hxxps://www[.]youtube[.]com/watch?v=0Ghtmx9fSfA

Resubmissions

01/09/2023, 22:57

230901-2xpf9sae74 1

01/09/2023, 22:41

230901-2l8qrsac3s 8

01/09/2023, 22:32

230901-2gfjesac2x 10

Analysis

max time kernel
127s
max time network
130s
platform
windows10-1703_x64
resource
win10-20230831-en
resource tags

arch:x64arch:x86image:win10-20230831-enlocale:en-usos:windows10-1703-x64system
submitted
01/09/2023, 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=0Ghtmx9fSfA

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\hardware\description\system\centralProcessor\1	iptools.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	iptools.exe
Key opened	\REGISTRY\MACHINE\hardware\description\system\centralProcessor\2	iptools.exe
Key opened	\REGISTRY\MACHINE\hardware\description\system\centralProcessor\0	iptools.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	iptools.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133380826960861929"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{784EC5AA-306A-4FAD-9FC5-3682722557E3}\LocalServer32\ = "C:\\Users\\Admin\\Desktop\\iptools.exe"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{86888426-A54F-431D-A5CB-7D5D234FB038}\ = "Stdin Object"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DB87CC65-C821-4031-95A2-E66F9DCBE708}\ProxyStubClsid32	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B0363F1-1331-42A3-B0AC-27FCE83BD58C}\TypeLib\ = "{FF624455-807A-4002-ABB5-5E2EB73EFBC0}"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80372D36-A484-4A8D-8109-873118F47462}\ProgID\ = "Project1.arguments"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{784EC5AA-306A-4FAD-9FC5-3682722557E3}	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D2DDB5-AEB3-4602-9C06-6942A4E66EE5}\TypeLib\ = "{FF624455-807A-4002-ABB5-5E2EB73EFBC0}"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4CFC7256-C78B-4639-A782-D1C613B41D4B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FF624455-807A-4002-ABB5-5E2EB73EFBC0}\1.1\FLAGS\ = "0"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB87CC65-C821-4031-95A2-E66F9DCBE708}\ = "Iwscript"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE636E97-0992-42B1-8244-C44BD530EB0A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6487BF45-80A6-4EAE-9D2D-D62AA7CE5BA8}	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4D2DDB5-AEB3-4602-9C06-6942A4E66EE5}	iptools.exe
Key created	\REGISTRY\USER\S-1-5-21-3276121886-2679590765-2932751581-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FF624455-807A-4002-ABB5-5E2EB73EFBC0}\1.1\HELPDIR	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB87CC65-C821-4031-95A2-E66F9DCBE708}\TypeLib\Version = "1.1"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE636E97-0992-42B1-8244-C44BD530EB0A}	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80372D36-A484-4A8D-8109-873118F47462}\LocalServer32	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4CFC7256-C78B-4639-A782-D1C613B41D4B}\TypeLib\ = "{FF624455-807A-4002-ABB5-5E2EB73EFBC0}"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B0363F1-1331-42A3-B0AC-27FCE83BD58C}	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80372D36-A484-4A8D-8109-873118F47462}	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80372D36-A484-4A8D-8109-873118F47462}\ = "arguments Object"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FF624455-807A-4002-ABB5-5E2EB73EFBC0}\1.1\0\win32\ = "C:\\Users\\Admin\\Desktop\\iptools.exe"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6487BF45-80A6-4EAE-9D2D-D62AA7CE5BA8}\TypeLib	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6487BF45-80A6-4EAE-9D2D-D62AA7CE5BA8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4CFC7256-C78B-4639-A782-D1C613B41D4B}\TypeLib\ = "{FF624455-807A-4002-ABB5-5E2EB73EFBC0}"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE636E97-0992-42B1-8244-C44BD530EB0A}\TypeLib\ = "{FF624455-807A-4002-ABB5-5E2EB73EFBC0}"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{784EC5AA-306A-4FAD-9FC5-3682722557E3}\Version\ = "1.1"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{86888426-A54F-431D-A5CB-7D5D234FB038}\LocalServer32\ = "C:\\Users\\Admin\\Desktop\\iptools.exe"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Project1.stdout	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Project1.wscript\ = "wscript Object"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B0363F1-1331-42A3-B0AC-27FCE83BD58C}\ProgID	