hxxps://get[.]teamviewer[.]com/planmecausa

Analysis

max time kernel
600s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2023, 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://get.teamviewer.com/planmecausa

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133313288490638866"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000020b727b95b45d901b47425286645d901104f90deba9fd90114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4784	chrome.exe
4784	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
904	chrome.exe
904	chrome.exe
904	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 3668	4784	chrome.exe	83
PID 4784 wrote to memory of 3668	4784	chrome.exe	83
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 640	4784	chrome.exe	84
PID 4784 wrote to memory of 1964	4784	chrome.exe	85
PID 4784 wrote to memory of 1964	4784	chrome.exe	85
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86
PID 4784 wrote to memory of 3676	4784	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://get.teamviewer.com/planmecausa
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc109758,0x7ffcfc109768,0x7ffcfc109778
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:2
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5332 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5320 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5612 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5632 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5464 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5448 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5684 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5612 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5744 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3832 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5880 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5980 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5596 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2416 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5652 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5544 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2808 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1844,i,447595388092462244,4257218459325039414,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:904

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4312

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
162KB

MD5
5d1325194ab19e5446660cfba923e18d

SHA1
1e3c2ca9abbedc852231c72f321207c4cee69276

SHA256
54ad7e76fb07c695cdf95f30ebb6047a552b61ece067cc50b74c2f755722bc03

SHA512
0aee70c35a38942cf88cc655f7f19cb858549cf4e883eb249dbdf70274c96e24c552a187ea0eb44b2943ffb3f9b8be968e066ce9619a43c55004b52419c735bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
275b3963302b77c6fd0c766d701c1d5f

SHA1
395fcba4a92035d60e947cb937ddfe47a894ce67

SHA256
f5f0c7f6d624e3076f7eccf2a61c852ceab3626bbfada8c9844002d70f43607e

SHA512
82c2f1467b52700f3167ff1059166840a76e59ccc3be02bbc10874446f2d159f54cfc1548908d72cdf5907bec603ac0b0fa597151de0a13781749fd31aa5b0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0f2324846060320eb15ac8359c4e1a8a

SHA1
acdce0001323cbe5aa43c12aacc7f23704534c96

SHA256
14dd0c29b922a9c21a2610038f8cd68e8d54b4d93a0e55b4c2524304a1e60b0e

SHA512
7e5cd675a5d1a1acd6fcfaf8c02294d6bde05d632c5514ea53c61849fe9775a5f4601c2342cff66d62751cc9cb8e68b7a9b73b3ccf59b8ffafc10f7a780a9c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3ea0e5b8d46f66d7b2f242d1c814df3c

SHA1
b688ba94391cf7557eacc747f06e156da929b845

SHA256
ca43ae63a79397dbeac355a8cb2162c7754f7913232c3b862a1bc4fca8bf07f5

SHA512
f5c9334b5248b4cfd784583239ff9cf7e039c8f8c62ff6cd363669814e2a5de4acf9d11044055da1bd50124f1088042cb842533ca36d99222438c7e51f9ed93a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
dcf3764a6fc494c2a48928b36dbd364d

SHA1
8372a675ac177602a5c271c0faf8572ba4fe5d78

SHA256
e3c4bba2ddc55308fbe67e9f95dc2c13f30fe6556c6da31969c94dc392e9fba3

SHA512
f0f936bb06de8fd7d94629f451cb903372ac2eea5b65a3ea7351f3e75183b4841b498574b3ba2c91ca0bd6bf65b88fbe64830ef07f2226e38696efc671ebe454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2d2075a86084fb4434ec83ebb0c7a697

SHA1
9fdaf3314e93620705de6b365054cc0b6ace0349

SHA256
692caeab008b51a88df476dc2912d90893ddb2e587936e1f74afa8038c09babf

SHA512
30c9b21cc27dea2976d8d9695a188abe80c48d10b2cc730db2a586aba3f4d44276fca092717b2212884fdadf956c8d8ca216f711017383f66e38669b36ee2173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
64ac7e0f1ed541310077224d7bc38deb

SHA1
b90016dd86f7997281ec1cdc31536bb4b428d5ea

SHA256
0ba2919ed4ffc8874d8336250200c65456be613bf798974d2c2ff80818990b73

SHA512
8af99059e1987fe6b1e274064aa646633fb053f6bc758624efe6e82cef6daf9fa47179c0888955b0eea0de85b7b29fa9c35f0a2ea8ae3bc020a24e1a3366551f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ad499643719c2db3aa8f3419d11f1c5f

SHA1
2a3a1c0c031967ff9e942f680ef56bd0f803d069

SHA256
963d44414d79e7800b4fc901df7ded1522813fbaffecfac31c934c910af6146b

SHA512
7706138f5a33b5a4763a9a3ca4fc61cd88f43231761d0b8475f18a665abc6b498ef744ba7e514883742d5e7b7b93ba5747a8e2571d393af830235eeb0902e9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4f8d5eac6e873839c054ab2a425ff6ae

