864

SHA256
52c5166fadf8b754dfd176837e3df77d48e2b1e1fa64a00db73fad114430dc9e

SHA512
6376d77361d33884b997794747790894a6009cdf07f437dbd69fc9649b8f43a570f27bcde1a072cebe87ec692a5d59b8a164566f53429cd9a39a013ae3a1e168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Favicons

Filesize
20KB

MD5
b40e1be3d7543b6678720c3aeaf3dec3

SHA1
7758593d371b07423ba7cb84f99ebe3416624f56

SHA256
2db221a44885c046a4b116717721b688f9a026c4cae3a17cf61ba9bef3ad97f4

SHA512
fb0664c1c83043f7c41fd0f1cc0714d81ecd71a07041233fb16fefeb25a3e182a77ac8af9910eff81716b1cceee8a7ee84158a564143b0e0d99e00923106cc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\History

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Network\Cookies

Filesize
20KB

MD5
ee2925286655814ed139471ef7557831

SHA1
41e1d0bdc01b21b547c3b0da3bde9cdaa4d00b31

SHA256
b5165ea253f409947324c51ada5cde9296d68d0862bbdf0e373c5588cf22f3e0

SHA512
9ee6194b09d888289f1a5ceaffdd548dcbc856d5b57e155d3bb88c1a02345664e30b597401085813b0421c3aa6982059270b8f9c2b53ba3136f579e00ce71641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
50e8c32cf02c215409e9e9ab83c8fdc0

SHA1
ccf07b4f982733d23e000d47716d361289411931

SHA256
6d3fe94efb57533175d406cf497e9d5d313f9a517bd1e08a3f4c0e18b7819481

SHA512
34168579536615fcd2ede910deba412ee89c288ecf14bc34e9019c929978fe327d91caf760781a6376f55c4b24342180636fefd4ba4fc3057cd0e7520caf6080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
a5ae429bc6bd584b0a4fb17344ee9fa3

SHA1
1519c1b826ce33c8d87cc9def53f070c25643e67

SHA256
cb061468cf6ccae0cfd00d561e298319f04893998b21ab6d454e5a74c84625c3

SHA512
4ef3216e098c94a0458ea6d941ab124a5c0306971dffe9a4e0eda19a71d60ffc4dabf3954c11b36f2a3ca889e15195acef3b6779457434874a36df5ff15c33e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9c140c1beefaa24a0ab50db553961c6c

SHA1
444ad55a8c9b338f58f3174a0b61f57fdc31f676

SHA256
ced35ffc1180b4195dc619c8bf2bff6a8d2afe1340b00213e3a86fea37e5de25

SHA512
915bb1b06a1ee45fcce30fff46c56ac8c586a1cf7d60b4b2ea46a61e5ee7194bc903e32f1f35f217a679d38eb293116c400305b845ecd8816e40297cbad61ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
8c1cad62260c816c0f0ef018074a416e

SHA1
d3cc9a8a79491ff0804317df8f7078a559d8a3be

SHA256
4f639c0551f76eed72d5a2c6e2b1049bcf9a4af15df0ea623d5dfd2db7bf1479

SHA512
45078423aa8f654dfca507cd3cc4a34afdd5f6c21b812a4b76505c2d633cee8693cb4380bf379e5300bd90fd65e401983f6302691ab29f4e69d4b06ef348a6cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c9c1d7418162a6e38227a08f507fdc00

SHA1
99ee106cee6f4df8eb216e937066ce321fe0ff93

SHA256
13451197e4467295d8d02d60e2b35f94ebdaafb8fc4fb461a00e7ea757763e16

SHA512
ca5a9bf50c0a6a0a487e9b42d24d92b67b2496cac41e0352b45e6e2810c49231ebbfe168f1783e9984e93872874ec573ce06a0a054659e4a7f03d9f229868d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Network\Trust Tokens

Filesize
36KB

MD5
767a7db34589653629c0d4299aa9eb7a

SHA1
57375ca0b80b3c856b76b3b080270686c90ccb8e

SHA256
78a4734f08b47286a3736c88c6fc481f76bd2b1a46e29d0920939f088ce899fd

SHA512
a01b63edaceab16394320bd2d9152faac7f0c3971001049e8e931b6403f97d8e5e6f4e9020a446cfb573241321cfd26c3d982f30139799fa7fc32617cd1ec859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Preferences

