hxxps://app[.]holded[.]com/portal/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9[.]eyJpYXQiOjE2ODkwNTQ5MDEsImNvbnRhY3RpZCI6IjY0NjM2MDlmMjZkMTc2NzNhMjA3MmJjMiIsImlzcyI6MTY4OTA1NDkwMX0[.]7SYQ1LF947kklF-JloECtmCV8TuwSG7tIVpFdRcmzFs/invoices/6463617d90613ec7e80b1940

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2023, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.holded.com/portal/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2ODkwNTQ5MDEsImNvbnRhY3RpZCI6IjY0NjM2MDlmMjZkMTc2NzNhMjA3MmJjMiIsImlzcyI6MTY4OTA1NDkwMX0.7SYQ1LF947kklF-JloECtmCV8TuwSG7tIVpFdRcmzFs/invoices/6463617d90613ec7e80b1940

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 52 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\app.holded.com\ = "40"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044553"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\DOMStorage\stripe.network	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\stripe.network	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "40"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\m.stripe.network\ = "14"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\holded.com\Total = "40"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\app.holded.com\ = "75"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000052a69338ef97e94eb4d938c2816c6e0d000000000200000000001066000000010000200000003dc6ad60a05a8d5f5dba965e6090c63b0ff5a7f0cdb277c0336da5e80302adea000000000e80000000020000200000007b9178e9ed0e8d4161f848356e8f1e7d124c45885d5590c2235ba333b35d1b3c20000000e0d50fa97f7e0a07c53b94e419f4b9e5645e83b5a0fa3d0fd4fe41f96fef5d4640000000d77e51dc8fe16af90872ea4218e5d15ee9b8b6fdd1fe52d3f39748195e89b30101b719748172d1d0afad6fbd242d8e40ba7ad512df9122e7d7a979dce7e2209a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1820464322"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1820464322"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\m.stripe.network\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "75"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\holded.com\Total = "75"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\holded.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f1c16fc9b3d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "14"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\DOMStorage\m.stripe.network	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\stripe.network\Total = "14"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\stripe.network\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{97D52B89-1FBC-11EE-A95E-4E773A6B0D09} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\DOMStorage\app.holded.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000052a69338ef97e94eb4d938c2816c6e0d00000000020000000000106600000001000020000000dce4249f37193dc3c485d2421cb7c6a3836db2b80e75f9a521498e270b000041000000000e80000000020000200000000086195d02f0cca3a668c1266973620bd98e5dd0a16f7592b1b8d9ab212fdfaa20000000e4a1eaf1dd4f9cff216e3f645656d1a70346dcd0ec700bf051a0442d431365c74000000002423aab1a812aba064b9618193ee8452e023fbd5d305135bbb106a40e95626d9322c2f7b707214390b9f113a8b1c216c2bdbdfb4c7ded28aff7e1c03a9f092b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\DOMStorage\holded.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044553"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c008d36fc9b3d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\stripe.network\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133335341544507790"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1722984668-1829624581-3022101259-1000\{2239F7BF-15E5-459B-A9A2-33215CB36E79}	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
564	chrome.exe
564	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2412	iexplore.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2412	iexplore.exe
2412	iexplore.exe
1720	IEXPLORE.EXE
1720	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 1720	2412	iexplore.exe	85
PID 2412 wrote to memory of 1720	2412	iexplore.exe	85
PID 2412 wrote to memory of 1720	2412	iexplore.exe	85
PID 4480 wrote to memory of 4028	4480	chrome.exe	93
PID 4480 wrote to memory of 4028	4480	chrome.exe	93
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 2012	4480	chrome.exe	95
PID 4480 wrote to memory of 1608	4480	chrome.exe	97
PID 4480 wrote to memory of 1608	4480	chrome.exe	97
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96
PID 4480 wrote to memory of 2708	4480	chrome.exe	96

