hxxps://projectcheats[.]com/

Analysis

max time kernel
2703s
max time network
2331s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
31-03-2023 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://projectcheats.com/

Score

6^/10

bootkit persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Writes to the Master Boot Record (MBR) 1 TTPs 11 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

ProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe
File opened for modification	\??\PhysicalDrive0	ProjectLoader.exe

Drops file in Windows directory 7 IoCs

Processes:

chrome.exeSearchUI.exesvchost.exesvchost.exetaskmgr.exechrome.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	chrome.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	SearchUI.exe
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	chrome.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exeWINWORD.EXEfirefox.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXEchrome.exeSearchUI.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchUI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchUI.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Modifies data under HKEY_USERS 4 IoCs

Processes:

chrome.exesvchost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247557707191317"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe

Modifies registry class 64 IoCs

Processes:

chrome.exefirefox.exeSearchUI.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000a857f4fb5145d9014c79e841f363d9014c79e841f363d90114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.cortana	SearchUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana	SearchUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "6"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\NodeSlot = "10"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "8"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "526"	SearchUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana\ = "364"	SearchUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana	SearchUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "9"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 = 14002e80922b16d365937a46956b92703aca08af0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cortana	SearchUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchUI.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

2104 NOTEPAD.EXE
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

3924 WINWORD.EXE
3924 WINWORD.EXE

pid	process
2104	NOTEPAD.EXE

pid	process
3924	WINWORD.EXE
3924	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeProjectLoader.exe

pid	process
2460	chrome.exe
2460	chrome.exe
3044	chrome.exe
3044	chrome.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe
3228	ProjectLoader.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

chrome.exetaskmgr.exe

pid process

680 chrome.exe
5384 taskmgr.exe
Suspicious behavior: LoadsDriver 10 IoCs

Processes:

pid

4
4
4
4
4
628
4
4
4
4

pid	process
680	chrome.exe
5384	taskmgr.exe

pid
4
4
4
4
4
628
4
4
4
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

Processes:

chrome.exe

pid	process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe
Token: SeShutdownPrivilege	2460	chrome.exe
Token: SeCreatePagefilePrivilege	2460	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe7zG.exe7zG.exefirefox.exetaskmgr.exe

pid	process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
3296	7zG.exe
4016	7zG.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exefirefox.exetaskmgr.exe

pid	process
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe
5384	taskmgr.exe

Suspicious use of SetWindowsHookEx 55 IoCs

Processes:

ProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeProjectLoader.exechrome.exeProjectLoader.exeProjectLoader.exeProjectLoader.exeSearchUI.exeWINWORD.EXEfirefox.exe

pid	process
3228	ProjectLoader.exe
3228	ProjectLoader.exe
1088	ProjectLoader.exe
1088	ProjectLoader.exe
1432	ProjectLoader.exe
1432	ProjectLoader.exe
4076	ProjectLoader.exe
4076	ProjectLoader.exe
4728	ProjectLoader.exe
4728	ProjectLoader.exe
3196	ProjectLoader.exe
3196	ProjectLoader.exe
5092	ProjectLoader.exe
5092	ProjectLoader.exe
3316	ProjectLoader.exe
3316	ProjectLoader.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
680	chrome.exe
816	ProjectLoader.exe
816	ProjectLoader.exe
3364	ProjectLoader.exe
3364	ProjectLoader.exe
1880	ProjectLoader.exe
1880	ProjectLoader.exe
1564	SearchUI.exe
3924	WINWORD.EXE
3924	WINWORD.EXE
3924	WINWORD.EXE
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe
1780	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2460 wrote to memory of 2496	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 2496	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 4080	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 1460	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 1460	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe
PID 2460 wrote to memory of 3580	2460	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://projectcheats.com/
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa03d49758,0x7ffa03d49768,0x7ffa03d49778
2⤵
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:2
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4756 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4932 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5604 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5772 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:4372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2492 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=848 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4488 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2496 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1600 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4904 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=688 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5720 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2504 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2128 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6472 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:4708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6620 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6728 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5212 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6528 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6496 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2628 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6904 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6504 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6364 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=920 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6896 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=2500 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6608 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:8
2⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6644 --field-trial-handle=1728,i,8374325046131797549,16175960241294627818,131072 /prefetch:1
2⤵
PID:168

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a8
1⤵
PID:4608

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Temp1_ProjectLoader.zip\ProjectLoader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_ProjectLoader.zip\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3228

C:\Users\Admin\Desktop\New folder\ProjectLoader.exe
"C:\Users\Admin\Desktop\New folder\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\Desktop\New folder\ProjectLoader.exe
"C:\Users\Admin\Desktop\New folder\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\New folder\" -an -ai#7zMap28636:106:7zEvent27944
1⤵
- Suspicious use of FindShellTrayWindow
PID:3296

C:\Users\Admin\Desktop\New folder\ProjectLoader.exe
"C:\Users\Admin\Desktop\New folder\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4076

C:\Users\Admin\Desktop\New folder\ProjectLoader.exe
"C:\Users\Admin\Desktop\New folder\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4728

C:\Users\Admin\Desktop\New folder\ProjectLoader.exe
"C:\Users\Admin\Desktop\New folder\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:3196

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\New folder\ProjectLoader\" -ad -an -ai#7zMap24880:106:7zEvent28859
1⤵
- Suspicious use of FindShellTrayWindow
PID:4016

C:\Users\Admin\Desktop\New folder\ProjectLoader.exe
"C:\Users\Admin\Desktop\New folder\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:5092

C:\Users\Admin\Desktop\New folder\ProjectLoader.exe
"C:\Users\Admin\Desktop\New folder\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:3316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:5044

C:\Users\Admin\Desktop\New folder\ProjectLoader.exe
"C:\Users\Admin\Desktop\New folder\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:816

C:\Users\Admin\Desktop\New folder\ProjectLoader.exe
"C:\Users\Admin\Desktop\New folder\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:3364

C:\Users\Admin\Desktop\New folder\ProjectLoader.exe
"C:\Users\Admin\Desktop\New folder\ProjectLoader.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8
1⤵
PID:3944

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\download.htm
1⤵
- Opens file in notepad (likely ransom note)
PID:2104

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.0.1861374320\2047488293" -parentBuildID 20221007134813 -prefsHandle 1652 -prefMapHandle 1644 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {930b663b-af02-49c1-a7de-9ea378200ae2} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 1732 2b792f19b58 gpu
3⤵
PID:3696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.1.1894716557\493162576" -parentBuildID 20221007134813 -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a51645b-c763-4495-8619-a397f4ec3f14} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 2088 2b78686f858 socket
3⤵
- Checks processor information in registry
PID:2548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.2.1944845059\443274371" -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 2992 -prefsLen 21117 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {930eaede-1110-46f3-8bfe-f116a690b2ee} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 2684 2b795cd3b58 tab
3⤵
PID:4960