Filesize
7KB

MD5
d67595b76554f3d404f79ff44e500f6e

SHA1
f77fb11b945a7c52426aba512f1721d8619fdd26

SHA256
89cb47eaf3dd9c106ce4941bfbd6a2806ed7f64e85b43ec3b9902c4a591750f1

SHA512
f7115b1c53e9c5f56594147e0e2664115f0f5a00cdc13ef1984924a4700c179469fd66175fb7ee1c71cda8254339aa203d00ef37ddacd43d33d30eaf13abda1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Preferences

Filesize
9KB

MD5
14e436395ee068e69617b74e9ae5dd3a

SHA1
4c63271bcdc552f8b0eb7237a4921b33f9348ff5

SHA256
d9bc961cef34ce43bff80140a5c01c49c7a97d1ffe2e72b51ef889373d775862

SHA512
e95d6199c29ee1fb021552437f03c86229e40786315d1c0bfafe1e045c8a1584bb34ca335dc37146e8b28455f412f5e63157e2f3e336816d0588028ec0bd894a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Preferences

Filesize
9KB

MD5
c93669f4473787df7e98a2e24808afda

SHA1
9c22b13c99b939818ccc9834d1a6ba980848dd9c

SHA256
50cfa283865eb365ee33db79365eb4a6efcd982af76985bcfdf4f78e23c8b242

SHA512
0d93a6ee592634834d7f1a2aa694f28dd95104cf853a693c86d53ed939ab854ba1c6f242fe9f18fcfe71fd00def826e39d910e57285a0b74018b3e843fe4eb6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e2f6740589a4b570eae3bde32ad6e60e

SHA1
f480cb3fe10ff7338916edbea9ed63bd01175122

SHA256
56cf9ec20fd3892b742bf6518f974734d753e9fd5157b33199d8b82c8a09c318

SHA512
4148c0ab36f82aa31d3343eeae7c16e7c66b948aa0124efa207b76ae067b33c8b4495faa25f6f2241408bc400f45e86b3c33ec0d2c5323065b320747565ac42e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Secure Preferences

Filesize
9KB

MD5
3a3a422afaecaa6c8dfba7b409ee5bf1

SHA1
657d4f48322514992d502cbca1882de9144250db

SHA256
3f2feccd4d82bf27ee64192ec92d221bd777675dd8e5183fce56c25751b5f940

SHA512
86c3636c4c3572f9c1c85f9f8b0b9af207add1a810fd9c8cc91327d9d238c4a15b309d7192e8ba012dc3c58eb730cf971b85d3e0564d71c35196b48bffd5e94c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
2ee3485b92eb729ea2ad72019228ee65

SHA1
ec0ac881469f0c9cb0c34d7f03051312d546085b

SHA256
759feeabeac16ded6635dcfbebe9f7891df32494c1186809607c272357b4a4b2

SHA512
cd70b88e6d04dc5fddad106d1f26a524c2e23ffec3e0137e9d38ebac9f11cc1f1e9de6d8fa175294338b1f31ace99855c92d147f69d36d9d2c1e0a7fa3330949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
34c470fca2a3e99fb4b323c80f6269f9

SHA1
cf02111b44d9becdaaf1b5d2ab267fde12aac018

SHA256
0716bcdb34b3c25895f62b6c29bb7093b74f70370ef16e228babf4357b58b8ba

SHA512
d52d9fc659d52f5c9cf416d877312b289827b3ccf9e01295bcc4c85d73d7ead21067de017062eef700d583b3d5e12058ac1a62af74446872e3bb40d30554f59a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
764dfbd4ed8000e19f83fdd8fe8f1148

SHA1
21f77d71989671856e387ebc0a9d74f47a5731ef

SHA256
183c42eebe96b84dcd3afe544e574ba1fdaec7010d618b333c0788c6a0acf1ae

SHA512
552442047e1ea8f25d6639562e6fce69c8a24b441e5278e887427d720230f575885a0fa68636d623fc919981316572cfe64b76d1345f8c8fe99d3ad7e60842ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
b7129fd699da928556ab7c981a3a1f4b

