hxxp://google[.]com

Resubmissions

17-09-2023 13:17

230917-qjr5fsaf3x 1

17-09-2023 13:14

230917-qg5mrsaf2w 8

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2023 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

microsoft persistence phishing

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\Drivers\PROCMON24.SYS	Procmon64.exe
File created	C:\Windows\system32\Drivers\PROCMON24.SYS	Procmon64.exe

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PROCMON24\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\PROCMON24.SYS"	Procmon64.exe

Executes dropped EXE 2 IoCs

pid	Process
5048	tcpview64.exe
212	Procmon64.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	tcpview64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	tcpview64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133394301102164136"	chrome.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\ProcMon.Logfile.1\DefaultIcon	Procmon64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\ProcMon.Logfile.1\DefaultIcon\ = "\"C:\\Users\\Admin\\Downloads\\ProcessMonitor\\Procmon64.exe\",0"	Procmon64.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\ProcMon.Logfile.1	Procmon64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\ProcMon.Logfile.1\ = "ProcMon Log File"	Procmon64.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\ProcMon.Logfile.1\shell	Procmon64.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\ProcMon.Logfile.1\shell\open	Procmon64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\ProcMon.Logfile.1\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\ProcessMonitor\\Procmon64.exe\" /OpenLog \"%1\""	Procmon64.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.PML	Procmon64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.PML\ = "ProcMon.Logfile.1"	Procmon64.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\ProcMon.Logfile.1\shell\open\command	Procmon64.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1580	chrome.exe
1580	chrome.exe
1468	chrome.exe
1468	chrome.exe
5048	tcpview64.exe
5048	tcpview64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1132	7zFM.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
212	Procmon64.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1132	7zFM.exe
4424	7zFM.exe
920	7zG.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
3144	7zG.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
4908	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5048	tcpview64.exe
5048	tcpview64.exe
212	Procmon64.exe
212	Procmon64.exe
212	Procmon64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 1576	1580	chrome.exe	85
PID 1580 wrote to memory of 1576	1580	chrome.exe	85
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 3220	1580	chrome.exe	87
PID 1580 wrote to memory of 1700	1580	chrome.exe	88
PID 1580 wrote to memory of 1700	1580	chrome.exe	88
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89
PID 1580 wrote to memory of 536	1580	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa95a9758,0x7ffaa95a9768,0x7ffaa95a9778
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:2
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4840 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3688 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4828 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5084 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4544 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6128 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5332 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3876 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5972 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6424 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6732 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5840 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5152 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6088 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1820,i,15751745422021614410,18239587831909200770,131072 /prefetch:8
  2⤵
  PID:4312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2380

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\f7ea23624ff9f805903ce10cd0bbeab9795b6610f28edc15b5d235ed339101d5.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1132

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\f7ea23624ff9f805903ce10cd0bbeab9795b6610f28edc15b5d235ed339101d5.zip"
1⤵
- Suspicious use of FindShellTrayWindow
PID:4424

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap1183:190:7zEvent26707
1⤵
- Suspicious use of FindShellTrayWindow
PID:920

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\TCPView\" -spe -an -ai#7zMap27787:76:7zEvent13156
1⤵
- Suspicious use of FindShellTrayWindow
PID:3144

C:\Users\Admin\Downloads\TCPView\tcpview64.exe
"C:\Users\Admin\Downloads\TCPView\tcpview64.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5048

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ProcessMonitor\" -spe -an -ai#7zMap28735:90:7zEvent15257
1⤵
- Suspicious use of FindShellTrayWindow
PID:4908

C:\Users\Admin\Downloads\ProcessMonitor\Procmon64.exe
"C:\Users\Admin\Downloads\ProcessMonitor\Procmon64.exe"
1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: LoadsDriver
- Suspicious use of SetWindowsHookEx
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
40KB

MD5
d574939016c1b0511053c934958d9a25

SHA1
1ebb35cd6af10fce71dcd4778c9bbcd9822ef999

SHA256
ad0ad0fb63aff674e004faa8c826d6523a79532133fc07eb9a2ee5a1d367ec66

SHA512
48758079cd42e05da63126f5119d15a4f79520095d062b67490b637df8fc12d567eaa2ec9c083d747093fbefedc651fbb3a2bc4f2fbbab9b5a09379626a40ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
299KB

