hxxps://mega[.]nz/file/FCxAjbJQ#4uTFkJCnbQ_aXMkoaId8cKQWso9VvB1BXQP-HEfMFxM

Resubmissions

20-03-2023 19:34

230320-x94phafb22 7

20-03-2023 19:32

230320-x84m4sfa95 1

20-03-2023 19:29

230320-x69rcaha5w 1

Analysis

max time kernel
264s
max time network
263s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2023 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/FCxAjbJQ#4uTFkJCnbQ_aXMkoaId8cKQWso9VvB1BXQP-HEfMFxM

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038a9e23718fe574b84afdc36f043bb4c00000000020000000000106600000001000020000000740ad5b8060041038ae3e330f53dbe74096d0f1992f38173d6049a8072634e12000000000e8000000002000020000000297ad4cd3fb677c8dfeee99374c9b5b3480ac4c39e1b7936e3db8dbf112bc93b2000000076784c78fe730d97365a0f243f4595d06eb84f0e8707e4fe526dacede134a170400000004ba92654bbd47c952bf107370be47fd56e0af9810816beeb417057d8ce8088e4e1c0548955753088af6cd43a9a9109b21bad78fbcbddb6e99a3a921f5ec38eba	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{92606FC0-C75E-11ED-9F77-5A0CB913B9C1} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31021931"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038a9e23718fe574b84afdc36f043bb4c000000000200000000001066000000010000200000003af36326cb4708fb536b79a72bd592a4d257250181ada2c8abfbbd6249e1177c000000000e8000000002000020000000c715e8d04b712541a4371a84ff79caab53e1cd18ef7cdea9695f6d08158c1e0220000000532cf182de83a29826c2d55fbce884b412a7ce88c2e19f64ceab367b032c9e1340000000ca73409f56ebb959e9d83993e198be63a63d84e426db9a64668d36471843b4c42160d5b6f567f16653d8c367adde6ea7116304e1176877a4e3ccb43a0e3941f1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31021931"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1733440507"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0c5b7696b5bd901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1733440507"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0ffca696b5bd901	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238180726866876"	chrome.exe

Modifies registry class 55 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000dc9196c96b45d9019a7a47ba7545d90135ca169f6b5bd90114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: 33	1296	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1296	AUDIODG.EXE
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2256	iexplore.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2256	iexplore.exe
2256	iexplore.exe
3752	IEXPLORE.EXE
3752	IEXPLORE.EXE
3948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3752	2256	iexplore.exe	86
PID 2256 wrote to memory of 3752	2256	iexplore.exe	86
PID 2256 wrote to memory of 3752	2256	iexplore.exe	86
PID 4980 wrote to memory of 1996	4980	chrome.exe	93
PID 4980 wrote to memory of 1996	4980	chrome.exe	93
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 3716	4980	chrome.exe	96
PID 4980 wrote to memory of 1208	4980	chrome.exe	97
PID 4980 wrote to memory of 1208	4980	chrome.exe	97
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98
PID 4980 wrote to memory of 4928	4980	chrome.exe	98

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://mega.nz/file/FCxAjbJQ#4uTFkJCnbQ_aXMkoaId8cKQWso9VvB1BXQP-HEfMFxM
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2ba9758,0x7ffca2ba9768,0x7ffca2ba9778
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:2
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3332 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3872 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5160 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5052 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3268 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3288 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5488 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5648 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5852 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5980 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6108 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5036 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5976 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6048 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5960 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6416 --field-trial-handle=1824,i,3508166472291995910,9499866854911992652,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:400

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1296

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA0DD85E901D89002FA8FFC866BB1C3

Filesize
503B

MD5
2f16891b08dbf484f635f85b82b5ce92

SHA1
59f57746f96877534cf2fd325e2611852ee63f54

SHA256
9c485914cc784c3f1068012f7829ce867d8896afac3cabfef0e3cc4d471cde9f

SHA512
b25eeaec44af096583d629a4fbee45be51d92628a2853c249b56ef17e7f50e1005a804e776bf32f9fc33c2157df1e7fe153ab02ea7a04d9284681448efd677b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
e7e1c60c1f41aa1447f90895b0dcafe7