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Project1.arguments\ = "arguments Object"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB87CC65-C821-4031-95A2-E66F9DCBE708}\TypeLib\ = "{FF624455-807A-4002-ABB5-5E2EB73EFBC0}"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B0363F1-1331-42A3-B0AC-27FCE83BD58C}\LocalServer32\ = "C:\\Users\\Admin\\Desktop\\iptools.exe"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80372D36-A484-4A8D-8109-873118F47462}\LocalServer32\ = "C:\\Users\\Admin\\Desktop\\iptools.exe"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Project1.Stdin	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB87CC65-C821-4031-95A2-E66F9DCBE708}\ProxyStubClsid32	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4CFC7256-C78B-4639-A782-D1C613B41D4B}\ = "IArgumentCollection"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80372D36-A484-4A8D-8109-873118F47462}\TypeLib\ = "{FF624455-807A-4002-ABB5-5E2EB73EFBC0}"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DB87CC65-C821-4031-95A2-E66F9DCBE708}	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4CFC7256-C78B-4639-A782-D1C613B41D4B}\TypeLib	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Project1.stdout\Clsid\ = "{784EC5AA-306A-4FAD-9FC5-3682722557E3}"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6487BF45-80A6-4EAE-9D2D-D62AA7CE5BA8}	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6487BF45-80A6-4EAE-9D2D-D62AA7CE5BA8}\ProxyStubClsid32	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4D2DDB5-AEB3-4602-9C06-6942A4E66EE5}\TypeLib\Version = "1.1"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D2DDB5-AEB3-4602-9C06-6942A4E66EE5}	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DB87CC65-C821-4031-95A2-E66F9DCBE708}\TypeLib\ = "{FF624455-807A-4002-ABB5-5E2EB73EFBC0}"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE636E97-0992-42B1-8244-C44BD530EB0A}\TypeLib	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6487BF45-80A6-4EAE-9D2D-D62AA7CE5BA8}\ProxyStubClsid32	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6487BF45-80A6-4EAE-9D2D-D62AA7CE5BA8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B0363F1-1331-42A3-B0AC-27FCE83BD58C}\ = "wscript Object"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80372D36-A484-4A8D-8109-873118F47462}\Version\ = "1.1"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{86888426-A54F-431D-A5CB-7D5D234FB038}\Version\ = "1.1"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6487BF45-80A6-4EAE-9D2D-D62AA7CE5BA8}\TypeLib\ = "{FF624455-807A-4002-ABB5-5E2EB73EFBC0}"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4CFC7256-C78B-4639-A782-D1C613B41D4B}\TypeLib\Version = "1.1"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Project1.stdout\Clsid	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{86888426-A54F-431D-A5CB-7D5D234FB038}\LocalServer32	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DB87CC65-C821-4031-95A2-E66F9DCBE708}\TypeLib\Version = "1.1"	iptools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE636E97-0992-42B1-8244-C44BD530EB0A}\TypeLib	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D2DDB5-AEB3-4602-9C06-6942A4E66EE5}\TypeLib\Version = "1.1"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FF624455-807A-4002-ABB5-5E2EB73EFBC0}\1.1\HELPDIR\ = "C:\\Users\\Admin\\Desktop\\"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Project1.wscript\Clsid\ = "{6B0363F1-1331-42A3-B0AC-27FCE83BD58C}"	iptools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{784EC5AA-306A-4FAD-9FC5-3682722557E3}\ProgID\ = "Project1.stdout"	iptools.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
2932	chrome.exe
2932	chrome.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe
1300	iptools.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1300	iptools.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: 33	4248	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4248	AUDIODG.EXE
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1300	iptools.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1300	iptools.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 5064	1204	chrome.exe	70
PID 1204 wrote to memory of 5064	1204	chrome.exe	70
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 4904	1204	chrome.exe	73
PID 1204 wrote to memory of 3856	1204	chrome.exe	72
PID 1204 wrote to memory of 3856	1204	chrome.exe	72
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74
PID 1204 wrote to memory of 1916	1204	chrome.exe	74

