hxxps://cdn[.]discordapp[.]com/attachments/755890172197077052/1114644069960908850/image[.]png

Analysis

max time kernel
127s
max time network
132s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
28/08/2023, 11:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/755890172197077052/1114644069960908850/image.png

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133376949414893636"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000ecf6374e95add901d3926ff79cadd901d3926ff79cadd90114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1928	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4124	chrome.exe
4124	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4208	OpenWith.exe
5052	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4300	chrome.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 2640	4152	chrome.exe	64
PID 4152 wrote to memory of 2640	4152	chrome.exe	64
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 3124	4152	chrome.exe	75
PID 4152 wrote to memory of 2900	4152	chrome.exe	71
PID 4152 wrote to memory of 2900	4152	chrome.exe	71
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74
PID 4152 wrote to memory of 5060	4152	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/755890172197077052/1114644069960908850/image.png
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc0de89758,0x7ffc0de89768,0x7ffc0de89778
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:2
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4976 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1508 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5884 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=776 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5956 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2032 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5748 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1736 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6048 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6032 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 --field-trial-handle=1744,i,6702719462618272481,6297508889870728327,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4124

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:164

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3868

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:3296
- C:\Windows\system32\dashost.exe
  dashost.exe {cb64117d-1734-4f38-b0bfa5a6608e94e6}
  2⤵
  PID:2836

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4208
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\image.png
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
238KB

MD5
190625249e7409622b8b59d213e8bf9f

SHA1
ac19e47bbdc92b0fa10f7039162fd87c46480e56

SHA256
e6cea4fb7d4bc98748f782fca47285ead84b4024bf54c386d79c8cb00d181112

SHA512
7090a48474761c253240a9edb5a4f3b24cbc021f470a81bbabe7b482c8822ea42f3041f975c84a492cf4f63523042acc4b8f44fac195c6edce1982d61b1ed722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
1.1MB

MD5
28221ef40daefc213c26e8f0e02b76df

SHA1
ab166c3c9d187ad776b7a6c83ea1c8e7903d5a8f

SHA256
b685981c83f5781221239fc04f8cda7e5aba5943a34498167288096da2bedf29

SHA512
47600a0db8bb933d91038ee28ee624165e7c04eae2615d3e2b43a41d3fda2a7e172e717866eb644808f3ac277dbf8453d75d4050d286b16bde420878bd2bf370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
925512d1f2cd731b475ad3f2e9b6ce6c

SHA1
2f7328191e5362c2059c10dd7a7a33292d46c994

SHA256
01a96adaf0aacc15a981c4dc16d71062b827ac4a4927a62ea7b270e87bb8142f

SHA512
b5388a3c708cf1137544250e4ddf9815ffaecaec1bf01abf354382716c4f9a369825c028769811f8e30263628ebac5804549ccbe321f839bacacee6b2b54c1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
594094c4dbaf811704b3ed5ebd389e62

SHA1
1a1c0d2b5415ca044474bacd7101e93cad1f895c

SHA256
754dd8d955c48571ee18f9d96cdb89eeba518f945a0b454c8fe74d530cbbb471

SHA512
defa58175d0f0ad8bba0fe70d2ade8ce5eded23b457783debb681c2b1cb89ada4ba8f3be9f812bb27d6e4cb261bf1cdad60cd5e9252f39d26e385d6a93a652e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f17a041b677fbb7871aed470893789cb

SHA1
2a83125d979b61a62d39bc2e4866dd86e7f513df

SHA256
b374381aa969a208c63953ce85eede1dbf294799fc7e83f821faf5f713b4028e

SHA512
e57743b48e74121275f120282b23bc49250c1e1525c95d12942d7fba64fa65c113aee0ed4fdd98d80f562b810a30e698ec8fc1773beeddcec1475c2e12ddfa77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c9118e7e0e242d1816ecfdf3b3451c6f

SHA1
19fc63673b8c6162b0e308bc6d3679d3992d5856

SHA256
9fb5585ea1ebb59cbf0e3c54b3270d3bad26e1e52a66f5dd22d3066db42c9f6f

SHA512
0e7270d46d08951f422f91450e0b8acc88386024fcdf7ddcd51e4e856d43341c933d0160f0a0fa93be117ea8e032aa6727ba4efa34ecac8e7b14f5acf8f4ffcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
70db41b639a63b11bf54dbce0c8cc471