SHA1
505202e6165ced82c974cafa0396961b66da8c07

SHA256
d8654c3a202c771b5bcb822af64ce1ad61431da21e962a4d6989b2f24dbc7b49

SHA512
24665ca7b4dfd8c340dcc3b9d6464a75e524b44f388c7e31ef309f6c3364edb1f6ec352a0749e52084d09639ee28d7b981b73141ad3fab8d63f021dca8d06d5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA0DD85E901D89002FA8FFC866BB1C3

Filesize
548B

MD5
339922a34692f19dd3f668222e4f9466

SHA1
6af638b4192f52d644860ab9f465fda0fe138105

SHA256
18a9018aa273a351b528fc59c20ff99a90e6b6729b405ceb735030057dda9c8e

SHA512
0a012619e2ae20fec73e89edc3e7f84395036c17d81db065dec4c35cb03f8b923651082ae595b4925584d42a8eecb6d80c88df02ca2f2cefac3252bad338fb97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
160KB

MD5
f22f07ee02fbeed3958345c90b52b818

SHA1
2aa44ea19d580589c06c2170103b4d0505e18cdb

SHA256
dc1eadf37f70bef92766d0c316d1da7af283b84e5c309a4732d8ed35d7bbfb84

SHA512
8473f7cef3e9289f355047689f5a2b82aafc49501c65f118e5b0632a6a690e542eeae45644e77fa5b869df17b05ed138b4183cc93364935b1fa7d89e32fe5d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c01549993c1e596ffad403a882fa4c94

SHA1
1e4625f9fc9664b2745d42a8f3564f4c763c05b7

SHA256
f420922ef57813c1d88a9ad7e9e1f987c361f5a4e57bc924822e883eb89f0afc

SHA512
a110291de7c59bb9d8ca1a9ce05a6cd1ff4e7c957182857c1bc6f1584584a21fde37e242f238d7bfc4645d9930869ee1ecd00a23360b0100bf1111d6da3f1539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9f76f6f4ba6e21ed54cce9b448eba3fe

SHA1
3e8464d256ad214208da365a0c126ba439c05f6f

SHA256
d1a1a7ce82788b9e6b6b6c5c314862974cc10f17f296feb58cef5e16ffd28611

SHA512
8df8f609c5caa372443d22d832dd1910e6f07ddaaa775ee422c10b035d83671b2612ecddb15c32fe2c5c139d9c100a0c353e35ec56c27cc9d51b9982b7f76367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
f9ef5ccd74e98d68b2d5ee8442611502

SHA1
171958d962c8869d5c6767f8765dfc1db34edf41

SHA256
8d6e18c6a0debd07c94e1a429f7e374f8eac8b45aacb044ba6cadfd32eedf5dd

SHA512
3fc70934fe1cc820ff6e0c5e8963c02619212193a623e612319d6431db13d49981fa7609c2620d2f8cae5f3b032f3b4a9d394f2170d587b408454d2954684c20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000

Filesize
1.9MB

MD5
5e243cfa20ae2dc759623483557ab9e3

SHA1
37f422dd0a9456c772dde7cbaca0499e8fee3641

SHA256
f9b054c94772f26c5a4c3e0fbb659b4182373961ba78e25aaee8818d33b760e4

SHA512
b96c0eceeb6e3f161b9e6eec1a588a29549ef825eeb069e6241a0c2018d3c2cb8eb29b6f23c6dbc0941d1a692160a08f410f7e908b216acccea6f2a2c381eb38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

Filesize
58KB

MD5
c69ad8bda3949270f78f6005eebc6159

SHA1
ab3a65921207998ffc9e87a09b5f87e0bced53bd

SHA256
4b2f65f750330e2d2db1cb553551df35e66d89fbf335201a3363a6b24aa06261

SHA512
f38e33dcd5368d42dc89bcea8fac01a5603672060fae55339bf9eebab1b32371926ac7ccc9f4fc6179b856ff372b7c5ee66fb92c00d9f89cb93a475be912ebde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
98ff86b183f6fac22d3c7d24cae0cb78