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/watch?v=0Ghtmx9fSfA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8c25f9758,0x7ff8c25f9768,0x7ff8c25f9778
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:2
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4412 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2988 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4776 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5420 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5668 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5792 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6116 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5972 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5204 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6364 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5212 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4944 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6620 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5044 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6940 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5036 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 --field-trial-handle=1764,i,2613868711721168955,14528547214352850017,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4248

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2288

C:\Users\Admin\Desktop\iptools.exe
"C:\Users\Admin\Desktop\iptools.exe"
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cc645a4e8544a1d5ffcfa42049490264

SHA1
34de26ab1880c9fa5067bdfa66930cb1574d7f00

SHA256
6ca08be1f7990aea17ceb7f49150eca8b50329b6791876447ff41135b6ab94f2

SHA512
4931d0a0e801dd895a5da25354cfd04f0af150bc28be60c25704304f435d1b14147a447abfd3c20548b6c83ab2a65cec8211e7832ccbfafd29df84286ffac3d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6c93f6adad3977efeb249fab50a58acb

SHA1
f0f935fc6b04906f1e28ed97bd820952523a0aaf

SHA256
6cdeb6012e16ea50ce01f427936965ff4057c5e324bb30fe93126a696948c125

SHA512
28b51b2b5ca2b702ccaf79b2da38308df6232f9f9587230aeb883043ed6c1807fc4de5d8f667920de0c6256ddcdf9789057f36b0364594f61acfac0af0a50fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
209df12e928e2f2fe98e2a5a87af56db

SHA1
3eabf38fc17cae8073768976ec9bc224ddfa4e33

SHA256
8a4d927b680b25aa5862b2db68eecd78367862ba305a3ef92c04dc1c76287a54

SHA512
72648f189df908a932669ba484325225036e97bc2d854b869946e1159dc145683a14a6e4a5a796afb0125115ffc6d54cb5a70dc7437bef3781b5e48d951d0c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
435bbfc1aab1f36e667c77739ec68076

SHA1
cb71804be190336922e36f9e77e16441e98ab19a

SHA256
13a8ef4b3719cd942938d20febdca52077fdcc009fbfa6837eca7ec3e041129f

SHA512
66fee0655f137817a4437120b84f7380b18d577b8f023966ab81dad7fe7b2b67015c1ae0722faa761500a05a0d701073b98b5fefc3222a1f5fb03016c0dd61d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a91aadce0beb81a9dd9370d3a7ea177a

SHA1
9074f4b905d7da92d80873c7a3437caec8573196

SHA256
2983a28f9e3c49748146b62b86fbc5effb69f979efdd5865f8d420b6d7255ecb

SHA512
cbf3baf3435eabadfb2411452f520f8bee332a488f47f2cf7cef17ff3ba7532a2d008a6c45eaa37a4ab8c71ae1c30039094daf762db322b61d576bb91b5bb491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7a8ffab7ec33427b59cae7b6e3a28fef

SHA1
ed492b49034ebe41576f8e862017294efd832948

SHA256
4959c0eab2a7f216359cf560b1fa87cc96d318937a02aded7d8f1439bb3de2dc

SHA512
6ce190612035feb52d2531d32b92e9f9b573b5d5e3e9fe9ea2f36c9eb4a69c33b16eca1f3eda3bd46f897241667101a70db31b07eb10c890e390b1feb28cc4fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c8977ba6e41e356a89907a0a850179d3