MD5
00928a40ded852fe65cc4dbab4d3104c

SHA1
016692a940e6e541d0ad95330f115afa0cfbb3bb

SHA256
d97f28791997e163dfd26af328755af8086fc61b891bfa8df32cec5c86ba7c8d

SHA512
ba4a08d39f82c3fe4934d96328d4c155f8ef62a251197f0e4d31254833931d24f4d0678760a8e0f9be58151061f2d4acf0f8207bf2cf7f34c6b3c7c294c78c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
71KB

MD5
035ef6eaf7accadce25b54de51a58b43

SHA1
6622e6858ee1349437d58c29fe821390c27cef41

SHA256
c29fd8d1af7a65a8ee253f331922fe84445b275926596fcefd3d2fcc02bf842a

SHA512
d6a21d79e3f10a9c4ad0b1d0294922a90a8485170e514129b71eb0c287925d6a80b8c4d5e246faaf86964ffe4841aee78a8fb7a3b6c5d4f6fb0a82a73dfb69ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
109KB

MD5
fe14f98a7a33f490247a47d5f9d92a66

SHA1
423a3b552b6756c339d5bc21005f2d9bab26c100

SHA256
25b04ce7f1715301df2abeec57b02c682e62ad31290ee5dbbd5ec772db38ba43

SHA512
2a66205dd7c8ba497544809ecdbe2d644cb9bfabe078d11031e25ca849d3c620fa12d4daa553382ea437ec5d0169f2472591adb0422e87ada40a32960c5b2fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
218KB

MD5
0de3e3c176d9c1ac11dcba3ce3bb7bb5

SHA1
9137d500a8787b1e0663ffa3891803ee5b1f089f

SHA256
754660ac3876e22349d3d4e3bc55f60e146f57bc5b0c30804c691d45920bde76

SHA512
6ad81d5c3b5e198754cca6e08c7a93f66f9efdd1d131e79dd2051ed0697a30d5076e180d58e42f443e7e007061c99c9f81bf7ff2003bb452d9cdf3852491e530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
172KB

MD5
696905cf21b0eafb1375500b18281fb5

SHA1
220ad56ec28ab3c6f3d1f907db2ee4503584580c

SHA256
88b686f54488a58d38cba104e826a0b0f2ef668d1a2c67bea2fdc40df669797f

SHA512
da4de484d0530342f51993b70101e73001a6d380b5e8952cda26a6bc4fd4d4e758cf88719020785c9435faf585b536ff01478836462282561791942bbaf0a5b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
22KB

MD5
3b5537dce96f57098998e410b0202920

SHA1
7732b57e4e3bbc122d63f67078efa7cf5f975448

SHA256
a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88

SHA512
c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
83KB

MD5
c57c0a21d02d0b3a015939031e15c8df

SHA1
0b9043beb53986b68409bfdace2bde7f0dd968c5

SHA256
5d0feac1d06ca3c51d5df90a24667ed13b2024860c29d87f42ca15d005a50ea6

SHA512
62c45fbd417f77a4c219a7ff853a6b6783418466313aad2ec7d0a4ccaf11a3dab5641c439c62bee4223b91ae64053d4c7a23d074ad308e53477dbe8128d53594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
181KB

MD5
f4d077fdd3bad1c3730c23cc2dea0538

SHA1
55bca2302e887ed5e238ed93ec228b46cdfb7d7f

SHA256
450d9f7f377f988975ef34a223a85831d1f9f862d5052f834efcda8146142e3a

SHA512
0b3754e2c994e97be8e84d3b239661bf08134d39921b4a9d1e41d26c2779c5ac5a106f71ca2b7bb6997d6ea1457d1225414129a8826a9a4388b7ace66cc008cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9f455c5026b426e176370e05653c1b0f

SHA1
d442da59ee68636c59828ea13e7643afd7b909ff

SHA256
2aacc37619ae179495d8dd0a548442a64c165679bf6b6efd5f78f2468ec32a38

SHA512
d268cb460efe63ca488e71a9286c099b00d1b2dd8008c8a52a4708d6679a23db28ce9fe048b7fbcf25ab5460e9418592a364ffacc6cfa876c69d4dee6868061e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
31cc53ef3000c6e1d86b5f3011631615