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.3.325673162\1453642552" -childID 2 -isForBrowser -prefsHandle 3176 -prefMapHandle 3340 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {621fcdcc-b722-49e4-a6ef-d500e013eee1} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 2236 2b795e55858 tab
3⤵
PID:3916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.4.1794273706\42756977" -childID 3 -isForBrowser -prefsHandle 1044 -prefMapHandle 3496 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b29b0b3f-8425-458e-bf0e-e75036a4eab9} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 3504 2b796e10658 tab
3⤵
PID:4380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.6.841519057\498414672" -childID 5 -isForBrowser -prefsHandle 4652 -prefMapHandle 4664 -prefsLen 26700 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2ff4545-3bb5-4c59-96ba-5a1644363ffc} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 4836 2b798477c58 tab
3⤵
PID:4108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.5.1103575760\1060210025" -childID 4 -isForBrowser -prefsHandle 4412 -prefMapHandle 4708 -prefsLen 26700 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f51935d3-2098-4a6c-93a9-56da13eb8d96} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 4688 2b798476758 tab
3⤵
PID:748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.7.962068769\1481701899" -childID 6 -isForBrowser -prefsHandle 5100 -prefMapHandle 4820 -prefsLen 26700 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b24cf981-7757-45a1-acd0-14f6fe792986} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 5004 2b7985d3c58 tab
3⤵
PID:1540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.8.1649377844\630284533" -childID 7 -isForBrowser -prefsHandle 4368 -prefMapHandle 4508 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2608a61d-bc27-42ab-8ba3-6af54bc8da34} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 3052 2b791c10758 tab
3⤵
PID:1972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.9.518217347\1948846549" -childID 8 -isForBrowser -prefsHandle 5328 -prefMapHandle 5124 -prefsLen 27374 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b46c439-b02d-487c-9118-61afd9c0e18e} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 5256 2b78685cd58 tab
3⤵
PID:4140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.10.1645080522\1134761733" -childID 9 -isForBrowser -prefsHandle 4720 -prefMapHandle 3956 -prefsLen 27374 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34454259-4d01-4812-ad89-420e8720ddd4} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 2224 2b7964b2a58 tab
3⤵
PID:4020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.11.729616638\836914205" -childID 10 -isForBrowser -prefsHandle 3336 -prefMapHandle 4220 -prefsLen 27383 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed29b43b-589b-4516-bfe5-197390bc9fc0} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 4588 2b797804458 tab
3⤵
PID:1120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.12.228886378\1126875255" -childID 11 -isForBrowser -prefsHandle 5876 -prefMapHandle 6016 -prefsLen 27383 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a9b6811-d870-4db0-aae8-e17bde84b4f5} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 5148 2b786865958 tab
3⤵
PID:2648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.13.179937453\1075535280" -childID 12 -isForBrowser -prefsHandle 4824 -prefMapHandle 3212 -prefsLen 27975 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aead3ae1-5aec-4d50-ad81-c2a023a1f1a4} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 4812 2b786864458 tab
3⤵
PID:1304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.14.1163096663\1318040794" -childID 13 -isForBrowser -prefsHandle 5380 -prefMapHandle 6080 -prefsLen 28234 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be1971d2-8a27-4c81-a1eb-d33b7e3783a4} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 4432 2b799f5d858 tab
3⤵
PID:1620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.15.99644552\344596979" -childID 14 -isForBrowser -prefsHandle 4496 -prefMapHandle 3108 -prefsLen 28243 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40ce441c-6903-4e2e-bc9a-7c5346f08a69} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 5316 2b799fa6a58 tab
3⤵
PID:5144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1780.16.1469369994\2064544172" -childID 15 -isForBrowser -prefsHandle 5912 -prefMapHandle 5904 -prefsLen 28243 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64aa43be-13dd-4b45-acd2-f019ba043c98} 1780 "\\.\pipe\gecko-crash-server-pipe.1780" 4288 2b79931b858 tab
3⤵
PID:2200

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" display.dll,ShowAdapterSettings 0
1⤵
PID:4304

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:2912

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:2732

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:3692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:2604

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
PID:1352

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:4408

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:4956

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5384

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
1KB

MD5
5c3fca191ecdf2682d54b2b500947607

SHA1
61dede4dc0807e2d21fd1ab1b73340442b8d12f4

SHA256
a4bed846a940c16625413ec13e9abfdab8f38f703599381cec7271b21c495360

SHA512
6665d71274e2a6be56976d4d4e95a2a7174fdce600918a483d5d794a60e58c6e63cfc19bbd001b2bf369fed400202aeff34fec8c6a2f4c666813d306e2d402c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
408B

MD5
50b4298f004e60db2de3f04f839f6cf0

SHA1
e3831975ff110b23a3c6329cb77c79eabc006afb

SHA256
b3bfc66d613a08146f6b482a993a256b6ecb7065730aa95097921f7e1bd9b26e

SHA512
2613ab14b1ff4c8af082bf9a50e53579db6cfed42d895bd7fa026c9ada28fdcbda3cc1e49acb87fc02fb6d115ec4c1461cef37398d0b4b1cfc55c27b94e5d350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
5a8ecfb2661ff9e15e20f4efc7baa704

SHA1
2dda545f20156c55351e70c38234c2a2f5d559f9

SHA256
74417d0527faf935f9199a51acf01f09f7151db5ef3bb3856ee8483febf407a2

SHA512
22ce9cb31df4c2c1309e0c8f7fee386b61bfe209ae1cf3fd4ffb711bd6dedbbe5edfb7c5285162b629a30aacccf92229801d2fe748145f12322fd4076e56bbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
29KB

MD5
88ee3771c78a1b711b6204fee0562628

SHA1
4e6a2c1d4dc4a4dac895fe700fa0dc7db921e15f

SHA256
a25a3c0b4fd184f4387a72725f789b1c9b6c9f8a0efd552e83b58e08aa628edc

SHA512
a3276f327249519b6ac044e1e04aede27c35b4497cdb238e8844cc393b08fb289880257ca17a5a007a3113b1db682bdaf8b3fb3bbfd5e648055f72e03b7ef40f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
43KB

MD5
31f428fbda5e3befa9786106149ac37f

SHA1
a8b97587c28c73a6d57878a31ce537f590501bdc

SHA256
a4c6127fa24f68219a8f12ec742c021f46114de5c84149aacf8544c8ee434cc1

SHA512
d7b9a7006425f572d8f076e9536819e8a81bfa8866334691b2238a0bad14e01954a95ed71b221a954cedc8ab543ee7af20b730abbec7a025181361689373a732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
38KB

MD5
8b728f4b75082f06db23924f0ac781c4

SHA1
6eab22fd340fe970c63a68536e927d2c0007570f

SHA256
001fa3f16da63052b2e86393aa0de8a09a65ca3714d1ebc7854739103303f6dd

SHA512
5a52a57de74f033cb089c9a6e9ada69e3e6197e00cf7a6a1cc7f2812be02b1203153529945f2324e5707a92c77a16267e2be4ef7ec5d606b30b8d9df6b54350c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
102KB

MD5
e7e1c20fd8ffc84488fc87096c1c5398

SHA1
c3f2db029373206dbbd850dea22557f842f0779f

SHA256
bba383309e5d5782f8ee506de6dc5afb29e09725fc27c1e36a1936782eded5eb

SHA512
5c55dab41254f2582429b1a54b30e93696f334967b42a712a064d23934c02a98c066bcadcca1becc9797248c788d5d79e85771b5748e334825bde0aabb5a5f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
67KB

MD5
3cc9c946119389ea0be1f4eaab7336a0

SHA1
5fabf4b4900c9ffc40016771cdc90a43d1514110

SHA256
5cd3e320b518c8ec4da95b727e32e557ea1fcc1f5cca3746655ea24b06c51646

SHA512
e865a4d06799d37c1de76a50ab89b5b53a92d1c51ebb12b4f266cfdd54ac83809830969e2ce5c28a63bbe8fd556871cf3b8fd27d7bda032be99badcf2d23402f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
Filesize
163KB

MD5
9de6c438d121e6d2035b8296ea79398d

SHA1
4c09e1fa3f3e7478dd44598a7585352fa0893bae

SHA256
24aa15bc91397499a63bf95e99fe9f08c80a9bb41756d83980c5dfc2ccba1887

SHA512
a0eb2a756e41378d3b0d7752c1843781d9553e4649d422bd71aa4f891b1cf98e152e34ac7094012fd189460ae705e10f5cd3b9c4364f6cf5f3b1b310b1184930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
Filesize
296KB

MD5
1210bea1c11ac3ee707e593fb8aba394

SHA1
bdb06652fccff7322e3ca42b998ddb2443fae1b5

SHA256
299e7a80c54935acc629899eff20e3c9d1a223702d9c22f5d0c5e6bd60a50513

SHA512
e284f0e58487ec11532e1874ad1521d512499e75244bdf6f785fb4d5b1e8e83a370e2263ec5ae1ddd1508be6978ea2e7f835b0eceb4fb5c66df6c27d685ed389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
Filesize
68KB