SHA1
3a7ca76f9fbcfe9130d81245794738435456d5b2

SHA256
778b678e36710e1ea2fcf38e34b41f63d186e84f51b6528bb615f265ff31dbcf

SHA512
5a07ac73c9ac9ca1d862dede1310456f234753d97f0d9db106829ae77721dd9228252c293297fd1f5f8fd221e6739dbaadc31c10e6bdedc8597a607a47b76f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d76339cb4cd71a57fcddabcc201b47ed

SHA1
e907125b99cf5c0233e9673f0f272277e2659a89

SHA256
9261765e8420ae0c4c7becbaddff85eeedc0c906f47008d6e9a45c469d35eb58

SHA512
79adfa271d053641e07d9ed410ed82c3ea5bc9af081ff44eaf59506e6929d5b82dd86135fd24c41b752efa3d0497f20cc881d71a28052b37a963b19222b7eb8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e291814c9011eb1572233bc80c92001f

SHA1
bf8ff81bbc3f066237bd392028b876b0953dab6d

SHA256
6ec110d035ddeb7c93867e8561f2cc96bdd4420f762fb703bc9c622e4a4376b0

SHA512
a7c8bdaefbfa8f1a5674db83ab42c804fc9ffa8b3d658a0fcf334830beaa3422b5e530aff9bca222729cec8917f99f915bf9c845e55240e8c4b472511296af34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
734d99d4fc12d685de2d55276e00e010

SHA1
82fd89792d9abd9d20e4475fa43196916e3abc43

SHA256
03ed8cf2fbaf20bf2db9f5b41fdd0aa357114a4a2811b16fdd3ca4d926719abd

SHA512
e029a7bc73a3aeb74982f922b0e22a3cdeefcf86c57e3a9ad225eee3cc0b65a018cc6b38291159cb293c36bfd19d8222b737a34f4dc1d9e3fc8df0c9d201ee20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
bb3ac3acebe806857738ba977b76a51d

SHA1
8cf09b51ffe04fc91a0ae8a041cc86efc18dccda

SHA256
09db289f7dbb7fbb7553e4ff6709abfaac85e542f3b2704fe5e500397d061696

SHA512
4de99c91c72941eb9a426a3da3717dddf558c50ab9ad8f85ae9225b78b2ccb49e2720404143f845d652d6f7ce08c4a8fd70a8497d62b8d9b86312e65b1cd6ff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
6ba7655cf2fd9c9f5b4a4adc1e5307b6

SHA1
fb9a03489ad5f42b4fb466120a7e6b38d7c9737d

SHA256
4e151edebbc4c4507c866c8fcfd940abed69f0330331771fe9a10be7cf8f1d33

SHA512
28092c0282685615512fde74481eb1ced1472dd30126618861cbe94b7a897256b01563f81385ec517807d2012da6aac2f976feff540493b583f32239b2f278e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
9ad669ad1b039a41cf62e85048673e82

SHA1
9c20302f052924e75d828f968fb9ffe22908fe6a

SHA256
0cd4273c438df1f1e6d87c644d58ff842bfae67436a17260df55dcf2ca54ed54

SHA512
0f65b5a10ee12de22b759c3f041a35684f0242e174e024a613f7b7649c75e6268554c65c9237646d6fdd084bd8ae8f6ca1220e32a665cd89c88ed3e669bd850d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a7f44b5f16c83503b6a708a9e3506722

SHA1
b82df609a757e3ac06300cf1c2bb95767663e8b1

SHA256
98b3a9242aa6c467504e416a2f9c61c3a0069532f6ea268bdbd7f962f4519424

SHA512
00962e6b6c09bf476512cee63b33d42864ee4363ccb5dd7355581e950d2f1d12f6f7a537bb02d312bdf49e8801329443cbcaf095592808a68c55b4fdd411c7b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6b15ff3174bd185a278b8ca61f5b5ac0

SHA1
398a281a3f129d9fdf5027d2303183288b51718b

SHA256
8ecbb496df54f9c6e697889c94cb2120a6d478d05a20008ee8f49f994f68b146

SHA512
f7054456dbf377ed1cc66d6bf238bda1b38d12a51f9ee16db287950904f9234fd5fb562bd17931a396a1c9e9d3bcc453110226301d1294b00317b8d87c96b75a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f1b083a9bbc6be8ac6aa20c5e1fcc441

SHA1
c71abb6b280e6c18c6bff6b77c8afc3d31000679

SHA256
44d6bdf901e64675ad2c917837e0319d73ffd2e32c4d3c80b185b595a578f890

SHA512
3f2740df836168a6f4bdae71338daedd921a7632c7c12156735a6463b6850057936e9698fb8ced087bf8a4fe91953e9fe185dce7d6dabafef90742f6fa6f8109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
42d83472b2c3c8f59155f1cf61c0ed4c