SHA1
924e860f66dbaec8dd5e025b618e776a7e398b35

SHA256
77360bd777512e9645696932005794f1f898b4965bd90377af16836a07668e90

SHA512
f4671b36cf0b5205e9faa11566d19ddcaea5139f79a664f5f1d426911da7baf49b0dcf3d2da3ba535f43cef7e5dfa754436c681beec6120f3fb8d4121818c7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c824bd55480eebc87d3248596e156999

SHA1
7fe7d2d63fa73caad57efbd1f0c52e529e377a8a

SHA256
2bdf01a431b527c48b325a4191563cc39fc733be44eb244f1c82bc29a44c4a4c

SHA512
d49530830d2ca78398ad8cf7edb8dbfab0b5f8f21918f22cd077e36eeee55666df175aa80af2ca92f51b6f289fec8e21e960fcc830571b9b3c05a7533b58726e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1f6e95da8987b56db7c421f4d6682d71

SHA1
09f5eac9ed28a5cbbaf1cada718c7da042b3b99b

SHA256
f5fe8880291ad676cd3d50167c200b583fea1315ca3056cfb0f007dd11f95498

SHA512
e6cf0d43da3427543c49111bf045e733be8e654ba0f64993280d0f692a80634eb4f15ca707403a0af8f93ff1ad83ee685fe1e451de4518f84428c6e990467019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
aa8bb274079c38108caabe1421dad1e0

SHA1
05a39b6bf936bead1a4984a41a64a019edbf6618

SHA256
fa4cd16b9e61988fa9ad396e24f107d2c475c5874b640e1ea4d18f1c4466af0a

SHA512
4668db9b1fbc4593eaa6c37f786d314e78a2647bed9f6fc5bf1bf137118f43e947ac18c233b9c974f05d45c5d869e31bafb029e91e8f61f49b97392205d75cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d963f539e4839b427f8e8645682eb43c

SHA1
65b8eaad29f647e3431907129b41fd1b0f6a3f28

SHA256
73aadef6eea2f5cdacc882e0f5169f196e52580ec93bb3a3b87c7bb377a89174

SHA512
1f815cb2ce9ba4e34954a00310b50856824303c18bd6649a45dbc6f9293e053d5f2fb120cf5597fed963048a050d10f44fdff9d190a3b1c1b478de8bd91f8986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96011a3b5605045ca37f41a0b782f39f

SHA1
f64a6d7078b06e3f662ac044e53115935f96730a

SHA256
1fea39da18cf939c1a891a2297e0494fd7a1b76878aae2dd9fec64b3da5e8ace

SHA512
a37c0eb1867b99e39b57146d3eb68177d07b98b5074a7d4a3d67247e9b3cc7ada1e147ff9232734ba6e6bb0bb908e5843af0f43c875513690c8ec493d6d25fdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
037890b670a28dbae47fbc8ccb0da5de

SHA1
74e8d2969bb5a04017ac49b1d98b7be237ae356c

SHA256
dece674326e8f74c21ca023836ef5df737a986b664c023c3912ace779f87e2aa

SHA512
35fb87eaeeb4a4be093b1d8b3425675c533772af12e646636b8d583a1eb37914a09fb7c80b6ede75963c1ebcabd27078581dc7e30b444ab6e31afc2479b3a48c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
97877ba19f6f6d943b30aa6feab586f1

SHA1
aa0d9500c2fe049fc63294713a9c5984404b72ae

SHA256
cd89ef33f06f241573ce8a40e46f23baf089c321ca5c442a95708ac5733d654f

SHA512
c6f5000cad1fee1dea8743496da038cd56dc91e0079ed96c715f9ef3349ef8e43c34fe039b30564531d6eb3cab78d1428dd721ddaeb6a8c197be53b1f9a70cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
15a4020d6437374463d68e9bba3d6fee

SHA1
decaba8d5139acfe2ddd247a9cf3006d32239c4f

SHA256
023fbc1f335666ac9afb0e64d4b777775e674152cf402a0b88c5f3d384909696

SHA512
1c1709d5e1984338c7687cdf62f639e9983a261d2c9c01ebcefc778f5cfb1962950052af552c09a27ea6a52650006a6d2032cbc91047637f76cf299137f12785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3b038a7f25aa3440a8330e8040eae9bf

SHA1
0b91ac1ac9059083aa399aae061209f49c848c0c

SHA256
a8c321391fa32dbd16a9b0b57be7ee390cfa4b503ca3342cc16b4c6d661c3501

SHA512
55d70ba9e9eb9c6f58568ded73ad82ad42159d46179f071eb87e6014aba8b2fb0dc14c11cfd3028e913805e48a1d489c208a926b62ca306e6199a8b9252dfbde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
85fbdf3afcabe29e3b1e5ce3723195c8