SHA1
a0b5f28ed04217ae7ba9dae29e322b230e33ec8d

SHA256
100af64d6f0011db9b8b7e12c16e7055608ed10f0b9d649ccb800094620bceae

SHA512
8b91a2ddf11a07a28e6c213c70c6860d7cb80c13425ac644e3251eb4ce636959a0c6f1e0bb8590645989494ff65f2144fa25ec22b3dba71b8a48b019b946bd5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe594caf.TMP

Filesize
119B

MD5
e846abe7e682a93f9e4681f924d6b0d8

SHA1
9f42d73ff8b1806c85634836a1e64945f4a6fd28

SHA256
547bf1659c6bd63d59a52ea07df3d14847ab4d2671e5d6e9a33d7e0e6b8c00bd

SHA512
92195e25e065017e2febbc91e5944ae7785a66de08b58fe2efd0ecc23f9d9c158e4c12e3a25b864aa64ad3ccbaf4c074ac3a975dfb3d3c4268837795e4837e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
5757055fdafee619057feb0a1650af99

SHA1
5b950eacf7f74f99a235bfa8e5978bb60a88a1bb

SHA256
2aa808760546e983770d4dce7ae14f465b01941dcc3c5309033341c6f77acbd2

SHA512
a980756db63db87687e42be71939ceb33840e5f49477e57e49b2d869fd334d05461f188ff2d797e3a6de358d7f93830d222e383749c54fee161e285c287055f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
201a8335d85801a94414eb94489f8ce9

SHA1
34b99c872fed9c3788bdd5206bb4c01e22099e8b

SHA256
df56b9157460e8f91d4249cba8a330eb53c92b7551f9e9ba2e25643a1df3a9ff

SHA512
dfb4ad735a888fbcc2b90965fb35f19751ce4252f68d6d8b17e69e9cfbb7580b0fe56ff5e054d2e0ceb67dd3388eb2243e836283e156ac6131d73585a857f6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Service Worker\Database\LOG.old

Filesize
295B

MD5
2872400c2272c2e7b07b912176a3c9eb

SHA1
f39ec7736e31d94243d9b6cfc01bf918e58e4193

SHA256
0cb290d849c91810e333b6f46d6f9697cef94c637247f5a65961232c14db657f

SHA512
43cba371ee5bbb55dacb01b2ca481a685164a9708ceee2a3206a072e2f39f8d6e9b7f2bd511f947c7903e2d5f8875abfac1938e5a8ad81bbb6688002c01915a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
be93e696e5126b610af9e3bb6dad38a7

SHA1
32a668adba8dc47014d620cb209318a2785299a4

SHA256
076179ba63b10b54a0b1e8a4f6f666fa3153d39a25d88f35c4e075ad77664a65

SHA512
097af0b5b52a87dac8031f98dc53657fefd255e085197dd8180ed521d69595dc5d87a8c69b57db802003165fb05e3e3609e6bc153b250872c6cf14b1a49a8143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Shared Dictionary\db

Filesize
44KB

MD5
491de38f19d0ae501eca7d3d7d69b826

SHA1
2ecf6fcf189ce6d35139daf427a781ca66a1eba9

SHA256
e58156bca5288238d341f5249d3b6c91ab37cef515358953b435339100d0596a

SHA512
232f5df71e8ec35e500ac81aa54a87b3523fe8a32168096a2a76f08e5c7868100b3cdc5155786ead489aac440beee3f84ffa43d226a5b709c66012923b20c696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
8c38784f4a1a17866a7ad3408fde94f1

SHA1
1b25f4f863b0f792e676ce5998bd28b85acb5c55

SHA256
d1cc4febf71adf076e9324e21273c60f695c7a893065eae067bdb871a19b0def

SHA512
5944e77f79e0fb10192db49cb3918262ad34ac17e969eb624e1a9faf585fc49228c57e74dff90fa667df60582d8b448db0c2eb0b369126be639734734d0ea0e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
04c14531cabc91449267930141c355b9