MD5
7376fa45f083aebb4d1f89a1e71aec91

SHA1
5c0fb4b8ebb2a665e602e20fac0a2ad9afce9a6f

SHA256
713bbe73000f8273cd7307129d799de0b31282c9b5954081963d44472b127a76

SHA512
c393536304a36268cc2598af55d21729d4ebcb00754c9bd1303bbe6edffe5d2445068dc207a7eca83d83742383ba0e73cdd21b8a5ff08307e073d4bd42aca207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
Filesize
435KB

MD5
d1c84c1ed090be8ef7d0696eab4e44df

SHA1
c7786021cd0e121fa9ee1b9c2fbab397d0d087da

SHA256
0042bff227992b6ddbd60a32a59d6de7438dfc454943e062e384548a4eee7b87

SHA512
2442f7cfee0c00f4f6bb93d1f158f8d60c9108ecb269b2a5c76547a7adda0b076932cf95606039808456081b0ce89b2c6da0dab4dc17e61fe3bf9d646216a92f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007e
Filesize
162KB

MD5
4043af37a3392a9db521ff9ab62d9608

SHA1
83828688e7a2259ed2f77345851a16122383b422

SHA256
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321

SHA512
97a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a2
Filesize
50KB

MD5
40333c9d07daab8ba8a53f73ee3f974e

SHA1
36c2b17a7c48fc28036534f445b79fca9658f0a4

SHA256
998313664fbeab2403238a77e6c50a4541d20805b30533f67de1a12c624fee54

SHA512
4a893bf97a02f88a3ea7830b5f72eb56295566a2c6ceafa33fd80f74f81edadbb4172f71c0e12e4a06b1e927f9d7b0cc62c5ba070cd50f3f25c8b670a1270de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
d11d7f6cb1fd8fe4fbf70620edeb23df

SHA1
37900548a045d123746cbde3de6bfc4f51da21dd

SHA256
e54469e0c566fcb6fe37b6103ce839c8d6a273f9274024239e4bd2b3b8c610e2

SHA512
df39c24a91bee3aec2da701acdbadb8148146b1aa00b5df13bece3b292f13a7bf059b5b20815a1164feac13e2a33c7230dfac9292a0eb49f60775a4792649b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
76fb06613ef8e9395745fe35ad66e623

SHA1
918d5201b6152f6892054f7065c4597b0ca6abb4

SHA256
b7718f50251a93c9f514fa0f7029904ab8115ef3f3340e75049655daf542c4ec

SHA512
5e31d41760b4ba9b1e7394c7ce1469194280d66c89b8990d9a9f2132b90801ade6659fc9371a31e8ab15c02b0199494dd8a71e14f48c89c6c073ee4c0c92aef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
1b973b1a1f8c79a9a49c0001b2dd644c

SHA1
9a30a13be4f4f66ce0ad0362fc9671e49d45b27f

SHA256
6e7f4917bca4dabab5828f81e0b6e42678e1b58a81232965f61cfd5e8d69021a

SHA512
f14e986943af2cf446788c98f3d4dfea58a92e274fcc2a0a2f958baaf759f901ada63fc89edc2f6938d49b11eb22c95c6d411c00ec8421ab2101e03a5883578a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
e1af902f16513141b09e0e8be48544c6

SHA1
9a1460667e58f358fd3af5741c4c5b8edbec1c08

SHA256
5401f33e1cf3b43c0d750969b3b30ed864927b01fd4a487e450f1f68f3f3edc8

SHA512
05013fe8f3fb02778ee7e87f871f233965264baff1ca75c01a58b0824ae6bf01506e31681a6b685f920a22cb6f854f16be3ae8bedc7e98e56373a40009c5e0ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
ba466293db50b804416881be87b0f207

SHA1
e5ff5389faf59c58bcd20acc70c1851a85686169

SHA256
8cb5c65e81880655c16f2ec5883c0965525d03404cbf8e458519e76ecf77350a

SHA512
a75ca58536f99c8377a0f2a563f15be6711e23bce937f35bd578c23fe76d13f400e84174d629e597972c50ac8db47685b6c8cf0e51acc05b145328dfaad34174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
9c6a295af9f28fb21724abbfbf7a1d4e

SHA1
93e5646b0b7139001f6e6ae511a3cf899cba84a1

SHA256
ae1dfca3408b9362c0c27529df6450fcd38c585b63ad89d78c2d9951dba786d4

SHA512
fb39e4a5d9dfdd0d4a41b10484413b78f74958b47d464544f8308f98d76401cbfde857f9323fdaced9c3346297ac0707d0f34b6d0b415e3e6a3d728e4f0f32db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
fdc1e20142f1730558feaa81e5b96a66

SHA1
9b01afdc9a31cffe8e9f3f048bc1181d28315b4b

SHA256
4f2d7d23e2ced6c65d3989fe6471d402069bad2fc5722ccb76b1689d64ba0978

SHA512
a293b569b4b199fd956ba3dcf8f549c128373635d3fc1d94f02232308df1da1121b7462be413366248e382192ebdfc4a538e82d73389dcda6dbe8ca15a049584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
58f54349aa313bf5e99ec72c148e237a

SHA1
bdc90226172644f7195297e977ca665c16f41199

SHA256
888934e4229da9afaaa5ad3c75732f3404bc149218fd46f0f916d045d4977bf0

SHA512
7ffb31a156975ed4c0ec160dd2e64871d8e54f5f82ef8f3f5efc76e17d6d83baf1f41adde3b5eb6af7912fa5b8447853fc8b72cd01ef2914739e57b0746dffba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
c1c005b0244f20d3bf3fc3f40e1bb0f2

SHA1
8385c978166535570b2d0c81416340efa61583d4

SHA256
9828023f855c3c6865f1aa5d6ae92e4ca9fcba46bedc60c0a6d3c487b329a6e8

SHA512
6bc2f7ebdc598410709bff17fc090904a6d767453ebce80b4817cd2163346970ccf792180ddbe15b65b4dcade9c7e410815fe9b630514ca9576004f79eefc690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\30e0b79e-fdf5-4dc4-bea5-0a772991c07a.tmp
Filesize
10KB

MD5
7e2b035519b31c11b21551ac63ffa3f4

SHA1
24cfac6633e15a83b19b1058cd4b268587ef3b1f

SHA256
5faea093255c5d96c2cfc2b7bdd9a141cc60a60768ade77948d9796405697a92

SHA512
98b7b2872a4eaf8201016bbe3900c1a056798640e037ae1c8d33c1d1e0d8f839c4cf968c4e4b40edc41503708f3e49820a1e4bbbcc3b1de30281226d5cd745ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
9KB

MD5
09e23d3919930f999ac7279d1ac4aa75

SHA1
faeaf94aedcb6459256e1d55509e5a1a32e377c3

SHA256
604889d9ea14eb85a7fc27387cee3b0e00fb0a4d7ce444dbc4879fc6e50cabef

SHA512
29c3a0034b26d64fac34040c8eee8e1a3b0cfd3f33ec664d2a5a488e5755db4f8211ef960c21441fdfbb3e7db04a44c8e2907843a5964d04af5c4b0f017b71d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
d758fd6e6d7342ae84ac856a1e1de721

SHA1
fc90d8957d467ffac7d35361c17b0e9608ae6c12

SHA256
4db4defa269a4a6ae0a257d28a434b1d136169a1738a205f537821b26ebde0d1

SHA512
55e90f0622ab25f1b907a0e0cecbf15021ac238f8fc83d43e803df5ddbd1b2dbe01dfaef67d42581a2522f0157832d079593aa9b297d07542a0ff77546a8a970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
0bb01c2e36be855640dd7425e0962bf4