SHA1
4b70d9f225e0f8a4a6aedf807c09ee329b6e603b

SHA256
9d352cd2efe2aa4b2c624a7399218a2c7102e11855e7e4cd6aefbe46920dad13

SHA512
8976cbac96d31846f916d5b7c79eac54b20a1c09870df443d053ee8895c36c491f2a03090c147afb9fe606406324c241a30b09d85ca324eeb8422b087a66188c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c0960e77703bbdc03edd453eaf5f8170

SHA1
021dcca5ea6ace047778d75e52683bc0fd417818

SHA256
36a9529745dbc2dca32dcf1ae063444865bc6eca357640916862f70f74e176a2

SHA512
41e7d856a2e028912308a7a08a06a153b34617c814eb6af240ab39739d93459d6134c621d95deb483fcc2abdb9b22b91c26a432d3723f898ff4675af2b68da6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
735a34ffc25565ab4ae62daf3afe299f

SHA1
33f0c138b9041e5aac92ec2b3492584f54b71639

SHA256
cbeef6fd5a36d4361bae3d8aad67ebe196bd9539dfc33ed1518289a54be7fb94

SHA512
05aadaf818b21826ee677b49b05ba967e2377a0f920db0604fc13677d4e1ba20fa719216af8d9e3f09b28992bccbe90640097ae88c21d3bf35e6aad209501ea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb50cb28fca08e4c1e8bec45a6eb351e

SHA1
5147bb5479f6c81cccd617fefd6cd4fa977a69d1

SHA256
a52e98abe191d8bc59a4dbeaf828bd2d95b744d95ad743c8405dc400cd92c4ed

SHA512
47cd389602d962a82185cc42a60019a75461c83d3eeeff84ed17acb52083283d03ccbcc883531a44f52e0e31ba040d252f331a4b4ec7178744599c4d58da8f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ed797952a6506d374442dceca7282917

SHA1
7b5c2c9d9f707ddbdb9c2efdc1f8b0ebaa17c649

SHA256
30d22703eb41123a23786aad7a62e095ea26fa050a77f7eff794d4cb51649c02

SHA512
b419526cd0797a8f1b430c5b5f7710f0d93a39db9a0fb2da980156e38fb073b1883caf1c53c26a66e9966a339f1e75dbeddc96e6791442e99ec2b98b793bceb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bf5aa6ceaeed86f1016c3a9c653d5094

SHA1
6dd5ce62f42f3326c7c19c9cbd957b900ead0094

SHA256
cfac3741edd211a4154be3861d88cf5ccce436c794e2c84d4de3926314d9aff7

SHA512
fed5c3808520b77d0c2d73e89a70649239f4de95c52c7754549c078cebc1311701f6aa0281c1a941a18c9461c3e7a2279d9180eb206b99d4997a95dbfb94d761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0e8958fe-0fb1-4c04-b6c7-8a074800eb92\index-dir\the-real-index

Filesize
2KB

MD5
182cbf22ca4d2f7336538788cce2c719

SHA1
7ae02ed03165b1a119ba4aa4cc1a8af4fde6dd4e

SHA256
1a0d3bc28cd5df2b991c7d07d41688c6cdafb24f3a52de78dc12d319f64db2a3

SHA512
ca6082dcbd7cd647453efd1dfe26645427a504bc44d2d2849a05a35589fadd3964705d95cef9b4349ace00a27d552439cfd61d95ce2bd6b008887cadf164221c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0e8958fe-0fb1-4c04-b6c7-8a074800eb92\index-dir\the-real-index~RFe581af5.TMP

Filesize
48B

MD5
cceb6982a1ae6f699fd90b02a0bdb744

SHA1
c58547d6958f0f91298466c90f814e7a77ff12fb

SHA256
161c698dda7d4396bcb97f875f3619f1b3a2c313d3e62582a57571f8f8ccb57f

SHA512
74c79304ffeb42c1068dea69fabdefa52ae64719ecfa4f37545f3d3f32fd9e6b8de2b1e29b20dd504d43df3ef93c256f2304bb39445c9bf3a816237dbb2fac2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c7b24f4e-bdde-4612-abb8-7664178c7b89\index-dir\the-real-index