SHA1
96025f370fcad8de2de634680ff2fb0709abf26b

SHA256
e936afa56c6bf55c1817fe6d2e83c998648ab1596ef1539911fb1a8dc7fbdfc4

SHA512
6a86f7e44721037f7f727afccffc4ea566994059d1c8a7c6f4e15e6d1fe7689dc8d9d73153ad87543f1314e2c448ef22ad71f7c8c8c2cb082bf9c3a035e7de80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
63b7440a7e536b84b71f2fc72473055f

SHA1
9925628dcd19d6962421703a3956a2389799c917

SHA256
1c6d6233d957a7273700453a2fe352dba78f1d288db06580fef1dbf44b121b75

SHA512
65e46fc23aaa3bac05929f3674210640155993c1d2a2220ff3464defeac9eb1cc714cce5a4ddf607a327ad9091fc166d249fd2b607b38c21c999f1027537e17c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Visited Links

Filesize
128KB

MD5
0867043aaec2de23cb615f7c9d417de0

SHA1
977dc15dc42257dc2990e6c84e867817f13a4486

SHA256
218e5af44c2758d6a3b1b32e70cc1bdbab2f417a433b62ae317314821d7843c7

SHA512
d073d08cf5819c4462928897962eb0f5e4f8d8e663c7982609d435bc06de8824cf7b5b35f5b6cca94fe55096f21334887aecab51d3e243a07a3640fd8074db86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Web Applications\Temp\scoped_dir1648_161375155\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Default\Web Data

Filesize
114KB

MD5
a1eeb9d95adbb08fa316226b55e4f278

SHA1
b36e8529ac3f2907750b4fea7037b147fe1061a6

SHA256
2281f98b872ab5ad2d83a055f3802cbac4839f96584d27ea1fc3060428760ba7

SHA512
f26de5333cf4eaa19deb836db18a4303a8897bf88bf98bb78c6a6800badbaa7ab6aeb6444bbbe0e972a5332670bdbb474565da351f3b912449917be21af0afb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Local State

Filesize
116KB

MD5
d454a4d367b600614084e364a8de3acb

SHA1
09488f5839e7a6bf2c09ccfce2cfd2835c80308e

SHA256
38e91c4350e4188015a916a3598ada3e8b068d53a8a8d6adcdb9497d36e2ead3

SHA512
78f1f408868e5ad380444b2ee61d65497a962accc338248ad4dcb28a6bbad1823d418cd51af40e1716012f2e735e28de40d53d043bebefd8614938aa7e7a8c64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Local State

Filesize
116KB

MD5
593d573f15cac9f6874d69470fec9063

SHA1
39d15906cb20ee4934275b27ba2b323255ac139d

SHA256
b16e50b0d35a3400fac259c12587e0e3dd979b945394c4d37e296e0b746572b9

SHA512
4131a55567a2d00ebd085705e683087a34c6aaf5db2e35a5e4d505d868b78d130fcbb46025a28add9f1e0c2d401a357642604dd0b3ffbd8969937966b13768e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\ShaderCache\index

Filesize
256KB

MD5
f4bf9648a984cf60f4a8cb9054eb1635

SHA1
a19f939b5dc791bf823920e372254040caefc9e4

SHA256
993ee6e7e7ab209faa04c0d833f2558c181bfa79dedc4271e96d59d948808347

SHA512
e5ebd415b604687b3a50945e6fd7b651eaa4090bd65eb6ac0c5bd082e53979466e1bd1fec3ef03c0718ead9b11a1a9182c5f982c08ac99694ef93147d0f135a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\LiteYoutube_1511\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
3979944f99b92e44fa4b7dbcb6ee91c2

SHA1
df2161c70a820fe43801320f1c25182f891261a4

SHA256
001d755b2b560945440023bf4ebfbda797cf5106419ac7dd270924b322f3ecf3

SHA512
358e6dee698a63c2490c2fb5206516766fd8ace8f3d523509c29ff76aa6a984cb6381468f15bb4b9c084d9a470298b4cc11b0970e671ce0316243069ac4c8590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8c1281dfee33961c7e935d8fbd173b5