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://app.holded.com/portal/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2ODkwNTQ5MDEsImNvbnRhY3RpZCI6IjY0NjM2MDlmMjZkMTc2NzNhMjA3MmJjMiIsImlzcyI6MTY4OTA1NDkwMX0.7SYQ1LF947kklF-JloECtmCV8TuwSG7tIVpFdRcmzFs/invoices/6463617d90613ec7e80b1940
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9861a9758,0x7ff9861a9768,0x7ff9861a9778
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:2
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4928 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4768 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3328 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5528 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5636 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5796 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3760 --field-trial-handle=1880,i,8684368192327316070,1537556863307539716,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:564

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
0ef3a1b10df636a4124cba8b5b13aad5

SHA1
9cd45d001c68e0adfc1fcbbfde8b1a74654bdbd8

SHA256
12430392e6d55cb8d4b4c8860ae8babf7c989a38b9ecc4db3aa98a4a7bd8af0b

SHA512
c746f30f602efc59f92f6836e3551d3b329924b6ebbae65dedd90a8bd66ceebe129a42dad815e0c74cfbdae6c30e3ea656da844692b0b46da1f607588a27b079

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
dd99435db635fd74c89739796249c6df

SHA1
bfe8c5b72861a0ca7c1a16e425ec9be4476d8a13

SHA256
8745a95e8e304d85620ac34f7b7e43ebef49347c73c4d52ca240ab961aa5b651

SHA512
fc9f321d5724d727f74403060777e8709172d9539287c2d02b008debe35d52211f2dbe2adfafd5fb52917e05bc2846a8559202d54f9c4ed95e310ab0370a4875

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
1KB

MD5
1eb72fa48f3352ce930bdc42126f67c5

SHA1
d24b0130fab0903eb3ddea69e331b3166caa73b8

SHA256
0a8d44d7ad99ed3d364eb5d6d5f537354ee9c3377c8e56bb4e767cf33f68bb93

SHA512
230c2f365ad659b429398573b6c37f8e2c915d1cf69b187dd7b3144d30e2a3af4eeae8b34871ab691d39518b2738dd45bbd038b4ebc615647588e247cc6973f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
38b56faa57be9a0bf79a8b553bc7769a

SHA1
e4c4b7b7e2cab4fbc80d722effe707ec99765ee3

SHA256
adf1d52ded3e8e9d62e7dd70d6f973aa64df9d48b6ae75c5f8895349753b8cfe

SHA512
15d9e5f5639d0fa4717d6b73a32ee39031a648f4cf833aa5c2d48d968415a8f8375c06dabf413727dd84460020c10896c076041dcfa3922b605b288d374ec8ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
7e1a301dae35f20b4e7343146f358859

SHA1
d3428a4b2d04e2b335567e30cdfda37dcf183953

SHA256
754f3d41b0ebcb10a015e29e8aa2ab131731067859ade3bfaf90574c261d19e9

SHA512
88699c7e0e825fe093e2d19868f706e624e2dc3ae8041d56ecd8decd8477b4296ca50482f1730a44842867f91cdd6588526caf1b637fc3e5069a0d0ee06ea2cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_8CCCAAF453E2BC1BE9F5F49170752275

Filesize
472B

MD5
92f2b1a466286bd215d93eb404558b00

SHA1
f34254c1f642821a3065859abbafce5f80acd4d5

SHA256
b24bdc1596535141f4f424d3cde756ad4dffa461c5cabb808b161fc2cdafd9d5

SHA512
4b8eb6a7e4b450f836c050166767308c722c6bd9e86667c44a619c953d8a6d02001ffa310edffd202a0c1002596a35e58c43b8a172aadd3dcffcd0c024341c5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
471B

MD5
89f01f341d668efe5733c33cb71897db

SHA1
07c378278816aa9d6be348bec564ac8f9abf2319

SHA256
cfb5862d107187a51b243aa571380374634a3d02a730f37e717cd1d1d0f102a0

SHA512
2882b8a529501e12112d97fce9bb2f8f6573f291c7dc87dce9697a11677fd31fd193f5f13bdee24562a3a59a57d1f8f54dcbc2cdc4083ef6d2fbf8609c33f5cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_94E0C54DBFB2FC554B80CE25640AFDE1