SHA1
8c970952ca5b2f8e5f573b03e5f13a4bcbc0ee1b

SHA256
be7be23ce7a52c4d2ccb6840d2df29e861b594258015108d6d83195bb281c48b

SHA512
1262390e4ae83b4b0a451200121e95910dd875050e9c922922605adb8a49bfeb651b05399eddaf3d6eeb78e4291f151080e8987a348b75584d51c599c51e2246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
5387778b2d69427473f17d67dd4a3599

SHA1
5f1bf632224d1a30fd228b70163258cd6b661157

SHA256
6be0a5c83832ce5311cf7620faceabd5fdfb9280a9c56d675276cd594cad7654

SHA512
2eeae04033509fd4d26210e30529d7cc8dcaad181e5c446b4738fe54cd55c2fd1d55ca1b752ad3b8f8a6eb45a7fb193b44c969fef1ae301b6bb8e9b311a1483a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
b66343668526a350edbec71159857454

SHA1
c57e1d314489c2cf261c5702479bacd925faf7e0

SHA256
dcfa0b096dbddc7d74ed143f7ba03fb5b3724edd400e6c0354d8556f78fcc9ef

SHA512
3bca159ef4a29841c5b8e60ddfe3e94af3a49a4b940222a3c589e092dcc5fb5aba3127af3748d365a57905e00465afa4dbf43c3f4d49754370fd4d94e9c2de0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
9KB

MD5
a779d3117415da6539009f9719d3947e

SHA1
4857657c66c276475e78746684a34d0bff4614f4

SHA256
c646ed0a55e1b94fc80ac2f1e40b20721c32d5b1f8b957c56c83c4dc96bfa131

SHA512
f165c32f1207baa41a8d19375118a404d2462be2794db3a9417b84d0e5473710b4e3e7d2ad2d7c6663e9ad159a8978903d34ab782c09d0821f38f231e6a1fe2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
9866622881db5ce1df26bf4e69f012fc

SHA1
71e3f9d3997cb9a2b5efdf9a1b419a4374e8a48d

SHA256
a631d2b6081ca814e6ddd2a112e9334a325d3b33e4811608b2470ec361a5d8bd

SHA512
7870fcb2c679da33ae3eb4295b1bd73298c069215b2fe5cbc784209dd0395412d50b8417a97ed2be27e08f6c0cc63642eb11150e28ca918dbcb56a6ccc9e070c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
0087f03a4860f866d2c6a7cc0e956776

SHA1
5cfe468301060a78a3c1b877db003e04fa448fae

SHA256
94185598bbe6544b7d4b384558d6c03c0530d3b027578a51941b4f94ac79081d

SHA512
227d41b44c63fb34e14596cef54f2a048514e2ab247b81fe371df1b64e4d6692948352a0103912248602eb417249f41ae6d9e57f883f0f29a4af35187597d92c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
46efedc57978caf33ccd3860c0bec856

SHA1
5feb5911de116f0fadde61118044647c9d65515e

SHA256
eccf46cab0a5e6f737f8bd72d3495ae5ef0b2dd79cbdddd12dbe806c6a34b896

SHA512
d16d211713c44ee8d7e0f6ef74de1b5d97f290fc1e7cbd511292ee1a3066bf6bac73b36b9226b0a3b3baba7d8b163d99143904939e2ac3c9f0d03184c8b0da39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
103092d7d0385386349e31e69a9b0f02

SHA1
bfba3e5ead35333acd9e0ffb2eb044f1968d57b0

SHA256
09644c2e5555626622e0f08ab505bc5b0bd3f33f341c47edce838a4737f39019

SHA512
7e373f0de944bbab4ccd706cf03b52ec71d6a5dba2f85639c23c2dae54dab7ab3f483dc38fcf93001d4391fd740560c82ea3ae2058defce0ec370f2c88688237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
16a99031756e153aa36d8b9e6342843b

SHA1
0099871da2641bc0b267ff353c19357742d74737

SHA256
0b9836b0bf7fca57a4812e1fac938acdc3323c97b3f09d4e1f53b40bf60366a5

SHA512
ba9887bdc57a9c78ea01e8261222b22760cf8c7681735d177558b09ef63a8c0932cba6eb33b38ce63bfff978d2bbc4942eab59bb8822343fbc12a5e414b93fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e7010492187abc0f5a05f6a9ae049f36

SHA1
bdee9d9d1e51382b81a50f91c88ce3cef4df4abf

SHA256
49f8905ff273b42774d62aaabfcf0a8d00d2404533bc2769a66e3885105c7872

SHA512
ca8b22ce34d9727d5589f635d8c91f6dd16e7e33b69cf8b150c876838cf58ea20575b882f980df8a7833cc53cd989ba7408619c5347d95a036210da8eefcecc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
91c8314ab7814fa4fedd049424f325a0

SHA1
40eee32916bde07367f61f715ee883bc9644b809

SHA256
07ab730ddfcd0d10179593d256fb5a17907d5341c65dcd97ca40327b789f5c46

SHA512
25f68594a27287cafa77c62466d78c8783879e170e0eafb09202b47f46f3b9ed0d75f742e9f81bd1c0ecf4ca4c629066ccdb16888b29be0f7bc192ce8538bc94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
51d82b30e83de3bb9c10c74ef1a3962e

SHA1
b22673bfe8090b3804b6622078455eb360765598

SHA256
ec53f13af41d06204bd312ffa2339dff6fd4e0702edb7973fd462c7f70c6b35f

SHA512
a52eb4abdf03c6df073fe0d65920ad0d59c3384036b21dbbc991aae962b9ccfe4790c5d1ae4d216b570e8f4298c17c1b8baa7e52440ed15fa69de1de37c74a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3fe1ebfeb58be85ff21d5ebd5a0cf18b

SHA1
9671ced5bccb75224525d04766a46c3a28f79509

SHA256
1691daebe19ad7e3de28ab72c7891906e5de24c9b678ecef9f745f14a3955079

SHA512
12f14352b73e33918279f247b1235f1106d6f4fe423382c34d82c10dbdc812af0314891a796b84f001fe986edf4f172355a5aed8a3eaf56069fb468a4c8a71db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
747529be12bcee3a3f4dda074c0be4fd

SHA1
3454088b587ec4a8cda282a391ea20bb85e53d09

SHA256
9ea0f30df03cf8ac607b01e9b5ee767d028f24f1c7afa744798cb3d9e96f13c7

SHA512
4426efb4b3429f3eff35e86b2cfbcd4c431f72e1c405371d00e9d6812af476390448a3b24fd0a6958f5da376d28d5f48bd57a3704a0dfcfd967ac575811f8c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
63f8838401a052f0db9d2067da247c33

SHA1
0e13103c2dc069a20b731db7e15334fce9216898

SHA256
99730a2963ed3850452696b5a508bbe268e471fe8f2f5e5c895c68a57eaf2218

SHA512
f2a4cb23fa98ff645c73b1e27288d8f06144822116aac35f371960084ac56c8b28a838264b11547def7297fdeaed2efd96c8359f281bf21380aa557ae913b03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f0737f290f8f6e12f9195dfdc1368445

SHA1
c50e5d45890a59e2d8e14900b5e6acf7f23f1b78

SHA256
d2d8d24d4a34edab71fa799a5e1b5f723fac6ae93517a52c3d0f834903a4a4fb

SHA512
26e081ebd6ae90dfced6ca31296705cedc08f2b8acea1c85f3dbca07467fa38f3cf7bb932b58cdbb76a27fbf5ee8418a7d557d0f082fb48326a4fcf54bab780b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
150592778f320d380c68751297ce1bf4

SHA1
2ca08a77246d87e8deca30dd83c5f8859d75c03d

SHA256
b974d728b23705673cb96dea2554574ac7b3a8c666d761c54768562eb678c54b

SHA512
44f867d2b1d8c382417ac0d31f88b24ca4110ad87286cd809b56bbe887daedd6f53df4c93d344a60d03a3f2ed3e4c046e8c6405ab444a852557a2e9734263a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f05e25f99639adf0e24a74624b7dcb16