SHA1
523d168d29fde43586d770f25c432c62c923b5db

SHA256
4b03675787c39edec7181b96bb5646b90bea41772eec3754a712b5e30ca3a3f3

SHA512
4dd45c787b01825a532ca3de3a3394d6a66279d8fbcff1454e0daeeed9d15ebb7a91e54cfba360429ec78c7ee363ea614a99113fc3ade1be5ba8caa4686d8737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eb3990f185bfdd3930c5e764b81db627

SHA1
1eb0b530a346e65c390b1581340e7cdb8e06f5c4

SHA256
7436e7d97cd3affcc44ceb82d438a3d64ec7d5b469390cc8b3d2297348a223cd

SHA512
7285dc71c58d149da7f65b4cfe6a4b50d7c3735daf725ce18e9ce8933b5ae5e22e4fa60d2491d601cc3499ed82561a0469fd4e9fdceab76e6afdb828fa28c1e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7d908b64dac0b9102fe16c4d1ad6790a

SHA1
eb17c193b2c78b60cdae80a183fa8b1ff9975ee9

SHA256
7ecc7a185884d7c154d6859fbc9195778dee759f7c79e4a9c0a13682861510fe

SHA512
764c249977a456d43bbd820c1c8737c83089a59b7359e7aa5076e66466013196daae7bed3235d9f6e61a18a5b0d5524939fc40c72587e589981cefb956c87f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fddc54b6a9e052c7505105bb6752a29f

SHA1
b5b6dc1ee1a64a7686e27d65b8d551c86bb0f639

SHA256
fef542a9a0c9d668e9a338e4432f03f795fce7c4928da2f78853c2186070946e

SHA512
d5ed0009f837a7a840102e5d7423cbf152ea93ab8ea3b83b326d3f2a9cb6d125efe3e70753a6d61c5418aee22462330e3d4bb4407704c22fc246da7d593e3be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
87264f4af84c09a7c43ec6bccef16468

SHA1
2f7727c4d98063ea058b9b5f7e565eff55469a82

SHA256
82fbe616f8e6e0257163c4f387b68e810e1f4972b5ba0894762f43e1410eb57b

SHA512
e2a529b3b1e24ad8be05bdf16277fd2c49a7939f7f7a7b8c0a404b8024c82439842f7f90748542e5fa2c298eb221e8b5e6dc40724a696f98dbce2b25fa142ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9f782755a82bc81a5c27aca2ae2ff4b1

SHA1
b6f32d6ee3d76c61d452d331af9bf479d6a7e5fa

SHA256
15846a1ec7ba2e717a58528c86a73734dcf394d0406dc67d178f8cf52df6bb80

SHA512
dc2aeefefb811235235d1723d093b771908de60e223ce0644d27fb7eed6cdc1e749e1c9f91b984d1d79c9e88fc4e72c39dafbf3ce95f328aec91fc12c9b445d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59621b.TMP

Filesize
48B

MD5
514743d9670b8569b1bdffd33cd95e3d

SHA1
a40088b974e79678c0d0236f36aaab533db1742f

SHA256
52b83c63abbda0ffd9f703b7326d110d12b930dce055a6e3896bbd5bf69c827f

SHA512
a1d4062ac8b9e6a65ba1d393db26c046a21e564e1844297b9d56af4ff176bc739bc6e535a7a9906b9bf7736dc956233bd36927ef5838c3f4c42db10ff4d12bd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
08ddaf5aeb77a30d080775f669501428

SHA1
6b991cc4e1cafa2ff99944fe7ba4ebc9f9b2d5e8

SHA256
e1cae393b889b593f7ba9338bde03cefacaa676c5715b657c79105c6ab52e786

SHA512
adeeafc318eed5197596bbfd0095e208fe5df7ec1039eb1872c557f45682c8387b1ed0d2a46738a288a1337584e7827f0b47d0f5326e857c074c1d915dd4a575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
008d623d70ab261a0cc17f822d510dc1