Filesize
471B

MD5
bb8cde1e96f3e87a6d9455e36e534323

SHA1
dcc64634fe9ad6725137b95edd376585407d8b80

SHA256
ae2c69d17dfb1484ffd25afc16dbfc86bd21eec8fbface9dce84bd53e188a523

SHA512
033fd4ace6717b03b1b875614378435c6b4d74abecf6ea7bcffb5082e1e9edf7b1bf2631c2dbf565b4351f1bbce78529a393a7bc49d454f16d4522dd1f54ae72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_C147514003969A5579F97B4D7F9F9AB9

Filesize
471B

MD5
8bfec2daa6328f18a08bf4fad236c326

SHA1
a1dd88fded20ee0f39bf0450834b9347474925a6

SHA256
fadaa3f079b9995cb7e032b01aa5e668cb3c9069cda42f1e75e28ce70d1a23bd

SHA512
e2491fd77862a1aed1982d53fb4b837c586788fcc6ece85e0d4ca9a609616e655fffd450c7cfb24de1c313d4279b2122a9864cfe09af864e9368593f2c562c48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
ca50e46e870e6b24506cc1c79c253b8b

SHA1
2b0879c8e2f0733353e01bbee9b95eb96106edcb

SHA256
56a9e6addcfc7a6059708b347ee547cb8bc794611afe613bf7831ba79294be81

SHA512
1add229c4e65f5cfe6cf7c12bd8c8494e3023c018f4358ebf595a96311e3f31ba2e54a310637c5caa1291811ee33e9d6602e7dee10b79569ec3ef1f57f61ad08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
c8d077ccff0ee25cd10cf638d75fa8da

SHA1
d90fe456b3cd73b0365082b4ae04585876ccad06

SHA256
9d1e62fab3983c2b381525902f5909e018f77adf0b1b416646ab2afe78196547

SHA512
8b5b7e5376fa37b092b6a61b0940d4d8e8435f8c666d0be4f785a41a1c4fb80ab6bff71d2d670e46ccbcbfbcde639ce797f87c2c9b64d2c498f092718410aed4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
f6994ac5bdc6143e3d9e7700ea4d964d

SHA1
db0cab0e28e53307e9149d99321025641a6a97d1

SHA256
f92bd389072a0b45cb0f4a289c0b498d03c7d8a7a6f981ec99afd132f5957195

SHA512
555b8a1c087b6d917ecaafbca9846fd99d652c80bb68afcb50525c8c2ac8e8732e2f34dca5233fd2ff232c8838544af86cf6dca745d5d7409cb0dfeda9f1a02f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
de6fbfd722cfe2f1ccbb293fcd9df56a

SHA1
aad78b30ca8dbf1f03b49f88cad246b6a9f125d0

SHA256
cee470c1fddc29934c6c36aa578c22aab01163d96e16e119012086b9455d80e3

SHA512
7df80aec0f647016abc8b3f7ab10ac17850f7a0cec59c02105b7d02958480c476009923328dadbe4c924f187e15af6d7a80efe28b6d5f27e35b1d9ec23eccf1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
04cb8b47bfba1e270f2166bf39dba885

SHA1
c3272a3a55c2e1ee552e25d5c9a96857a110e1ae

SHA256
d704f5f123b89dc99e66c06d2fcc167eeceddc065f37d1787f12ece80196af98

SHA512
5e2df3a7d3dbb8cc1c698a9122901a425b473283345d70c328590691235d9fa076207f1d64a65e7420d2286c14ff67e140f5ab4cba1598ec2e53c51b03ebf567

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
56bb78a674f8f1f6fce31dbd45369a82

SHA1
ad7354a6338b3301b48a25ecd39f83a0b5483a34

SHA256
7344996123a11af4622821eee5bcf096d62374398afaf55772ccf2a8fda15885

SHA512
22e2e91a14214098509730db530f4363d21f3ccbf50eab964e7d2bb5ea0293baa7c864890358504952b06c676f96f56f26aff16eee32ed191df48833b08ee9ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_8CCCAAF453E2BC1BE9F5F49170752275