SHA1
8e061981c4db0a532fac8744a7ee61d28a0432ce

SHA256
d429204c2acc85681b1960fbb40ee457d1f6721a091f6e1d418e29a049c58f10

SHA512
be9a15ab3cdbe15df7cde5164043656cd161652b108f31cee1f1f211ef557388fbfd3cfcb7d77b662cf69943ce057d16fe4a9a275a84d8aef72260a962363610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6c2728ac5228436e4ef4382eceda86ec

SHA1
415683dec02b207f25c1d95c27ed7d8cf20e3423

SHA256
69497cb95c6f4ddd0f9415232be4fd5c39af0fde7b0a424defc3585288a85855

SHA512
64a36e8bfccd6132bed25f80b8146c6403f0016f617b4cb54c7b5302488bd334dc96779912daf24e261d20e1c809d629ab62433fdbe08cf145b9cd15913f1510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e62abc2e11d9c68250b44304500bdda4

SHA1
518558b19657aaa9bfc27cf25c8a429a87867a4a

SHA256
36d9dc2d492a99a2176a1687e648bcfb1003baf22f99ae4f172455afd81e23a4

SHA512
3091ad4599e4e2aaa6f87fe82ee5c5c2fc12fa8984102e53d41f65addc5f58679e58b6c7f09349bd02a8d92686bbbc47fa3e728e4338ab780e4a1daa3a22721d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
aa8263832d18f4374291fa5baafb13f9

SHA1
1a63102102d465fde5648d512c37c9682b7e6a3f

SHA256
a92ededf20102fde866d62ffdc1ac6d4fa9405c48e79a2bdd05d198ea4ab27f1

SHA512
e813b0a64f971d88abed0345a5957086b9207f51c385ee90f720dbc6a677051d31d8982d3739615fae93ecd9992c228f28ce1f9a6bab3a02dd0a1cbee6917d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ac8405bcfa565188f8610ed86d487200

SHA1
b88f500910da4bee084fc97a293fff79efe75c22

SHA256
27edb3806203ee092b7464dd2a8f955bbf5b987cb1a2555d0a581b24cc3c4a9f

SHA512
4fa8d6bb84a2267efa689a98177751d7ee44182ede69db8730fad5bbe5d8f15dc83717077ee2a8af7f90e5c9cdf3469fad9f7f23df45d09ce24baaf605c1b1b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
8d24c0d6e22828285b3a7851a204e3dd

SHA1
185dc2a61b10e3e5eb1ff7bdaf9e1b49978b7c66

SHA256
b4e477e7f796b009a27e2001cbb166723b8205371a39b92c829524e605b87dc6

SHA512
fddb9eb3a412e8dcde38ed9d989f3e998b8dba83055a2c916bb1a49ce673375477474395759aef80de78e4e591e364213df1fb92f373ba23dacc426166227d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
2f7b4cf0d8962fb8dc07c1918f9d4d3c

SHA1
4a7910d9d604478c197c70e1627732b8f499e996

SHA256
5dab788f2ea7d67d72129d17ffdbe5a8a0e739fc3eb3054c88fd81abf138f424

SHA512
a04b95ad2e163cf85b72c224544b625177ed92de3dc63fbb2187c521a126227a91fb7966b16045e9a1306b5a684072d05fb27f188d026ff5fcde110025bb6b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8caceec7eb76ba95b265639c21c1d433

SHA1
3fc1bead1f6249af62d25be75dd46281a80a4c5f

SHA256
03cbdd7a71e6d2dceea124ce266dfee1a12d338441cbb74ff444f3ad12c90bbb

SHA512
d969e311ace79d49a7b41c29acaef6160912bb3a7376e4f20a9b60e57b6b25cf4d85402882b98e16d17b5062279d7fa9910482054880f7c09960da15d4ae8d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
aba28a88a26858fa69dec504821f4604

SHA1
df78e2907297493bdab4631e11638058a342852d

SHA256
41be0d574a7f79184dd60dcf9006589e45ac83e76af992769aaa19ddfa3a6511

SHA512
2e9530a6252aa9c9288a8cbd095a6773f01f80e4d924895a7378635db03ba868e109cf4080802c1294d0387312f6150efdf548423510f1950f00924838c76c0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
57b1eb53d5f78b1fd6dc4901771aa8be

SHA1
66ee7ea8bcd9e373851ff9729dc4094a24de5df3

SHA256
668f9164681e8bb6e21e9016fe4fa221320d5d56f5a180cf5a38155df310310a

SHA512
b839e9c5d22305260af0078f1a1c13646760d8c1f071b86d8a5cefe9f265108f4639ba5f4b6a11accd6b9cd4c5cdb0d9f77950d00bc6dfbea1af939f8bec53ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
ba4fa4f71799f67962f8a6ae43ed1952

SHA1
ee3cf4d0fccb3c817ac1569a3bf4396c4c623680

SHA256
45dd9949957570456f4feec8835ced2fbc90949be5488cdbd80f1170ca0175c6

SHA512
29c923c15b391eb76a83570dc7c330f27c4e38cd1417b3d6be217da85a62ccff235fbc4bda50baa44862d3c3744dd50ca370fd147cca53750a84853c794abc15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0fc70bf101f166649c637fe63e13b17f

SHA1
9da0131375a9ed2c0b0d45a8616e03734e03dcf4

SHA256
2f8d3616a5b237dc069193b34f3d038cad4995e7d3d71d74579a49e28dbd73b3

SHA512
0f5ba8616586a9bc2974f1c1fc507fe7c1b9a55b8f21017c4fb347d763b7335fd96d7be60b28bd1855c50861a014b0749d0ec846cd81019a498889f1bd073546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
13d138368bc8005d595c6a035f6acc5c

SHA1
65f2274bef10358ae859a55f46dcaaa4d2f4a9d0

SHA256
b8b0aa5e976de692317e5dcc60c62e9500fe3c28d55b4a2e2f77531593e9f55b

SHA512
2a3985ce2a92e4651b53f163f5e3e918f30986c5dc4f194f4ed0bbccc883a05446575fe476397b50fcb32b3524d64f0824166795209735776ac6fa93c62f29ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
15facf261ddf4514d473a668e1701ee4

SHA1
9dc6616aa0dc9043ce0acb991af5f30ca501a77a

SHA256
7c0afa06c75e3b288a7adba57f10ab812da9bb328fe0d0025933371a9f41af06

SHA512
5af040b1f27b538a980855772988a990f6212ef588a797abd1df4126bf4f4a482aea09f73496110c69df65a1e25734f44589c332691e59d02277288ac042b327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1766ae9545575f3ede650659e7c10ee0

SHA1
66367fb43e101c75a20a156c1edd9da2c4ec4a12

SHA256
ed8b5b9b017967b54aa79b39dce85e97f1a59205334c59be33b996f24c6cd2ab

SHA512
d23916fab6357797c3e3b6bd3d42eac41ff5aec4e138e7421462146146a8e81fdefa559730f06b11cde4d305da0797ae421bbcf70b0258d7fb23a724e1512d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3bf244c6aed0a36173ae3d88cc79fe30

SHA1
6f23811dfc14e2d070b1ffdc29ed3e631eaa8284

SHA256
6f25b269459897acba8e967e12427a45efd549f14463190548dbd757ab643092

SHA512
8074d29ccb292665f154762fde51f91abd6909253b5dd0b99ed41dcede587608f56906ee4ab8d7d3a20f618fc58dd3c01fea7ba8d2bb0fa2701b510cb2d83757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0740a9339cf9d58de342eca8f6e659ca