SHA1
d1672b9e75c7aae3004ea92185979db76226c273

SHA256
52da7a3fa09f1455b8483299245f12acf3e3b8572fa4f278dd4e5880ba815e89

SHA512
f0e01d7f6fa3ae3a0da849709440c47fb0921db27606a4d79a6ed34d1a7f380961b236fd643ddaaea6f80e9d82066e633e5ffa06497d3dd01c45bae1d1ea3825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7b00869b495954b45e6dac4ceeff87cb

SHA1
2159c970d32ca947e9c2228d66f9df970d609629

SHA256
c67760bbbd8a173a7e95354a63f5a1f55218ab2ea5c908d7b2857eddd554a749

SHA512
2bd9cc47099af8aa3388c4114c803e9bc8ef3d7287225c3ba4f6cc3ba80eaba3a380cea8a706de88e49a9494e6d751b21ebfcf8e4fa313f03357462e41267fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
681ae99db7825565f8d981fe73ae87fe

SHA1
b29db92bfeae9687e4bea5544bd686efd6d650f5

SHA256
0c06068a2520fa880b3618e3a6c0177c27a5c148348cb146100270ed8abfff73

SHA512
595bb7ef7331636e8f23e893e860fb40b6735776ed7f48b97ccf5aae568d3bb783bd60f7d7cccc7342d0a6eb99710850ca3125658f7c17cf819eea17bfdb8035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
07208d13b86f720e926d9f3d1f4d2796

SHA1
9c43f17177711f61fe3cbf98f254cfbdc0ce03c7

SHA256
f2925c8ba74399de724b6c4938de60a0ed0e284cef0fb7324ae2b1a2391a5c5c

SHA512
41dd304513cc593a96a8c34d1084c67197b147e08afbbbdc08de26f735047b10f66e84ac8925d1b66f075c42bfd242dda0a2a1dfe356d7843c79953907bb017e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ad4e9d111b43e0efa642ad45ea56b03e

SHA1
6e71a597f3ba8931284aed9293ce231aceb1e608

SHA256
c0ae11bd75817c1eb66489752a9389008640b6e96c11a68e4dffa040031691c6

SHA512
78a213b984ec98a1d0f7f09d161d35b6382da3a512fb6ddf76fdb705529580e38414a30f0afd773de6bebed24df83ec94ec0f84cafffe761fadaaa1eb690715b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d200feb672be95877f07f846145deb12

SHA1
abac4605e839d60aa239c4ec649ff0931d7e6613

SHA256
53f644568f1471ebb844f5f366103b52cb2084777a15a7c6f5bdb5c03ecec4c1

SHA512
a87710d123cef049eb3415444649c1e7089bf51a11120e28e9e665a9b8e2cea9f23a680805a57570d7e4db0cca61f113865c66cf983aede6339391bb5681ebb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
33cdadfe19ee29486b321e40f4f49674

SHA1
1d432202697d4edc16a89597d106e55c05a574c5

SHA256
3e933994783679f35760ed2d5085a48afafb154b4b52bb11dc34c98efe373b03

SHA512
7addf8f6d6e41134965fd60a069a4092158ed89d58c3fd3e7e7f6b47222b713f54318765b22f99ec9fa7709f8546399ae7a659292011ecee43456e0e0b19b586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a4ff409f1b01aa9e0aee4c1da5458b83

SHA1
541cc95bfa041498a3114a68ab93165ef7719326

SHA256
2aa5db15b41b6ccbfe504143625a57b15d5aa75c255cc56c67f92149fa4389e3

SHA512
1b482bd626f217439d852ab79f80709ab07428d898895cfaab0a1c09118f144dd9a79f17eae2e6475a874e5d2760d1ae5b4132a3ca05cab4413f7d173f5eaeef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
aebb397276ab102d74cfe9a3df1bf1b9

SHA1
5df6c86709c8f7873b52e625fe748bccceaa3796

SHA256
8bf29ab1aaa2cc2e715770fdcf5ecaa4bc382ae4b8ad22a728fe490c0d3c4a1c

SHA512
2298a7f5c45fd992ef208712ce2ecf309b7923f9c107ca190579daf68d04c8dad1236be68a530853d1aa200110a78dadb2f84dc5e6384cc117a567fd08df6638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a7b9.TMP

