558909412427b05911a02cddfe00fc5e9d30bc38e1ba636d04aa7efb63438ec8

Analysis

max time kernel
121s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Project Buu/READ.txt
Size

64B
MD5

b185b3b82df61c6c8393ab1c5f48452b
SHA1

7a38d650ee36c7ec1d327bfcfbe274399f18ae1f
SHA256

bef6670cac1a35f22749634e9a63fd31b4eb3435b6eb9611cb2ef80f4b798268
SHA512

af82134874be7df3a8e5e64d8d3f31ccdec09f097f234a96ef01632f6de49008b34bb7c10be80a748b40062e17b7777465803da837b6ccca1c85ee2d67fc5be8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133768182338993860"	chrome.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
1692	chrome.exe
1692	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3124	taskmgr.exe
Token: SeSystemProfilePrivilege	3124	taskmgr.exe
Token: SeCreateGlobalPrivilege	3124	taskmgr.exe
Token: 33	3124	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3124	taskmgr.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
3124	taskmgr.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1236	1692	chrome.exe	95
PID 1692 wrote to memory of 1236	1692	chrome.exe	95
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 2648	1692	chrome.exe	96
PID 1692 wrote to memory of 4156	1692	chrome.exe	97
PID 1692 wrote to memory of 4156	1692	chrome.exe	97
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98
PID 1692 wrote to memory of 2792	1692	chrome.exe	98

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Project Buu\READ.txt"
1⤵
PID:4576

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffffae2cc40,0x7ffffae2cc4c,0x7ffffae2cc58
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,5158257074998517431,9290412932963905212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,5158257074998517431,9290412932963905212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,5158257074998517431,9290412932963905212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,5158257074998517431,9290412932963905212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,5158257074998517431,9290412932963905212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,5158257074998517431,9290412932963905212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4908,i,5158257074998517431,9290412932963905212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,5158257074998517431,9290412932963905212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4912,i,5158257074998517431,9290412932963905212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3444,i,5158257074998517431,9290412932963905212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3164

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6e3666b8d27695ed288108c264fd5020

SHA1
88aeb3a2a73f33dbd134e4a56e25f51b14677ba9

SHA256
7bf5df66095121aa8f7b1f250f6ce4c671eb7486c2ba4b7a5bc9316fe5038796

SHA512
af1c454fd80d2233b0480c4fe65fe85a9a9499812651d3921493dd3c3cbf46da14e9176c2d1e6d0d5407b408a3f3407f3f39411c70526ab75626b2f30bf7ddd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
8aa33ee7ac2ecbf02f4d3d12989d5c9c

SHA1
b720e666e2ca3d01674195352e77f51144193c94

SHA256
6c1ad282c05016bbf9a7bcc4f1d780774040c99e1dcd23176ae925d81f0dfa5f

SHA512
d52203afc62f6d4c5f46afd53703aee301a7beeda030bc3b63631c2ea63f2fc14e0cffa5c7a408b3e992a9fbcb8d31161b68c48e22cf928830cf9ee4e80fbbb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2c9bb189f7e2a7d6a904049fbbe8cf31

SHA1
2a7416384313d67cf06d926c4bf3c3b95efe9064

SHA256
a064d472c2b1ad54c8a6644bc520c4f7a16a7c411829487f0eaa99ea0f49ec71

SHA512
19b92c2bcec5e7bb1407ee2715161ad42ca1f28a62078cc96c4bcd312b5c0d33cf4309db34e91e5e872735c5cc586417cd771e91b0eb944830fa82d3d50db6a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2d930daf0fc85fc65f029eb60bf8ce28

SHA1
98650ef0fdccfb588a6980debbcdf1b3ade6d3e2

SHA256
30288c09f59a7824f0ac580bb8a1e5fe9c3494d8952dd75c23c8977ffc8b10a0

SHA512
16d027e647531107749311fa17af3cefb2863ac6dac6e026606d9d753861b7618271d51ca02981dc469f06ee8878d0550ae1a14daec6b656baa4054cd6472530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc8635c6a713f63bcac9a62d91bbab9d

SHA1
c7205745ed7f8201b845467d82d34a54370c24dd

SHA256
c59e162e0119434aa9b86cbdc7c46cc400cf6dc940fb63207b43ec624025c80a

SHA512
c35c148127b8e204136b82cfa77557bbced39d17e4764974d1c58926c96a7009a984e4cd9d8736866f6a26a64155082f668012e1f480afed66a700f0b7038b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c03d4ca34e281b4705148fd031a30493