SHA1
b081f9d1603413d481123463681530d2658bbd0f

SHA256
cfbf0a37c3ba0b8daa74ad9571b9ba3b8f5a3ff5e5909c6bcbc81d2f574f9c78

SHA512
7481ede251b285ec2dc2abad0c2d8c5693060f60f46b9a34fdd16824b5634abc4fd35d67dcdb9811baf87f0dbe7b3fcc5d5d2c28840c32864514c27b44a8d166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
1bf5cf134c684b70b8f7f8e2bf412587

SHA1
de5d1105a8cbf74e6bf584549fdb219adf7a8f16

SHA256
a60a98958718a1f2c07cc46cbf417140fcde6a442510c5677c458a434a782fd9

SHA512
d839f5af07b593651a8762753f067e7495d1c4cb9b0f08ebd34283d6a15941c6b7d422defc4a3e7445014dc032ce265c85671a8b5586d9c577dc002f135ebd2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
21025ad79ddf40ac89e3f808f606dcfd

SHA1
3b582106462ea62e0cac7a3a3ce80df0748523ae

SHA256
b0f6a02e01ab6b5c45b3ed46d961039f560a2ff97a887e8dc70d4a8cb970ae9d

SHA512
d69ace664ed794ec4eaef06805cfc4d4cdee1a8ac44b18405664943a5504a5eb69e3ba4d2c6ac1be1855b310a31f99e73b13e9efca4ebeca7ca3645846c9d831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
190be2134905201bc5ecf78c1eec9caf

SHA1
5905a5ba2221195b9a8d867f6fcca0ab82928e36

SHA256
5abcad345f9abfbf879d6e825bb84ef1b6feb8fa4c73e7f24972e3cef94dfd11

SHA512
cd430779317dafe16470481f513f850e57c0ecab938c864bf7d0d032ad265eac03a187ad42e26c4dc0f04d7985364de7ed4a285bed5707007a80d6b194886c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
9e08024a9a15eab6cdb529923b2ed3cb

SHA1
1ea3e9b020e3bf961e65a57282c27bded987f465

SHA256
cbab1d7822f7a3fa7a24c2382048012e60e6d4a328c36d76fa7f2e8b71d95f88

SHA512
5159c099978548264c970451658b71a7e92d0505848bc1d0641ecc218b902689535e7663a4ad452ab0bee473a92dc47c7e98ebce87537c2d47427badd0f69c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
d468af6973d28dda635f4dbedd553706

SHA1
91876b0d49819d6e5dc9138a627d388cf1abb2bb

SHA256
e03dd3703c56e4d5e1b282262e700866b4c34c9ba22334a1abfd642410fcac5c

SHA512
b184aacb4f953cfde41a67c8fac9f08244a07d7bd9afcd6c0e01efdaa16b9265a16afbe83afbe0d6a6d876d750380f356f3eaddabb3fc2af0e6d4a4327480cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
bc4fbed99d3bc4f1722759f910d85971

SHA1
04b70e8b0de37e74ead757ef96f5607a3e8bee6e

SHA256
d23549f6f3c8f2fcf247d67415fdb9d05ae8bf7ac2ea2a9d1e687022dbdd8e7b

SHA512
e0f08cbe129524c3161566c6d21d4e6526de34d5a90366ff29bbd0bba5a861d450243fd9eaf5d04db44b7c5048b17fd44f39245d2edb41493e25737418e7ed66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
27198c1903256716bc74392c2f0a3628

SHA1
3eba87563d0c8e5764273c90951cea349e3beeff

SHA256
e92e2980b862ff03aff0a5bbdd5b88026cbf603f5aa224f574f98376d35e750d

SHA512
1cc1ea908643ad2866bbc6379a45dcfa871e9c3c8251263476912e0918ba5f227162e8bad7e71444bf654c98e193dfd4fbdc986e3d5d1257beeb1762d969eeff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe573ebe.TMP