Filesize
120B

MD5
8b7c4a4c23a58cc0d8cc2314bc586789

SHA1
8bb8ce448fd930161644de9e998078893278f27c

SHA256
c2d993aa10a5eede8d88f7456c5aed05b5bb2f405c281b32f274f709768d54c9

SHA512
170c87207f1d22f88de05661d6827903e68a116d6ca0f8cb6f336c383a775dbd7861fa1aa19e074c26b8b30f6716fa4d8183e82470894e4b4c8fa4684a95d4ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
edaeb5a28e79919783e2b9f5b0f967cf

SHA1
ac79ec8ab027670f783709ea3878b9e8ba881668

SHA256
432fc05ca09e1ab6f85bebb793f6751f6500f8f8dfb61f4ff6bfaec2aab41659

SHA512
3e89c1d28ab6d1ca55b7033c9ce82f983a78f152eee1c06fad48b2780ce108848348c439108a59aa555193802c422246c4b78b6668a21afba74c22fa65acc396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
c4e3643f952f87531f99fad1ba85858c

SHA1
d524ad041684b30831bc9141aab5beef649f3097

SHA256
069b0f9812482c38fbfed073b2d47810696c7e2f8171177779a7ef509f501271

SHA512
32a2c9e89562281d8adb6568a4051ff16ac078752b490c3cc6febe5b2d4317d1569d47972b7c40639a5dd54765df5a5f4591ffa7c6e82de71dd8c749617a73be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
283b349aec2bce26aec00c3dec3dd40e

SHA1
0b0dd35796be48c05411c5fac06fa2fb07ba7efc

SHA256
caa6dd027b5ca4ce53e433a3dae00f4ff35e76e8ccb8783801db46de190cb65c

SHA512
1279fdeb8a37df99a7c84ae133c7ec8c83d45804447bb7facca671d5802df719a466916ca03ce4c83c8d6c170bd554306bb22c1db26ec6752122e844183c2c01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
2ff6e54dde2fe20fdcb8115d1e44e71f

SHA1
14b66fab7b48ab0d8683ad2f43c4041a5009341d

SHA256
37441d13ec465ba3ee5e2456b977634751ef5712c63efca0995c6630df9d09e3

SHA512
37e3091fbe81d6e4138f969901c2096ca888190f4673f0e8983765128564a887d352cca7b68e361d9d648248824e0d6245f0fefd767ee2477b105d96e016c220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
df45e48bf2afdd73bc7f45d0c12fd065

SHA1
791d9a8822fe1654d8d9ec960b92e87eb8af527b

SHA256
61552a5b597dc302ac205da2824a4cd3c852c073cbae6cd781047b4ae1b1d123

SHA512
3ae9074e9613936c793220b4b978989241073a355daa2dcd29a9b3063c530d7e8c60753db15d0c213b0c0daea72152d0089e80170147c7dd1b0393f40f53daf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e0da.TMP

Filesize
97KB

MD5
b859da1970585226df19aa375a1dd744

SHA1
36dcb71fba3e46151d912e16162efb23fa761376

SHA256
e776acdd042ac388acb22291092243ff91f4d95d376e175b2c2f3645d244b0e3

SHA512
21dea786336aec88e728f6d2b96d81be3e8e8e93a35951a461501a174fe0b821a19f9c9d05776412a5ea04d98fad07fc410660aa4e8d50ffe02780993cc7b661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\ProcessMonitor.zip

Filesize
3.3MB

MD5
6d36a9f1d8cd2d5dbe2d901edeb859e0

SHA1
dbc06f4fc8a3a1f58f5d113165b17873ef774d54

SHA256
1e666af1fd3e092973170b5cb6b6f514f51eb874458534fab32e9b7132dfd054

SHA512
5b60234c36f822dcbd6ba3873881497e45be33a64043c9ca983214eab7a46b86d2f9ac791184a4dc1ff24a7114d9f3c35487a17f4c9383c5fff658b3d3905acb