SHA1
4cb26330775227a9e4766346279bfeecbca9180a

SHA256
bb33992ea771cdf1e2c2c0de4b7548526082de822e47f58b99d450af014b2271

SHA512
ac4d7ab62eed2a5ae66a0f1947aaef5d7ad542dcaec71fd07f0a7388fec85ae220bcc1953a75810ac7a9508e48e67593e7b89d730a47a9e74efb404f23b95fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81459353c8f13c1b3d3ecd35f1e72841

SHA1
2cc752c48dadb53fea53ffac11834eff132070d9

SHA256
295c38dc1dbfef3895ba5ff9bd6353b2361b585c5bfe97add784548c37067db8

SHA512
77c4924c0cf3a5c150d4fdc6ae7092c73dbe1647f845637fef2c2295e6cfde19cc012428c61ae141b5f73cc45fd4aa22bc4b62bdaa5ee0b9f8259fc044d0d256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4049cbf79a4c98bc790d4e3a962fe9e2

SHA1
4e55f0080d67e673c58a300abd1386bba7cc6266

SHA256
a409d67c29c1323c0c9a894632779957fa7a2d698752521a1d8688093b731d7a

SHA512
5e7e8242bc4aac3ae4f6fe553924aa760c4effb6fef39bb6defbdff855575095760811e8562da2704bd784efbd2705a023b874c646349567cfaa43869f30477a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WebDriver2.exe

Filesize
8.8MB

MD5
15c1981ffdccd14f14cc6441e9154956

SHA1
39d3b6bee5450d82d096ad7bdf4244fcb7b1eb81

SHA256
0f8a8342841ea814cda72369e1b48284d469c98f7d743f446e8ce81b37e961ff

SHA512
5a18321306df7cca1b8a7f4d94dbee7ca8186bb946ae2d4120bb602f7046d5200d004a7633e2391af3979d9d1b411edf87ca57ba6da7be6817e146d0653fbc87

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4dnd1xsa.dbi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\chromedriver2.exe

Filesize
17.0MB

MD5
c4a6e5a66a77a0b11c04c740c6fc6f77

SHA1
2e5050c50d3a8e9f376f0ae9394cf265ed3dcf06

SHA256
8721b9b49b44b3f034d1d2f609d52f1fc09475d1cc6ced4f4e8f521c1d84f33f

SHA512
472c5a3c71e36c3af671f8f7c57a8338b519eb17c39d0737bd5d3fe864015bd18542757fd46d7d9f495385e744991da998b292fff4ed01d4f9ca6c959fd9f832

Download Submit
C:\Users\Admin\AppData\Local\Temp\pedtrm.exe

Filesize
5KB

MD5
a935a6bef40cd45cac42da267be89cf7

SHA1
3a861c7dd590ef58b5d14d0d7f614cc05d4f9446

SHA256
3e2b0853a60dbe619179aca70b5c560cc81bb1bff1fb9eb18c92442ffb5f7646

SHA512
facc4774bad84df1bc84e2f60531482d93496cf250979168368dcdae8f68164beaff93901776ad1da366653c9b55e686ba41db3ae85c49f08178168c65cb1ce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp24E8.tmp.exe

Filesize
1.4MB

MD5
d53cbe20ab628a9619459367ba42ae5c

SHA1
22a66b3eecf462519abc249bda2e4b28439fc639

SHA256
a2405a789ade187fe954ae0e9c82fb97ccfbd306bf5b1591e2b8a29e0555ea4b

SHA512
ca02bf41e682cc526aeff93d7527812b9903bc61296170ca313939fe7e7daf4ea6dffc81daeac137c6d6d651a7d98ee60408053415bcdd1b662dad4f4a11eca8

Download Submit
memory/1436-2337-0x00000000069B0000-0x0000000006A9E000-memory.dmp

Filesize
952KB

Download
memory/1436-2338-0x0000000006E30000-0x0000000006E3A000-memory.dmp

Filesize
40KB

Download
memory/1436-2339-0x0000000007380000-0x000000000746A000-memory.dmp

Filesize
936KB

Download
memory/1436-2306-0x00000000057C0000-0x0000000005DD8000-memory.dmp

Filesize
6.1MB

Download
memory/1436-2349-0x0000000007ED0000-0x0000000007FC8000-memory.dmp

Filesize
992KB

Download
memory/1436-2305-0x0000000005080000-0x000000000513C000-memory.dmp

Filesize
752KB

Download
memory/1436-2304-0x0000000005060000-0x0000000005068000-memory.dmp

Filesize
32KB

Download
memory/1436-2303-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/1436-2705-0x0000000008CC0000-0x0000000009590000-memory.dmp