Filesize
402B

MD5
261779ca14be14e27d45fddf255c083c

SHA1
d701bdcc33a710582db0805a28a9fe93bcca0091

SHA256
61c6c6cc2cfbdb6f8c43acfd4881a9ddfdbf81f61f9763672c2e93c32563099f

SHA512
47b71b8f6eaffd3710790f67a67568cf8cfc82dc64a863969f03c38654de862f30970f194a3f7611abb294ff909cdf4aebf7fca450c7e85b03f6a5cdae089ee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
400B

MD5
03c9ec193be530b960deaaeb42f3a1ea

SHA1
46dd85547754ec5eb0c541c3c68be35d729edff9

SHA256
6f01aad1c4f18eebfce1ab593aab97899047aefbd5de1850e4e2c30fa4f2a089

SHA512
ab31b9a583fb9ea7d1397f4fcd9afa51c1529145ba44c22ed6564606f37351a23b993911971ac3475b607934de73afb86531e32125619f7749e7426cf16fb56e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_94E0C54DBFB2FC554B80CE25640AFDE1

Filesize
414B

MD5
20a91052cfe085658ad53e1a9cfcd8eb

SHA1
c34bc319c4757168c06222fc6e0096f835ec9cc3

SHA256
291656bddeff5965cb06f88c24ca21bb4404606facba865af9c5a83b2cf8e936

SHA512
c6ea6387dde193ff085e2e2077b58053d6aa6e61a46531786439eff3f880bfbb84758b3e93ee8707b78751c5e40317c054f04e0ad1e0276f72925ef5385d385e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_C147514003969A5579F97B4D7F9F9AB9

Filesize
410B

MD5
a108089af29a8a781d1bb66de1402f4b

SHA1
1e50507f09e7009f6febb966f194eec210053ac1

SHA256
3b13c9df00a02f34cc8d56d104df60ae8da155d20f5c8bc75568c4b78c86181d

SHA512
fe18cee18a978c9dc09afb14e7094975415b1b6c0058cde03b9d0b6cdf36a94a8cf19fa2e70407385f1df0414345feab9970d2bf584f10b332abd5307af52a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c3b7c235dbf2cd4bb6f3ff74edacde72

SHA1
92e5addc2f8a9779223888d0b2b7cb1e967f3314

SHA256
faf1789e74dd3f44b0864f2cd3ca0adc2d92eab3708c5a4a3d29d917d7b1985a

SHA512
7cf9871cf262fbd36181fcadc7819b40de8da8dd0ca2681b9eb37025464f3135d420728d7c88ee5104f079116dde1220b7ebbee667338650d24d28e3a396a268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
24207515b4ff49ff3f14c8ed6b07d8d9

SHA1
c0409238c4daa3c90bc4b6b7b430f8298c3a0422

SHA256
7a444d5583460a90cf7e98da64f65e14ee828e958c414b8429193c9b2bbf289b

SHA512
0a2f599ededf70136aa5fc8e54fc9d167b1e37f3e4cd56b517f3e7239346dee0cb51e5de46f3de8aa9973385afb51510a5201f97f65bc8bb7343b86fbf55d8d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
25012138260a15001945f00f308f8615

SHA1
ad8bafb0a1f56de051756acaeb73bb4fdb93322e

SHA256
6b95f687155434fca8067fb0f9c2916a40672b55a950c3cf7d70a1d8b3cf6584

SHA512
e9a9b8977f929d03ce509ab396e094149e9ae70ac85d2cb3150aa56a21184408231a0dce631c719d98b09ff741415353245f74b43c56dbca9ee97e632a7e699f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a64d19087b12b6c281906a270498d08a

SHA1
22ffbad2f748f28c7d2a64d380cfcf9ed559f1f3

SHA256
82dc54151a06ea69417cf41b3c4cac0900f9b94d73b18dea5ad6ffbd06d17395

SHA512
2a67a839fd15ace689d67adcbb767c3dab3bccd1abdcedd8e8cd9c80b4508db3f9864e40ccbf5c2d675e3ca9727dc4e17624f6baad6297ef30b67d768bc8483f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
045ac9933632eb5c3899faa417da6bb8