Filesize
333B

MD5
93f47044e71e85606bd6bb9bbe4e343f

SHA1
745d92e3f1c7a72cd863f7f663ce5ee4e287aa02

SHA256
0e00d9764a26c28a14de9e9fa207db9fea02a44f754291b8f410412561d22ad1

SHA512
457d9c34a157b8f1f430357ce43e37ad17e6d74b27830ec2903e973b22c6a774166cebb75d8f99fa181d567beca9a6bb1601725599ce62737d0803d8d8193202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1aa96effa6299bc78ee362f22227a9c3

SHA1
5e36c8606be2adb44b4c78cd90381689e142ea45

SHA256
0d4fc69ddc2313bdc41fd15509c481e02412d60cf304d677bf4d7e5b58767d1b

SHA512
05ee15bff443fb231eff97fab0b24ee8b92c6d9bbbd7eb98272109adf7b5065f83d1d46e3e48fa1934f16fb168a38c26ac91c40457e66566e7e3a51fbe365b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
575121055c49d64708d3ca02bf608ef9

SHA1
a2e7a3b92b4406ea74559cee1eb7fe5026c31009

SHA256
dac3521eb3e5e1e7bf76d459905881843f6764f3cd6bfe6459e91b2485cfe555

SHA512
35bac546a2e0a51bafb310cd0355161075d6c64360c60a88b34810322e4d9516d431c49bfabdbc7ad94f42eed3f4ec3ca45a4bf8006c61002baf384ea05dff48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6fe372ad60b918d35b339ffb648ed09c

SHA1
8ce9858f2b33586e44dafe38a856edb030e1f79e

SHA256
cdf9f00676b1ebfdf27c5501c6cece7bed99f958abc1000c1bbf6a46e2e8f5ce

SHA512
2925dcc3ca8fba807ad4eb9c2638014040817f3ddee2c0d909eaf81222d4a0b326666e4387a851dc2d4a02c2859b760bafd6064b6e3fdea2f08c9d4c2e634226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
e80a0836f8436ace1451bace15dad136

SHA1
6eec164cb6dfb92e06afdd522083bbf221d57582

SHA256
74643cc72a2011f0d35e1678675837a7fc3f57046f3d6a0a84e97f507ab4d86f

SHA512
bc4fe3f54580a0557b90dc24c3b2daf00384491222ab76c13a56815dad4f6a337adb4d1014893822709efed9484859539f15ad9bb207d73d58d1f83ccb876920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
3e7f1d09a565dfd093dafbbd1d843ef3

SHA1
802186b8c288807c737036d6668daee1c0bd219c

SHA256
c70ea3936d546876085fc7eb56347a6027ff4b47db183b7c852ffc23a392c503

SHA512
8004628e541887f924195cdbe56ebd10dadec93a40e859b2ca860e141531fd67997f27ecce62f01c4186438374c112a196f896e070c7d1e3037b53c35e317645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
0d501eb7f491914850a6262b1f1d98ca

SHA1
894159f36567ba9913c509234d9f51b04b9279a5

SHA256
495407dc576bb0b3696aa8817f3e7452e69573304f397c7fbcfbbff57407ae06

SHA512
b6f3b928fb1f67d767a2a92bebeac742a96d8c5804d443e869686ad085f09a0b087dec0955457672000280a16116a378214cb9522edfb3cda93f5eae569c8b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2ef985a280e98feb9130dc680e3ebcad

SHA1
c0091fffdb5a04041dbd96464b7a6dbe983640f4

SHA256
758f68603b31e5b52990754347c1809b8f615157126cf4f82a0a4c60f4dd085c

SHA512
86f939a2e7b568a23a38a6ed0bcb38c3e46dbc723403c5e1c7d1ea29209e19033681459b074634549ea0df9022a18d2409a18b9561c866dfb4274aea51d45604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
00bf2209f6432a5f32cf0206dc990338