SHA1
58f8ebe4906a55f0f67da5f617f0862d556ec693

SHA256
57a974151ef75f2a126108941d60eb2bbb17839d84fe48fbb98b4dbe695c4e9a

SHA512
1a3dbfa3693d2ea3c31ce4bbfce067b9dc3a2ed19a36f5328916ca1d139087e480cb9f676489fb381ab988c253e85e12368601e09cbd356181fd0856fb59400c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
a76c108ca774a2d2b403c685024f9a8d

SHA1
aaf9ab6f525be9ebd49061153c3e3de734c39e82

SHA256
e827801c60fa25dbf411fabc909a22323b58bb2be1211f42e2a549c38a8dbb0a

SHA512
4301c66cca494cf3c8de5a8fc56bd85ea3bbf331cde6d2853191bd9ea3bb921cc213cb8d432781732bd35568d00151e67b0a91665c22b81751b441c1eed58537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
9ae2d440f5acbaef0026734bcf19cd56

SHA1
03246f0abbe1ae8217c8c8a6d9b840c689a3cce3

SHA256
df040b801d576f70a7ec411772afe6d9c3ca00be6a9bc993a26a687340caec59

SHA512
d8c65e48c112c2ac8be12788db428cce7510526dfc8c6f223cbd0848d4ff1dd5219ee5eb3f2b4de530111a528e0e80d0a1d7c05f846e123201dfaf86f111b9d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584ddd.TMP

Filesize
98KB

MD5
f14b936488efacdbd2b664892de0e2cf

SHA1
2a8c352411075c763660249f8096655d2afbedbf

SHA256
efc4bfeef3e54b8221b9ba45ca32d92241a2afde1bf87fd34e2ce0b6d84ed5a6

SHA512
27d306bee13e00631c837ccfcbf834463950a36d04e8ec6bb50f17d5eb17c7ba9fce57a525329008eba1c96b4bf711d3b41ee2b7d7d03eb007e20a465a0a8245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d9f0ee30-a865-486a-b75f-b6307b1746ec.tmp

Filesize
109KB

MD5
b3a454873d6acfbf10009887cac04097

SHA1
39c96fa8f347f5ac5cc0a9d4df93c53086734f05

SHA256
627347a6b8a31100321fb191e9e170628f2cbea933041b5e06b818c68a6d92b1

SHA512
5bae27407b7a48fd8420db614afcbfdda4c77148a51ee20b599bc1ebbaf5a8464259552cad6a0b16c308d166505321f3dbe2e05a73507df91ece4fbd901b61d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
3180ed92acfb353738617b0be586ac09

SHA1
93b546ed99d7336ffb26507f232d8d61a9558e46

SHA256
8d34d3d00ef586bdccad70181eacf941230cd054f0e849102715fcaf1845c8d5

SHA512
e9165ac46817f71140a0004e24f4616926c9d88e5ab04f3266bae647e3f8f07e1ef8da070c3447626b33aa601513c768a98a7cc0ce575985658259f1eea59a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
e85f6756699082198cda48aa8b403074

SHA1
5569ac9b73c50639dfdb1207ebf82ed7244ff462

SHA256
1fc359e74e108b21da803be39a6d3fbb846efded2d5068e96f7a788804b31ea3

SHA512
3a1d650d54f8089b1855a2acc6ce98b327d44e82b414bffb1b568de806745bc84d04b01ffe3e52569422dbceb52f640315da95dcd29bddba38c88e7ba699dce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
75bcc152293e06f72f079f0efe67936e

SHA1
65e145c46680d53b179150560836478c79e242b6

SHA256
9760d7aa5956fee529cebc1f4fb995437401aa1779fcec6360cae38a0cf0e926

SHA512
b88e96f4e5467aec44c964b2aed0e03f4b7c3aab23e0cccdd2f1c7a203af6526c66015dcf0cffeb6f2f1838af1c68f4587f3d95a17360c99aff52563b87ba2a9

Download Submit
C:\Users\Admin\Downloads\image.png

Filesize
238KB

MD5
190625249e7409622b8b59d213e8bf9f

SHA1
ac19e47bbdc92b0fa10f7039162fd87c46480e56

SHA256
e6cea4fb7d4bc98748f782fca47285ead84b4024bf54c386d79c8cb00d181112

SHA512
7090a48474761c253240a9edb5a4f3b24cbc021f470a81bbabe7b482c8822ea42f3041f975c84a492cf4f63523042acc4b8f44fac195c6edce1982d61b1ed722

Download Submit