SHA1
7be80e75e9badbcd0daf3b3311c5dd4bd51d7f92

SHA256
6dfa515a1b2b3b3724f60ff504cb19c8f6a1e33fb6faa6088aca44c3d54eb4d4

SHA512
59be5cb16e8c2384bde5419de85e57e865064faa8e02ec19ae14911b32c19d1762986d9db1f379e3a15ba7b54ad1864db15fffa0a9ccbe20b39fd57f36dd5f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
80ca35aadaabcc175788eeef6766c49a

SHA1
5fb447bfcc6ee319a56ed89f2f179edff4c14c49

SHA256
b7b001cad17d192c2b318424ae51c73e040c30b8cac78db093ce0b9ff076d1eb

SHA512
69da4ae5273ff7a65ce53bfadd8ccc7c807ec2a6e3703a55e672b0cf8e10df5da122a6623f8a7a1b4a457e00d06ee28817bde8067350a95c7211727bc36140f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c77f1923e8bc35e853874d2ba4689899

SHA1
4c2506312ffe92a5614cc560edbcde9c27332748

SHA256
947a5ce2ab2bceb578de3ddcf2e0601bc0531fe0db55ab07e6af158568700d39

SHA512
510e9ed02f328b10d3c664c2822508da03ea5ba8bd93d857884f53672a844d2a669693879bbb4ca4897d298ae869d5e7d54073762b17b6d3be489a76772f89d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
2a59ab90f0d71ecf71f54c197f053ad5

SHA1
1533048bb0c8fb456de057b35e8551dac0243fc3

SHA256
e3598070e8126c187dbaf5f7fb9b2a05c42cd372674393b22dcdb4bba884b9c6

SHA512
65fa36861303f8258c99f7fea140c166f110aa0331d330f2033340946e0a43d8fd20f3d999600a190ab3d722a666a091881d04ffdab5bfe3afceeb9722fe9dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\B10MAXIR\app.holded[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\5amy22j\imagestore.dat

Filesize
4KB

MD5
5fc107c6aa046a857127965e11e0102c

SHA1
577a5e995eb047e86af3f9f11c9accb3f2905f81

SHA256
925662e45fee6863d53c50bbeae01a91dc5e3055844b0a2617a51e68f1b11ea6

SHA512
5dedc627bf5fda82448238026418ddced8abf94efa3a3e25cf152293c49e2af2585237ee726e388756bde63958d215731ca12ba8814ee8fee7bd8754468da05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E3D8ZC6J\v52afc6f149f6479b8c77fa569edb01181681764108816[1].js

Filesize
19KB

MD5
d294b48fb7400508953205265f95d2e1

SHA1
fd545d38241c9c56e81f61e45cd239976ecd0b46

SHA256
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

SHA512
8c6093a43a410180c6358479ced2ade0140f19e7f53f482237a6465548bcdf990517cf053a69a7f2305058d82b35df20fd8bb8db535d81687042868e3c57e50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PQKW7621\holded3_small[1].png

Filesize
4KB

MD5
a24e8358711e67eeb526d702ad981e32

SHA1
f2e78a17b089a8e398148d0be574e4996f9c16b3

SHA256
efc9960b18624eed53efe812993bcf504c354aa60d49540bba30b9507aba7b31

SHA512
3f3da05f017d5d1e9d52e364a9d0230b871a73d68a642a7435bdbde72a59f17c6fc452fb1533bc1cc422976124df4143464bc934435a1516e2d89204ec631191

Download Submit
C:\Users\Admin\AppData\Local\Temp\51179934-d1ff-443f-a148-807609166340.tmp

Filesize
127B

MD5
91f5a14ca42267d71590f5aab88b80b0

SHA1
50d41240078f0f5f652cad48b1e2313d1d20a283

SHA256
0931c3e7c2a30b08f24468122627a051cddf0193d31c55a72ae22fbe6547eaa3

SHA512
00d574c28076fc514478527c5e05d4925e7ad4aecc01749e5b201aabf77aef9a440a6e31dcbca34ed91e042191e856ea151389287ba1b94d4cbb6798e1cf67b9

Download Submit