SHA1
8f4c6f90067563a3961bd97f2a9a55ae9a5b2080

SHA256
09952bad75b89632c275f4e0214ac95ba31fe063da40bddcfca2a014f720b11b

SHA512
d29ace870fbffc1d17e39bb66ae102cc38c8ac290162f72f04f6d32e4ff489ff62e8fb5235c1d899cf9a563f9ab82e8333a21b4a3942d7fad7c0ddafff38e9d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
06f9d09161fc4c7e600589ab5ce16ef2

SHA1
d0f0ed5bba05b707487d4caabe1f5fae294a5be8

SHA256
2909754a3af9c16d7e95fd60e48acefdfc021a4158bda695e43470d51c6bb3d4

SHA512
b6d3191b92369fd1302b4ca38ed221202edb74629f119ecc8da36c01fac4715bd8af04ce1a7bec7aa43e8d656e1f98c33ec90c055fb4a7766f6cf6b0815b96e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
374c129f3849d8be37c677e783ab00ec

SHA1
b1e5cc4a2174410572a629c24f53ed91be17ac13

SHA256
2b095b29eac0e21718adc51f758fe2ce13fb59ffd43263488f561ae9c9774ea6

SHA512
476dcc303393e94a46bf69e0ca1c54f28e4c8c77aba12d9298ccd8bdc68a87fa1a695b25fc66629100bec4c28bb6a882d7089eb354735377d25223cfdae44d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
799ce0d44ac8c9a0450834559deb516f

SHA1
c98ccea116ce978608c8ab7bf0978cd8de0b044e

SHA256
2c7bf6af2313af9db326911551d2ac040bcd7af41e68fa122299799e2d8792cd

SHA512
12ea7f5de891baa4e486ff5e93756eefe482648e560ea6e0c2393c0ae77473e767b9766df7e918b62185f9a6ecc9879cda62b3fc2bfc486a89f60985b3e66d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
07a880b970d742dabbd5adaff6b2471c

SHA1
a7b69080bee4344f6358e6757de3c8e88b418880

SHA256
063d9a1834eb8f3b9e1e99ac120820fbe37ce01661a8fbfeb7667eca91666cb1

SHA512
9728d33ee97a4c06f9f9424a80e809d75213e5ba672de61c04ab2d8bc131e5f8ec14dd246f15f6b345975f482dd769e454abd04968421e37edd38e046ad352eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a95a.TMP

Filesize
48B

MD5
b519b313b3a30e567f577335727e9db0

SHA1
b41c13e1f4c4660d9d92c98022fc9863f0a730f9

SHA256
10c6c0fbc76adf7d8434dc8f937ce9697f44b6a93bc3a67d9f08e1e8d895dbaf

SHA512
24ffbfdccd632ded3e2f82ab131340ddc621939a0a7fdf741f00f5aa050643826dcd9eb5a45bedc9947b975083921ba5a6f023b7f1ef2924a4284699872b4d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
165KB

MD5
4e312c27bf117fb10738a0250302a1e6

SHA1
b27b867f1838224d5d42f49deb907f0ef7cff7b3

SHA256
58a6896be45229ad55eedea57df5d472c7e7442c3e6f88633a2062ad9c6e5c10

SHA512
26d05370275933ccbb5047be047e08726544fda73e8cc532e78dc1f6d1181b7cb037c8701b3b95bf09d3c50eb9b7559cc2ef6cb0668c0beae0655f33ce86f099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
1838755521105bfda943e202e9b9a0cc

SHA1
0affe8ae34b882188ad4161cc6ee6c4559c081de

SHA256
162fbcd4ea5a1843462ca56310d3e8ac9272ec210054d7b0c5dd332a8cd18722

SHA512
7655c11ff5409d6c88d5658c7e769991ba834c454214f78a6667b968db884a0fc131aafa68e4303e200913e7cdd1d2def3409545f5172a4f1a7703737631edae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
58a6e1654e01c71613a2b6ff3c60727b