SHA1
96b5cf285c0ca5e4e0455c0fbabb6190c7dd9ada

SHA256
d26d240d86557689d6cddfd624b0b0f324bc37bdf92a5f4b437983acfdcb2b10

SHA512
b5420256cd7116bf5f37d4d731f5bd93f1a2530d728fe0cf738ba48f76ffa57e161f74619b25c73fca41b64efb8782ba9c0a118d2537eda9b268d487e20734e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
14845ee67f42d53db84ac555109e4c9e

SHA1
e217cdbb1f0a6adb063b9f94df9aa1f62ab15e22

SHA256
84dfb3eece3631f9011ea182c452ea6eda0072f8f74e537a945da013c14951f3

SHA512
0527b812455bc9d2958c75221ff101d5dfc5292b64c75e12483d9bbcba91073a1e6f29ad6569a62458e051481988b7b97602eec4b650c7ff7bf307a69e1860ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0f65f911ec71ca15d8776284613ad6f9

SHA1
a58684a7c9738f4f5f6e945394a97fe4196d726a

SHA256
a978751fada3cce6af78fe2a184408c7820e549168b8c0c9c69db02ea53c5fc7

SHA512
6d11cea692b647845112dcbf2beb5abd1bd15ca7bb6f6cd193a0813ad3b1fdf9f4a3328d01dba08ffa547b1c64e9619f271e1cd80f5623a2dbd2144b4a5974f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5778aa.TMP

Filesize
48B

MD5
a7328923103ff2925b31963648fc994b

SHA1
943c099dbcb66f9f651429946f3c29f3125500e4

SHA256
b2647a9868882529b992ae5effddcc90d8669fd97de67ce99ecc098234e0217c

SHA512
932f14850ddddb7a40a11b44db4ffcd9d38325275eb57d343603a318e58dd10bcc65d6835a7f92d2da389e8d5409bf3832832b4fb4ea53ee1ee21c0c1dc6415d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
161KB

MD5
e76ea1d04a93ef437959112c33c029f3

SHA1
e3427df33f5cec66e0e83909afd66bd0e0f16514

SHA256
93dce6fa39cc4824ece101bb25a7c79852783f4ec645c370d1b6623e4ac0d276

SHA512
35e57008d50d0dc0e04d83a1506b7d6ff92067f63d569d4cc1d9589a6a427868914d4e71d295bed2c98f1bcebec3b7cda6784a0621b24bee59f29648d8e908bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
161KB

MD5
5d995b4bee8424b87468c9b57a1f789d

SHA1
1bf97a04b32323a37d45e2e244065be04c9f84a1

SHA256
6bdc7851d93ef76740bdb2bc330a8a341b01008573b7770a73ed8e4797ab23c4

SHA512
50da7e4f979990cdbffd1d07628007334d8ab96e8c9576f13fcf0dfd243bdf0609dbf78a4d12033a57ce1e73c392ae10896c34bd8b088a540425f0e10298ff61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
2d994c6a6fd22a84b4b74ea68079ef9f

SHA1
73f44918d272f6924b490be7f06d0452ef81f8e2

SHA256
c5a135454cd109305f5a61bbcc9e494132a9f3d03059a24abf4da247c4b922b4

SHA512
0a513d613612db1fba444b1e9599bb43c39dca72f60416b46938c4cdee97a51eb3660f0aa43edaf10b7db11bf32040c5ec8ad2fc19e96d478dc49ca85f0846ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1ed8efd-d9f3-41e1-9a5d-4adbd6267f34.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4784_377102052\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\TeamViewerQS.exe

Filesize
26.3MB

MD5
43dd6c6f9d79c64ceddaa319fe368848

SHA1
cdcb128bf2b5a4c2178d06f5733a9b230aa6995e

SHA256
eebe1c366c0b98bb52510458df2d694981a0a6a41c3fc7608094995e28c8daff

SHA512
86cf4830dac02ba8c7664bc73775c1476471ea7bbbb8c7768464b28cfa14f6a2bd4493607306d26fd7e614e9cee0bc1098b80a32d957ea14f1e18e4991e887f4

Download Submit
C:\Users\Admin\Downloads\TeamViewerQS.exe

Filesize
26.3MB

MD5
43dd6c6f9d79c64ceddaa319fe368848

SHA1
cdcb128bf2b5a4c2178d06f5733a9b230aa6995e

SHA256
eebe1c366c0b98bb52510458df2d694981a0a6a41c3fc7608094995e28c8daff

SHA512
86cf4830dac02ba8c7664bc73775c1476471ea7bbbb8c7768464b28cfa14f6a2bd4493607306d26fd7e614e9cee0bc1098b80a32d957ea14f1e18e4991e887f4

Download Submit