Download Submit
C:\Users\Admin\Downloads\ProcessMonitor\Procmon64.exe

Filesize
2.6MB

MD5
e4086e56beb16c4b4b57e381b8151232

SHA1
154423a97f5491b1b58e87dc4be1bd7c7c71e243

SHA256
8822e28f46ba3c12256d947e5786ed30c3311c1829cf1ef86634f7fdf1a9710c

SHA512
7cd44316558d9a3e6a8b983d0e8946b21714e3f36b0d386b964e975f27a72cab89bfb9d1d0e2d0661a48e7c38296b0ab91da8ec88349f05daf1a9b93143a5a6d

Download Submit
C:\Users\Admin\Downloads\ProcessMonitor\Procmon64.exe

Filesize
2.6MB

MD5
e4086e56beb16c4b4b57e381b8151232

SHA1
154423a97f5491b1b58e87dc4be1bd7c7c71e243

SHA256
8822e28f46ba3c12256d947e5786ed30c3311c1829cf1ef86634f7fdf1a9710c

SHA512
7cd44316558d9a3e6a8b983d0e8946b21714e3f36b0d386b964e975f27a72cab89bfb9d1d0e2d0661a48e7c38296b0ab91da8ec88349f05daf1a9b93143a5a6d

Download Submit
C:\Users\Admin\Downloads\TCPView.zip

Filesize
1.5MB

MD5
0db74b666d6dc61a26e4cb217bb05f24

SHA1
1da8cef179836761535b045a850ea8ccc423b4b5

SHA256
4fc5ceba3e1b27ad95a24df35d094b454ec5f9478e12a8ca2b1b222705b9683b

SHA512
35dac71cfbd9c39622c378ba437b37c1ce6411cdd3b7258ab854a69e549b765db2fd8d38a7f911509780fcc42922529a23b4eded3e86147d1a372aa3bd1bccd9

Download Submit
C:\Users\Admin\Downloads\TCPView.zip.crdownload

Filesize
1.5MB

MD5
0db74b666d6dc61a26e4cb217bb05f24

SHA1
1da8cef179836761535b045a850ea8ccc423b4b5

SHA256
4fc5ceba3e1b27ad95a24df35d094b454ec5f9478e12a8ca2b1b222705b9683b

SHA512
35dac71cfbd9c39622c378ba437b37c1ce6411cdd3b7258ab854a69e549b765db2fd8d38a7f911509780fcc42922529a23b4eded3e86147d1a372aa3bd1bccd9

Download Submit
C:\Users\Admin\Downloads\TCPView\tcpview64.exe

Filesize
1.0MB

MD5
e6a59b12c9ff25259178f5645b8749b1

SHA1
e59dc87c158bb02690e577d3d1bdb169cf89eee6

SHA256
0cbcb7ec4a042622b0d9d91b18f908e4208e4725ee1fa74a3555c4dcb622cfc1

SHA512
25bf745ff9a61d4ad7a02c1fc39f4972941d90ebf2eef07fbc6e7124629e90c28be6191cae35a403ffb7c9e55968371ba2d46bfe807939de5c35909584677160

Download Submit
C:\Users\Admin\Downloads\TCPView\tcpview64.exe

Filesize
1.0MB

MD5
e6a59b12c9ff25259178f5645b8749b1

SHA1
e59dc87c158bb02690e577d3d1bdb169cf89eee6

SHA256
0cbcb7ec4a042622b0d9d91b18f908e4208e4725ee1fa74a3555c4dcb622cfc1

SHA512
25bf745ff9a61d4ad7a02c1fc39f4972941d90ebf2eef07fbc6e7124629e90c28be6191cae35a403ffb7c9e55968371ba2d46bfe807939de5c35909584677160

Download Submit
C:\Users\Admin\Downloads\f7ea23624ff9f805903ce10cd0bbeab9795b6610f28edc15b5d235ed339101d5.zip

Filesize
539KB

MD5
bd2d7ac71d794a7226f884a4e3e474e5

SHA1
cda0b8312fbe5f446aafab784c216fee39888591

SHA256
9153d06f8c820b5f4cd0bda8f815378ce8e132eb0ef9a76089ccb9c897f47037

SHA512
cd8e602df2ec521d2989a45d860e60d3e0780f6a5b93b1d2d4ba3fdb8c73542b2a569887e5563e6e65329863db89e317a3cede4b34fff37ff56af1c18f1f9c9a

Download Submit
memory/212-792-0x00007FFA775F0000-0x00007FFA77600000-memory.dmp

Filesize
64KB

Download
memory/212-793-0x00007FFA775F0000-0x00007FFA77600000-memory.dmp

Filesize
64KB

Download