SHA1
f61fd4d3a46049965044f3fc6229401a4b1a9271

SHA256
af9b547d9f8d1b0bacfddb0e34bcbd43bc141e15ec8f99a8aca3d0e36016dd8c

SHA512
63c7863d7e56f6a51b88429ace1810d58ca0bbd62c090dca9bb7b5d26b7fb2a68544e15bdc3c132c50e62cff873499ac45b9ca9f89c81957ac8bc62606c19fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
673d1891abd5ce475aa6b9930e28d40d

SHA1
19d7fd8d7a03a09c941b21e88408e589b0f20cb3

SHA256
0fbf3e0b2c0ab95389ca447ab3960453117c443b2b46c74bcf59892321476911

SHA512
fe776f9edcb1450fda8eda658467706c93235e8f7ace3f1c42ba6662847802affd9cc48a89ba70ffdad102c5ac490330cfe734a4adfa92df5c42ef58fa8a6c53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
46398ca91b0b59dd2228448571a2bcc3

SHA1
7ee67095fb122f3eaa08b9402ebed18515c5fb18

SHA256
f9b3ffaf8a405c32d3cb792869e6f39afd3f5d043d21a648b5af72500f25f7f9

SHA512
97e2937ede4b5ae07a4672e12ee89d5f70b1a4d2441b5f672055d3026ea9bca317daa6da22213f0716be262aeef1184a757a3b075c7771773908082d397122f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
679d866839b5a5829b53c6ec857327bb

SHA1
397fe09f029780e1081e2bf8aef634954203dd1f

SHA256
21348cf534bec8f675d3697610802855146257871fafa9f88ec2ad9e268abd10

SHA512
8dbea30ae0e6d26769e5298a8763f2d98656fba83a45cc234e6b73ad0f20d8e806cdbd9bc8a36b149a8a640d8f03dc38cc63da36a0a803052855714be61301e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
4352a2b9dfe1b7d1db543a26224dc347

SHA1
0e3efeabe840c696448aa60b43f40aae806fab54

SHA256
841cf262e380d5b5e8ae1b599152117013e580ebe998d0a84cc36d7f7a7bd2a1

SHA512
e8a621d21b59af9b93abea6be07fdc1dfa62ee284becd1c7ee2de6c64380025dfde2e2c4f780e51fa54499d466864301da91490c0683a54ae1a86760b223bc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5717dd.TMP

Filesize
96KB

MD5
f36337fc788384018d99c35a0a8c2c51

SHA1
0e84cdfb506b8500d96f240359fa90d31f39a4a6

SHA256
dabf139d868498a3b87d2bcabd48f6decd4bc09a53b1642fcff4ce7233f9b356

SHA512
8b264552f9cdd31ebe9dd5d1b2ca6d04b232ba97f71cbbc6e54cc579804512db0fd3a062cf78891ab717b1b6b483b9e04c17cd03a651bc53cffb23ecd9b8e3e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\imagestore.dat

Filesize
6KB

MD5
eec9eb60581da26f49b290754c0a98c4

SHA1
3855c377b7d2c0d06a7dbdfc9068d058d7233bb7

SHA256
7c3d355fe485ec9ca808708030b73f96699a802bed49a1bf2fef48aaa552aa47

SHA512
da39100d157ed1220c8e67846a63d77aad61ffdfb32f56b6e73306c4e75d84766d1010be09bbb5ad364ffd43df7378f3f6174a6e8d9058cfdae984d8b61d2747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\favicon[2].ico

Filesize
6KB

MD5
72f13fa5f987ea923a68a818d38fb540

SHA1
f014620d35787fcfdef193c20bb383f5655b9e1e

SHA256
37127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1

SHA512
b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3

Download Submit
C:\Users\Admin\Downloads\horny.craft-0.11.2.apk

Filesize
644.8MB

MD5
0a512cd0bf7350c8449ca4c917f73682

SHA1
702892e9d8502610ef44110adc54317e4ac50028

SHA256
cc8943d4bc640c442d6408f990cbb9b1a24f799adee84b52b056c05dcc9db589

SHA512
80c7d58251bcb3e696e315efa8467e5100d878821f94020d7031bf30072616722abd617d6b1f1d64bed850c6b08e540164fd60fac5fe754f3ff766d5dea6a110

Download Submit