SHA1
1e17bbc3a3c9390b3a991bd8a813e106a0e975ce

SHA256
963af5cdb19835c909e46415c92ed6bac48ce4e10d7d24fdc622e51dd3c6db2d

SHA512
fdd524831231f653d4a12bc7ef3c2a42493133ff986ddb10dbe09eccbd7a8f4db34c254d1bfd454797d966370b397b198b01a1b2e3c2238f0e1596ac4de51372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9cc066e513064f6e38eb48fd41dbab99

SHA1
f4b261355e96bd03f40389f8d1f2a773348a30a6

SHA256
c01c806e2b0a0400d091e8d2ec36437f4fa00de439d0360e696bdd3313d6ad4a

SHA512
9599971ac0dde99afa9face2b1b53f683fa86e90529f099267b26b25d41b436bf202b3e49bf1291050d765c8193bec1a0911934f98925baf98ad4174d14b3195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
29d2566774187cffa19b7fcac22a7c2e

SHA1
4b3f814cb9d60593d54df215590b29e753604104

SHA256
73590c0c53c29fd5b4bf3cec92604a999b544cee530bf5684c28280167a73552

SHA512
de64ed36de102fb72899a25385291bdb072e2764ba51018f05da6dcb145e9c4324bed1536ec651d2145043d61e1a4341f366d85dcebd00b3bc0de03ded04c81a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
43c368c648a29afcc81452e2b8c6e810

SHA1
97fc075427a820a6dd3b4657ce3a53fd737e5fae

SHA256
a070cab78512e4068529997eee5531633b4e8278eb20cc841790aeb8a982791a

SHA512
10c1f52bc2ab0718064ce1469290559abe9badbd97d6c88e771a84ed6a2cf4ac9b5b19d370610e0f3923286fe9b94e1e84f7661a732e2c2cbae21d8ab1c02620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20a2cb1ac49fd6c910b0489513c21fe0

SHA1
fb36e9588f035755de86abf0e9a9c0a5c1e1ec79

SHA256
84d4cbeac63d834e83ba69ad917e13cca3cc958350e0a5ec13fa33ec0b81ccb4

SHA512
b5d4bbd145b1f78fc95bcc1b1096f43d1338f30a1146116a37203115596e59f6732f6043814699483845a2feaba4cc7bc1855e28dd9984d8a80ab35ec98587c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8a5d775ed65747e95e99001053fc9a7d

SHA1
84d9a1e1d78e3b1649de0b429f0a36c09fa9d898

SHA256
ccb83e00f8282e5a1837185d7fbb3c8138ecad156ce34d2f02e57d478b6f0fa1

SHA512
1475503db861eab6bd83071610d5a7bfae488984507b6452a5e9271438cc5975abe121ec1177f65b81793dbd6505ce1b166c1bfa15039e0d2a81a09eb534881d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
0fbc1ec9c3a88e4bcbb7b1646bc05dad

SHA1
654fa126cc8be86fd0a4aa8d687e0d5eb5fc4d5c

SHA256
aade49dc09f853c71469981c3c064d43920dda1cef5bc681efbedd449a978dbd

SHA512
c4afd3445ea5a8685a1997e935bec3adafd29054d31345b59713e30e82dc788319d7754f95db1eeedfe34326e77dedaa1489ce68f1c863bb90411b5b1c114c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
24b37f29ab2ef6e1dd5c9b141ae75326

SHA1
71edefb6a65847a550b4178153713b506570a4a3

SHA256
c9d06d295eb85e620af6a05642669285a7af23a7791d132d34aa3cbdb60f3d3a

SHA512
46c7aef722b9dd04c1dfc96971decbb1b65b3cb91a2a937b45a21f333282db3c734b12286f2bb5765f2c6134e561d16472c93ebbfdc752584b3e2debdc09a77b

Download Submit
memory/3124-6-0x00000214FC860000-0x00000214FC861000-memory.dmp

Filesize
4KB

Download
memory/3124-7-0x00000214FC860000-0x00000214FC861000-memory.dmp

Filesize
4KB

Download
memory/3124-8-0x00000214FC860000-0x00000214FC861000-memory.dmp

Filesize
4KB

Download
memory/3124-0-0x00000214FC860000-0x00000214FC861000-memory.dmp

Filesize
4KB

Download
memory/3124-10-0x00000214FC860000-0x00000214FC861000-memory.dmp

Filesize
4KB

Download
memory/3124-9-0x00000214FC860000-0x00000214FC861000-memory.dmp

Filesize
4KB

Download
memory/3124-2-0x00000214FC860000-0x00000214FC861000-memory.dmp

Filesize
4KB

Download
memory/3124-11-0x00000214FC860000-0x00000214FC861000-memory.dmp

Filesize
4KB

Download
memory/3124-12-0x00000214FC860000-0x00000214FC861000-memory.dmp

Filesize
4KB

Download
memory/3124-1-0x00000214FC860000-0x00000214FC861000-memory.dmp

Filesize
4KB

Download