SHA1
f14926f88fdb85ace5c5a08b11fabbae1c13a919

SHA256
27376470dfa5ed6da78eb5cf6dd4019c47bb71b7c7fc804e84808981b8690e12

SHA512
6976863e2b0e1f635f2fccc7d58bcf5e65450642568dad92f80732d73be088cf72c6df88ab9acc59fb2119c232fd8c9d7681ec332a23e8b1cf2f9507e6c6a78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
c80b901f4858bec53d93612c43831836

SHA1
e22760b86dfbeabf050f5eb5ee49839727a2eb52

SHA256
035751ffaf015c03c57097c7138c88f6653ccd480a40c14f447f63fda1ce0ba0

SHA512
02c1bc4a18502d439ede68a032683cdaa2ff3001c542671b43af9fdea14f0c64041914636a6a0c0635b28306b887f1d78ae10e4f8440efe8c0ad7fdec7c3154d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
56fa5d34ba542c64d12ec8d59518ba9c

SHA1
7db0ee7ef9f567440aa5dc962ed68972ae81c8d9

SHA256
9c605f060789a10bb65336c3aa6118afe0d5d06ea34812927f693b28c0b17c7c

SHA512
3461cfc695b6c3c546be67e1293d328390b4b392d6b50d500da4ecb1e103c307948d15fe803848183a9038e593c446d352a8770d43ecb57b0693afb8ee7acaa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
579aff047d91ceda7618b49df0108113

SHA1
68c6b945f8862ebcb8e86aad0ad2d3eef01446ba

SHA256
09ab9ca2b84a93cd4c89223ade4ed66ae1719f5b7177302ba4fdae7c201c3313

SHA512
b38a2dbc712274cda97335056a7847aacdf1640606382b196569d84a0635bbc95033b2526eb885d1638345540bb1d303418ad75fb756f591397c2211e2d5b765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
2e9d3364f13d6df0dd19b62443d24f68

SHA1
2653f82bf594777d0dd819962ba5d00fdd986fb0

SHA256
3e855adf22e50f82fb3ae0b9ede341bbcde02bd2e70ca413ffc0afe2c8f5b92b

SHA512
12b42c145b21b504b956f10d4f2262409985a0fbd718fb0976afe893e7cded3b2056c80b4b74e8910612d40da0fac221074e76c4b44a7cdd7fd7e60d5f1c97c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6d8ec3f6a0fd0b46cbdfbe8638eefdad

SHA1
50842b7d81fa489d9b21e1f4ef03a1aac60de8f3

SHA256
1e378ba01bedf813183c6c217b4a4f336021d89539fe91c5c8df0ce12d614fd0

SHA512
978ebb11e8f295308e6004ef40d17b5705ebfd1df8e8367e50569d7022bbb03b67e068ad69a3c71d7f2993669763fae9bbbb99f081c296fb117e18ae383e84ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d18ce5850503aba98e058e6a9ac7f489

SHA1
e2546b401a7d4e30c2fa796b7caeeaae9f029bc2

SHA256
8642ce7a6e60e2ae9be93e9a771b26ef09866ac7089644cdfb00867b8bc3a971

SHA512
f767775c34f7098dd53812687bbfb96427e80d5f0171ee9071c7b09db6b6b79835ddc3aff794a6936bf303cae483bacedc2f2d90575256c1c096d21dabf90122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0802237172229c1e0434cd2b96fac3c0

SHA1
e301018bb95417f9a382dc303e3669afbe6133fa

SHA256
ae3be521085b240b4fdee5c168deb85832e537b526b599e5661a8f8aaa3be1a8

SHA512
8e308bded011680d989cd5d807b7b77aefeb45b37ee78fc9911ec6215716955a40fa44449e3be1e10343d6376483e5d383300be03225cbcd13db5c2ebf26562b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ef1228f2e451065a7eb466f4cc62520c

SHA1
52cadc03203d690b92b2be8789c33ae5c720ad6b

SHA256
6257f4a137e812abc23d5f9a46ac6c61a7ee478228d1b5e9b8346a2b693f21fc

SHA512
1086e171120ed7a958f281488f695f841825bc469cea9029f447331e2d4f5830fd232750ed2bf77428a5780890fa10101df896f01a2b15b261944c3a5204ee8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
df71bc13f59fdbc4a61ba97e698cf2f4

SHA1
d6319786d6c4bb54c36087eb8fe940dab976bc9c

SHA256
51cd17c649d840167bbc9005e7d0d20b3f1dcef0e76df87ff8f10ce75f65d9a6

SHA512
0815789eae4b50052d85f354045316ad8ffe83a32ba61651c66af57f53cf69bf0a38c0f0bd498ff17ba7155ba4785a49489460a3f8e1a9d00deb83d01c54570c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
10c5a4f559829bbed0e85e3cf046f6a1

SHA1
e30069fd99529c8d2166da0f327a4b275263bf06

SHA256
32865e228049e927dad8d08636c367cd94a312f4093cd8f15ad1da11c07a7299

SHA512
1f84ae140f2f51282f7d3e755d28f910081ba2cd9714925d05b1e52b046689f41707791be4c2904e8653c8c9a1ea62651e9e326ade4cefb004a5749a0c88d261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
8a32b7cee814d6343a21a92c13152c3c

SHA1
f19bdeb788fdfc3bc4cc59004151445549727e18

SHA256
8b0fe56d8e21e024c9097516a1c3a9c84f7083c1add690442e69fafb7cc45aca

SHA512
74103a4b8f8dd26d83262f0b3d3aef818dc617576c21c1410df1e68c7097780d58522a6c25d6601cde1825586b3f29535a77fef9fe71e1cb3c2d5e7873d8f453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b93e.TMP
Filesize
120B

MD5
a29d3ff90575c0fd5f2da4eb7c954541

SHA1
0ecf2ee3b9982494103c34a58b100f91de13bba7

SHA256
3894390e0eb4f25712d8c341247bb261877e15338a394d3a86dd27445e80a93b

SHA512
28b787013233cb37af69d4516f7f34180b83120d0ab5a9ca1e60019a7df9aa019efbba47c8369087cb8fbd4df0f71d6ffb2508e11ddd37d295a0f987e5fd14d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000001.dbtmp
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
f0d2889591b86e7059f8a186548df4a0

SHA1
83c3bd393884b92c027d71e3c0c225fede4a15c0

SHA256
9778807dcd626f12da1c6bbaefdc7eb9ff6b3cc4dcdf1d207bf494ec8e869aee

SHA512
cf4594f8a5e20043e18dffd682dcbdb3df18daa066f46b1273bbf2d33b6ef406cff9af1433588394bf63b71cceb6d490c9fc040e8e985395ec97d7470e40b5ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d4b73.TMP
Filesize
48B

MD5
f3dd48f3f14aababbd1201c42d505c83

SHA1
78dee556bc16735356e00820badb58c9c1d20633

SHA256
25fc9ed1d2f7d510b5e5ca48dac9096fd7d8950d156f8941208011c8eb6e992e

SHA512
9b488512a902c8e6bb4cc1dd497363449c308337dc923c0a3002ba20db37ea65ebbced367a54b55433be5e762a12044ab204352a00dc6afba3eb41d169453918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
c8d17732f17428e612240e8962d88b25

SHA1
50c187f95d08b969dc878355c0255de5047815a6

SHA256
72abfb21eaa57753366df8cfe94e807d97956b0e9befddad4cdda0a4e03b0122

SHA512
1801e969395fc3a31db7a18e3710f0ff8e95286219f842018c72e90d2e9eee263f7a03d479974e601dcca2a70f92cd8d25962032e6577e2442a5f2673cf81988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
4c9a353858afc3ac5a1ca9a32268ddd0

SHA1
6c8e559d1d3d5b20e98452a02b8e59f07a94a451

SHA256
19035df3bfc978699f1059cd01bdb4c2f3ff2444b2a4e8a05a92a6c7f70b9e92

SHA512
5275e7b3b967a70674f3cb2664c0c47f5700f6371d064eabe4f3187ab561efbdb4307f941c75d21adaf9eaf69df5a9b7bcfe55192a2456af7936750749a9baf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
77771e480f5386e8def7fbd417aee8f6