Filesize
8.8MB

Download
memory/1436-2711-0x00000000086E0000-0x0000000008A34000-memory.dmp

Filesize
3.3MB

Download
memory/3632-2273-0x0000000007850000-0x000000000786A000-memory.dmp

Filesize
104KB

Download
memory/3632-2257-0x0000000005940000-0x0000000005F68000-memory.dmp

Filesize
6.2MB

Download
memory/3632-2272-0x00000000078C0000-0x0000000007956000-memory.dmp

Filesize
600KB

Download
memory/3632-2274-0x0000000007980000-0x00000000079A2000-memory.dmp

Filesize
136KB

Download
memory/3632-2270-0x00000000067B0000-0x00000000067CE000-memory.dmp

Filesize
120KB

Download
memory/3632-2271-0x0000000006800000-0x000000000684C000-memory.dmp

Filesize
304KB

Download
memory/3632-2269-0x00000000061C0000-0x0000000006514000-memory.dmp

Filesize
3.3MB

Download
memory/3632-2259-0x00000000060C0000-0x0000000006126000-memory.dmp

Filesize
408KB

Download
memory/3632-2258-0x0000000006020000-0x0000000006042000-memory.dmp

Filesize
136KB

Download
memory/3632-2256-0x0000000005240000-0x0000000005276000-memory.dmp

Filesize
216KB

Download
memory/4236-2230-0x0000000005810000-0x00000000058C4000-memory.dmp

Filesize
720KB

Download
memory/4236-1154-0x0000000005590000-0x00000000056D0000-memory.dmp

Filesize
1.2MB

Download
memory/4236-1153-0x0000000000B60000-0x0000000000CD0000-memory.dmp

Filesize
1.4MB

Download
memory/4508-1138-0x00000000003A0000-0x00000000003A8000-memory.dmp

Filesize
32KB

Download
memory/4508-1155-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4508-1140-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4508-1139-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-39-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-15-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-1-0x0000000000100000-0x0000000000248000-memory.dmp

Filesize
1.3MB

Download
memory/4728-2-0x0000000004C40000-0x0000000004D28000-memory.dmp

Filesize
928KB

Download
memory/4728-3-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-1122-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-4-0x00000000053A0000-0x0000000005944000-memory.dmp

Filesize
5.6MB

Download
memory/4728-5-0x0000000004DF0000-0x0000000004E82000-memory.dmp

Filesize
584KB

Download
memory/4728-1116-0x0000000004FE0000-0x0000000005034000-memory.dmp

Filesize
336KB

Download
memory/4728-1115-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-1110-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-1114-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-1105-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-1099-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-1090-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-1093-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-1087-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-1082-0x0000000004F40000-0x0000000004F8C000-memory.dmp

Filesize
304KB

Download
memory/4728-1081-0x0000000004EE0000-0x0000000004F3A000-memory.dmp

Filesize
360KB

Download
memory/4728-1080-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/4728-6-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-7-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-9-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-25-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-31-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-41-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-43-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-51-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-13-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-11-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-17-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-21-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-23-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-27-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-29-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-33-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-35-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-37-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-0-0x00000000747EE000-0x00000000747EF000-memory.dmp

Filesize
4KB

Download
memory/4728-45-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-47-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-49-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-54-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-67-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-69-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-57-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-59-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-61-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-63-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-65-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-55-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/4728-19-0x0000000004C40000-0x0000000004D22000-memory.dmp

Filesize
904KB

Download
memory/5000-1126-0x0000000006220000-0x0000000006286000-memory.dmp

Filesize
408KB

Download
memory/5000-1120-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/5000-1121-0x0000000005860000-0x00000000058FC000-memory.dmp

Filesize
624KB

Download
memory/5000-1123-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/5000-1124-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download
memory/5000-1125-0x00000000747E0000-0x0000000074F90000-memory.dmp

Filesize
7.7MB

Download