Filesize
624B

MD5
753c96223709a2203b184b1f3bce7faa

SHA1
88bc60dca23864d36b5ad87c42f306763f28d256

SHA256
2b607226c1ccb148da541b822196dac3fbff7af9a71f34bc9a5eae7285208db3

SHA512
4f3592aaf111418468db308d95aa4700acaec429e2e36014db4f73b4f744c0eba6e5e198e8d809c2b4b34517ae3143e7c52be611e66c140fb106fd22104c93d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c7b24f4e-bdde-4612-abb8-7664178c7b89\index-dir\the-real-index~RFe5825a4.TMP

Filesize
48B

MD5
ea2d28f405d12e6b1c7b6fe163669d5a

SHA1
cf0a337bf40f924a2a716b01850aefa36bc9b5c6

SHA256
13980c1b45a3735e9af57350893fb7600c133f486a8f06bfe01275d3acdfbcf0

SHA512
e1c86331d200b1542698215c5de9fb040b4f0f85a34032fc457de7ce154e2038c3ecf0425112b40da3cffdd0a07dbd0e84765bf940dc21783497b2ee79a74bd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
17f5030e29d55b32b3933dea491e5b66

SHA1
5eb8e0890db15f621aa026f19bbd680496ae3619

SHA256
fa7581395da4526d6d621a5beed1b0084a88b12b76c59637339c0460ad6bfd33

SHA512
e60d40ec6428f1837d505bd4a682df787cf33a5eab13fbbafb71d5aeb5813d1ea1af2b69a955cd09d404fc4940caf58fa6c0206493e5d8705935c191e512a809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
ab434d8899bbb21bdc0dc2f79b5379c3

SHA1
192cd60a112c7bf8069c0f396fc40532db8129fc

SHA256
a63ba1f49b6537a4197f47709fca2838c8bdbd7d4dbdf3e167380dc10aab13de

SHA512
567511ffb4bb2a9c4ffd7aa67f1e89f6fe0aafc2c4c4641797820046cd442474c80efdc6a15baffba94d242f3a908a41423e267e86dfd2ff14674edc3ad4dcdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
925e21f8854e1d1f9678896d8bc8eb5a

SHA1
484fbbe8fd12103c6f077c426ad82d63fbaefcb5

SHA256
7920498533b08018113ce1a6b6bf95c2241108810893681caa5d0ed83f8d037c

SHA512
2c6291da598989e099bbed3db5ef85923a14688533bf83a6f8616d95b09bc99dafb75c0a93248844392576a9b5e4f049c7acaf68bc4a5a7370d7db29c6769591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
4fa77ac5a0dedcc5d39e6fe587333ba8

SHA1
8b70fa91320c25dfe7607e5ccd6a72b42ee113b4

SHA256
058585f9d5d9f1c102e6d234faf98dcc5e13b4e86debddd7e01f8673873323a2

SHA512
380bc3d2e6e4c0eab1f5c3e74e8b61c6a72e945f9f8891519981983fba89cb35ba21bd77e2e5cce3d9cff04ae39f275ad9916fd57a21f2bea2c47e112d599f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b873.TMP

Filesize
119B

MD5
863badbe62092dca25755f8419e509dd

SHA1
c3699c24f59f961d0d735e1ac2ad9e311270c1a3

SHA256
2bbf3bbc59cfd7cf0b15d666fcfe13f0123972a17f1479d14f17f7bcc28716af

SHA512
75ccc31e9a82dd8140ff036687d262991735b10c874fd4fa41203d083452c4f9e56b7bf0ebd7760886afd596ebc93ebcdcfaf78b855f4ffcbd984494a3839460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
b86ff557d577943243195efc08d2114d

SHA1
e03f33598f4992ac7b8284698846eb32c4bd3adc

SHA256
e8073a4cc584354be24ad5e3507d8c978327ebec0e8c4aa9547c2d360cedd785

SHA512
3a74013519448159d51a36b9da2366ba7ec83983657b1d36d6f5144c5f832fd063b8f21839b728be829fc0ebe306929e996d19b3313f9808443eda89b21c1c77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5834b7.TMP