SHA1
040bf5f56af9f60891f9ae834d41dac4448239e6

SHA256
edc5bd7ab373950b00d99e6cf3b6d802b1a718dcca12d19d57fe8c3472a22c1e

SHA512
b40470fd45b09e03acf5a02fc6a28fd44e7e4ff2504878e58157f78d8699d46b8a40f90109a4a20caa11c138d8c35822ab560ee920c70ae6184c65b8eec76a80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
b82a8bf9e3c1c04ecccc730bc9fca81e

SHA1
8b50135ee8db3962e19483b546020affb84750f5

SHA256
74bcf9e12debc65da9cbe3853d4051fa75c73a3a45a3fad71c7c698aff89dc46

SHA512
b7fc6c25a08fea099427ccfbfd588138a5e655737e96e2efe7aa8cfd3926604eb663592844ff229f114c03e716d3ac07bdf4a12bef34921f2b966be97340e9b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
20b38f7112f9a74e60173b049cebb6f3

SHA1
41defeee79be76d5be3410448926b8b3cd843e69

SHA256
24339f174a30e56f16e0dc7000813928ff798e22ec6635ea30a0a9af48aa0157

SHA512
bb178ccf46d0af7d7495962699ab6498a9a8b84a58d46489e4b46f8c4a653ed28a26f3f8c77b4dc2b2ff9ea00a73412ab72cf0944604165e7b5a8707e4a7d604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
1cb09b0819bca3c07155c41701834bf5

SHA1
e7e38d78285ed1f3faf2eaa2e40f8bfc642771f7

SHA256
3d43eb755451fe7afcab502180c2e9a3ed19cd2d4b05a7a4dd71bb7abb63bd8a

SHA512
e8becb8a4a8fc27a8bf6bab95ba50e005edfaf9d4e45f6f6d943995e593c8ba1d252d57de806ea5d31ea051687b06b31f2339328bc0ef7d173ca839c1bfa63fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
0583fd49ba6dd72193f73a4e9a1116ad

SHA1
04051d65bbccc9d7657dd28a7840250ad17d11b4

SHA256
4ff04e221601ab1f488f8062733a371e3c0793c9c842434c717b67b6b85590c8

SHA512
4eea9328e02c2defaf78261c66fc585e72d7f48b3c42b308602e0914a9088de92cb85b9155ce8d7a506056dad3f042027a47a82b16b711990db466e386e7bae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
54237e16a3e44862835f68b3ff9502b3

SHA1
11511b30001a3ab665c1201dedc13159b2c4abf2

SHA256
fedc7c85baead2a8deb4b3374410b74187cfe32e20b8a791a1d6a4479e20a1f4

SHA512
c4bef8555acb267ac8b93585f3fcfeed2b19a7499a1a5e901a60f70f648529b931fd252f450a863440dcd7c324bb4f8fea2dd83ae6245abce630456bd3e6ff88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
ac250d90bac773f7d6be8047984288dc

SHA1
67736a85742cedddbcc857d5e7b64a06481469b0

SHA256
878ab70db20af0aa6a36547d251f4c789e89d4f1345aa4e2e28dee2a73a32e9b

SHA512
000f9e85ab0590d9a346fa378b29c2d8b6f859f6921d523d064c40357f581854d68345b46ab17e1d38f6a0b60820ec48e12fbed5dd013b6bc481813179b9cdd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
b039cab1772faefa21dcebc8a5821d0c

SHA1
4b61a798dcce0708d3bf2d68d21cfd28ac3c9e2b

SHA256
ae7b9945b59e6596a2fa11c4a4e57f65313fa7fce4c983ed5ef62349a44498bc

SHA512
857d01c70a89a31cd90ea340db62c7b08139204e5d9a7fc7cb82d7a228747951b9ccdde96d82ede498112a14d9433b7a9857b8b73dbfad6c2b813a72b8883e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
112KB

MD5
1ca803069b0652ad14a3676537e7077e

SHA1
99e4d0dc36a14f8f8963ee23d1f0c8671fbe2fab

SHA256
e67a4c4877436218f9b5a30f8a9258aeb3de9f564e2efdfb7c8b29637757f0e0

SHA512
a178c05e4ba74fcf1f65eb6b458f19008e12a7d41986007033bf234e266357d73c2f941233a59fd92860d65bf160110d82146b195bc4bf13ecbb6aa1caf0b0a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
422f079c89caee96e11a7dde506e097f

SHA1
5c608f42c0644227ed0a322fed585964dd3e161c

SHA256
0cf773ebbd8e918fa8a6d48b6b2f1bca6d023d3c7fdb80855dc50281dd2acebd

SHA512
501260f2e9d7acefee38256342b1241f2fc13f24a14d0ec9afda46ec7f9c71ec3669ca93c22e003f98c79bb0eb42e9a2584238c1a47d8671cbe600f75c443da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
ad216a36db280ab9f5f2f66687a415ae

SHA1
4aae16fd8d26c0f89a2f9db245803acc4b4f37a3

SHA256
e256c001ebf2fdd413d625401f2e4eb0a225413c5f74250501404a30334d1ac1

SHA512
2b2004412cef5a3b195a59c9db82635ded4fb121b8a370bdce65756ee167ebb5bbbaf5e6e80fc1491c8a34ee1d6c7bf5dd1079c66b5b3f90cabaaa9afcd36c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
115KB

MD5
ee03b945fa2df6b26d09c70cc9e365c6

SHA1
577d82197e11eb11df17c2698a54cc1005fbdf66

SHA256
ecf70768e2bcacf4b100889cfe65075b4ec7e2d38ab617fd8a3635fdaaa309ac

SHA512
3f90339538433b127fe8b9fbcc2e03b451edbc669cb0fe20146e4874799fef6161d114c2550c18ac02d8de76a54b4d98fecea2fd05cde1d72095da42755a064d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a4eec.TMP
Filesize
95KB

MD5
bfd223dbdc20a670b782fb6cf33dd6c5

SHA1
00f4870619fc88c3085afb8239afef06ecbb6795

SHA256
629427b9df28a83b8cedaec30bc174fa0e07cdb41a2994daf8b3ce35fcc26130

SHA512
e18d07f6408e047781bb15fb70b876e5c833a298802e3fcf8762068e578a6609ec5e7edcf8d5b6265bf11c91d32e0f7cd03ca3b74f4e5a02583a441f18c54ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\3720402701\2219095117.pri
Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\activity-stream.discovery_stream.json.tmp
Filesize
146KB

MD5
7cc3ae54bf404dd9dafd8f92d650a390

SHA1
cd9d96349c6c6c7b9c20183fda584551bc224fb0

SHA256
49a2c24ece040345c85517bd29b497cf3a0e3334ef89b48a64f558e2d86f8663

SHA512
99613412ba26fc08c7c91e552c85fa3e67f4c1c15808377c4fb53a66ddbb637041091842e10108a8249184ee69bf39baa77978a5a53a980241677cb375978649

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\doomed\30933
Filesize
154KB

MD5
1b7dd6e1da13e40370aeffbca7242d41

SHA1
eac0bbd86f3296e5ee6814623924d06ed7139b46

SHA256
aa7645023f7c3d71fd479d16d7c24a4d1b76e693a09e274a7e90b986ecdb1942

SHA512
99c2421355361ae4adb360c6750907d0b0874dd1790999f6730972f32d224637db061a133981b56b26c553c88bb4b792d9dff7da577f76df769f2b511ea1205e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\jumpListCache\LT7_BKtihttUNdFUmUA52w==.ico
Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\HMM2HWB4\microsoft.windows[1].xml
Filesize
719B

MD5
9afaad6afa218595da937222ca55a2d3

SHA1
365e58896b05ac90276c4210325ec01dc42d51c5

SHA256
c781e82ce56c5d3b5b3ec9f8f58d624adf48ed3ed0cd4cc720aa6e2c3cc70a77

SHA512
17774f162bf26a595c6a212cfa1a8fa7d6ba743e72c0d72b4aad0f746122e415d71a26f65126acd81780559f09714f94bb8e08c4893921b3ea90cf3ebe0cd87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
9KB

MD5
b4c659c603b94204c2552f7262f48d19

SHA1
0c842701279d3c3a89798295065573c565795562

SHA256
8a5bd41b853308ef2870080f2bc157045cd06312b193210827dc2b11a4e2890c

SHA512
7752a7409be2efa357e30e483e45cb774564c0136b8e41260d97867eb6025ad3e0ae939096fbca48820063954b5eb8cb2e7d4a0b5c9e9d2e12c5d49cfeed1d57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cert9.db
Filesize
224KB

MD5
e26fdc1f6ec4b1d3dbb144f49e2e66cb

SHA1
8fa2926a7d6b6ebf14d2dd71ceb894760fe9a84a

SHA256
35a571dd363e6fec8684923253766407e26397a8f65daa90dc5783af02e02cd9

SHA512
de24571db981f29aab0731243cd13095ade0b2e721774b1a7990c965cfd9663c0d095f1ad9fce488b5edea13715117db6426f97eb98e92181254b0fbcaccffab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\prefs.js
Filesize
6KB

MD5
fc03769491e92557713bff75b3dcae44

SHA1
a4f4687575dba8a950a014c93d8f9f086a2b68d6

SHA256
3e943e423e8dd73d3afd2444234e9c1ca4eebd430da878f5bcc15e2141da7375

SHA512
8e2266f0af8f7833397b36b31482a43a4bd798693e069f8aeb823d12b767bcdac3aed772ce10b8907fca777436e4efc39ecb5172e81d2672f1165a2427b709b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
7178aa5e1d6c252b9f628ed13ea658ef

SHA1
70cc47e9a304f8fd22d8e5e9950b2ebdf750e9a2

SHA256
62821a3d97a1e17036104d50aaaf8e6117bee1865d876a9c7753a0d11c378626

SHA512
91b41bb5efb1206118805bb42566e7a3792547f077eff3376aee687714d0ec11cfa93e59ad75b3ef3bbabf5e49fb863b900a219b61d23c6ca9a2706a16570652

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
9d0f4fc9359f633b3c46947e2da97ff3

SHA1
977ecc0070f92d7d55f9f3475cb4d1e52f848797

SHA256
896a27831f7080aa22cb6950b6bf0d6deb1ee6873e9e3845c5713994084b1fb1

SHA512
4b720f4118710638f37ac7231801be6730a4a972c0bb0436bf07dc211ee5c89a1aca3249ba595718d7d764603b51448663edd4fb1499a9cbe2f3682a5a431cdd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore.jsonlz4
Filesize
6KB

MD5
b5a852cc9afd23a7219a984f452f0962

SHA1
eb54e14113435027ccd9223169c6a1a6fb36a56a

SHA256
14b42746bdf481b0766b61867fd14d2ffdd8b3cefc7c584b0ad3362d908937e3

SHA512
f6b9b968b07ca755bfd390c1f2e2355a6c1ac92d300dc2e5e49cec77d038794585555e9c02d2fce2dab58d64b8b247106cc17b5ff512be7147a34e6fed593134

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
a3948e41d2174f625e74f03b6443d19b

SHA1
ebc26d7fd2f672b8e7b9bfc276e87d9926bbef33

SHA256
161e0394a581c8fe798bbd3ed6ef02820cf8f0df9aa13db288ef10cd36c96bdb

SHA512
f8674349020fc45b01e2cea8a4dbb27e31cbf6bb85cd85a8f5adbe5877c588987ec5ba41de90dcb88699943a18dcba639e8f13be164e4bdcdb7229cabd19eeee

Download Submit
C:\Users\Admin\Downloads\ProjectLoader.zip.crdownload
Filesize
4.7MB

MD5
5db4b3fa316c3b3b167031d620ecef64

SHA1
2c83928cb9845581d31086229bb639686b24a186

SHA256
7d34098fa91338c5808027040d3af812864c96cf8bb35d1e90b0ef7f5be1f27a

SHA512
e64c666868bb8540bd42a86a80ab18327e1448e4cd15a81c48c37bc10cf2f7b08c3a34d9f7388c3fb955bd3ac8171cd3724904c33d9c00cc6d66fd44f46144dd

Download Submit
C:\Users\Admin\Downloads\download.htm
Filesize
8KB

MD5
42b07b03a0585aa274df37f1b9b62f52

SHA1
0bc057902a83469ea29933c1713c781090d13d2b

SHA256
9a7ab30ee0dc779b34f9c19c22bec9003d21cc051ab7722cb57a647c191f1e9a

SHA512
18c039faa9ae705c69b7572472a761473558d4c4edb0923dd62d652f32affeee9f9f82f6f4b11ca75a530c945df3f4d6c404b5071062f27f705f52a09d60100d

Download Submit
C:\Windows\INF\netrasa.PNF
Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit
C:\Windows\INF\netrasa.PNF
Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit
C:\Windows\INF\netsstpa.PNF
Filesize
6KB

MD5
01e21456e8000bab92907eec3b3aeea9

SHA1
39b34fe438352f7b095e24c89968fca48b8ce11c

SHA256
35ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f

SHA512
9d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec

Download Submit
\??\pipe\crashpad_2460_QQBLTSDZRRBQPQXD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/816-1752-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/816-1750-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/1088-1226-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/1088-1240-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/1432-1249-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/1432-1238-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/1432-1239-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1564-2021-0x0000015766F60000-0x0000015766F80000-memory.dmp

Filesize
128KB

Download
memory/1564-2025-0x0000015767290000-0x00000157672B0000-memory.dmp

Filesize
128KB

Download
memory/1880-1755-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/1880-1754-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/2604-4213-0x000001944E140000-0x000001944F002000-memory.dmp

Filesize
14.8MB

Download
memory/2604-4030-0x000001944E140000-0x000001944F002000-memory.dmp

Filesize
14.8MB

Download
memory/3196-1255-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/3196-1254-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/3228-1177-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/3228-1151-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/3228-1143-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/3316-1265-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/3316-1328-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/3364-1751-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/3364-1753-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/3924-2080-0x00007FF9CCC40000-0x00007FF9CCC50000-memory.dmp

Filesize
64KB

Download
memory/3924-2076-0x00007FF9D0620000-0x00007FF9D0630000-memory.dmp

Filesize
64KB

Download
memory/3924-2073-0x00007FF9D0620000-0x00007FF9D0630000-memory.dmp

Filesize
64KB

Download
memory/3924-2074-0x00007FF9D0620000-0x00007FF9D0630000-memory.dmp

Filesize
64KB

Download
memory/3924-2075-0x00007FF9D0620000-0x00007FF9D0630000-memory.dmp

Filesize
64KB

Download
memory/3924-2265-0x00007FF9D0620000-0x00007FF9D0630000-memory.dmp

Filesize
64KB

Download
memory/3924-2264-0x00007FF9D0620000-0x00007FF9D0630000-memory.dmp

Filesize
64KB

Download
memory/3924-2263-0x00007FF9D0620000-0x00007FF9D0630000-memory.dmp

Filesize
64KB

Download
memory/3924-2262-0x00007FF9D0620000-0x00007FF9D0630000-memory.dmp

Filesize
64KB

Download
memory/3924-2079-0x00007FF9CCC40000-0x00007FF9CCC50000-memory.dmp

Filesize
64KB

Download
memory/4076-1250-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/4076-1251-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/4728-1253-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/4728-1252-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/5092-1264-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download
memory/5092-1266-0x0000000140000000-0x0000000141086000-memory.dmp

Filesize
16.5MB

Download