Filesize
48B

MD5
bc41afdea4ce9b477b4bf820d6f89471

SHA1
055f8c1b7e8cf241bafbf4d92aedcdbf715dfb8c

SHA256
6b3f5f58f9b319dd4043090e641f7c2d109dd549fd787ec89a3ac962de6d5221

SHA512
ca90c7af5cb65aa572dad08372c95a9962ea343de0cb2031ae1163fbb9cda52d45043156ba50aa7874cd1ccfb017fc6cfb5763c9e59b83df84a19ae972731680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
9fb51303adcfda87ddeba8981ad333cd

SHA1
412ef1f57e69fbded0f5519978fbba9b0434f86c

SHA256
31a3a30928605c8076ba354632d55b5bec7d21e85e19cfab2269c3655f51ad7a

SHA512
af58b3f5b20c4be6ed60f768bbbb6cdc950629b8897723df3a6d30ce151172a935cfe210e98c22e55e760f73b812d77ac1d99cd14c74d7b71368361fe14b2378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
c7f2930638211807515035154645c3a7

SHA1
57c5afc958c1deada36c3fa61ffc899e0ba91c32

SHA256
c31bd13dc8b1698ad88b7a1d56bb104768f3fde2a2a342efb3b99a0e2b5cc4bf

SHA512
44b0467fff6113ce36c1e568b9e893a1247afde8eff163e7c01fba9a531c78c7d0e6707cdf145dc2026a3515f3a1381dbcd0d519dac1c75a5594757b6b14ac68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c7e212cb-722e-4f84-b8af-a49c5ddf3cf3.tmp

Filesize
97KB

MD5
876585b9af200fbbe4ad1247e548182b

SHA1
7154abe7c053f199f44cccc2eda729405240bb39

SHA256
2fdc05cfb7d0a78d8a079979d8294c37a7ee07b71738389d6f74cb3b9a16369e

SHA512
eb2f2322d6547a80dea3a1bf5d3590524abd8581fab4b323ac0cb7de9fcde0b13833d685d416ae1a01ca5c26cb99b92f7749d464fd35ba73d3b8196233f8cc21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\sniffer.zip

Filesize
7.4MB

MD5
47bf4b13e8791c5667a926697c1dbf87

SHA1
e67e4847fa9f50d13ce4dc49e478fe0a8ad73854

SHA256
34810c3dd4c4cca403173ba9b1c25be9e694d91977882ebb7da567b74109cdaf

SHA512
3d5ee99c676958ac7f9090fc8055c1f4fd9c9d2dca6288e508f287ad2a429c12c9a9dd7ff328a0be838cb45b0faa17f53e148854b3d7e59aa235347b473f7ee1

Download Submit
memory/1300-893-0x0000000000400000-0x0000000000A8E000-memory.dmp

Filesize
6.6MB

Download
memory/1300-878-0x0000000000400000-0x0000000000A8E000-memory.dmp

Filesize
6.6MB

Download
memory/1300-975-0x0000000000400000-0x0000000000A8E000-memory.dmp

Filesize
6.6MB

Download
memory/1300-875-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/1300-874-0x0000000000400000-0x0000000000A8E000-memory.dmp

Filesize
6.6MB

Download
memory/1300-996-0x0000000000400000-0x0000000000A8E000-memory.dmp

Filesize
6.6MB

Download
memory/1300-859-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/1300-1006-0x0000000000400000-0x0000000000A8E000-memory.dmp

Filesize
6.6MB

Download
memory/1300-1007-0x0000000000F40000-0x0000000000F41000-memory.dmp

Filesize
4KB

Download
memory/1300-1008-0x0000000000400000-0x0000000000A8E000-memory.dmp

Filesize
6.6MB

Download
memory/1300-1011-0x0000000000400000-0x0000000000A8E000-memory.dmp

Filesize
6.6MB

Download