hxxp://45[.]74[.]19[.]84[:]80/xampp/bkp/bkp1_vbs[.]jpg

Resubmissions

12/02/2024, 23:16

240212-29gl7aff67 1

12/02/2024, 23:13

240212-27h28sea5x 1

Analysis

max time kernel
600s
max time network
604s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://45.74.19.84:80/xampp/bkp/bkp1_vbs.jpg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522534341844101"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3948	chrome.exe
3948	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3444	chrome.exe
776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3444	chrome.exe
776	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 2028	3948	chrome.exe	83
PID 3948 wrote to memory of 2028	3948	chrome.exe	83
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4340	3948	chrome.exe	85
PID 3948 wrote to memory of 4752	3948	chrome.exe	86
PID 3948 wrote to memory of 4752	3948	chrome.exe	86
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87
PID 3948 wrote to memory of 884	3948	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://45.74.19.84:80/xampp/bkp/bkp1_vbs.jpg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff866fb9758,0x7ff866fb9768,0x7ff866fb9778
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:2
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4536 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5404 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3968 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4736 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4920 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2300 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5996 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5364 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3780 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1144 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2360 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3220 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3032 --field-trial-handle=1872,i,2856412230179741242,9869638618166956383,131072 /prefetch:1
  2⤵
  PID:2688

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3c91d30b58f2f7d3e513f5f7394013bf

SHA1
38aaa4130384df9225a3c3b3da84fb7687a9c2df

SHA256
1bf5ab3c9428ff8ae5fadc48fd41675357be94cfcaf2a89b9a79e9d5736d06b0

SHA512
50d813e6c14b99d6f4cf6dfe1af2ab2fa6eb9fb168678e273117900f656c0cffa7936e7c9f9558b16d7f25e2c70a9ec7a7f2c6b633e71c1aeef0153ad392e9f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
53e4d6ce5dea069c62038a7051c4e752

SHA1
b9081b443e5bee2ea194d4e43df3a380ccb5376d

SHA256
96ab0482b9f2c4f02953316cfe3967a1e8b7468f4b21197838b6e994a301c909

SHA512
3a2cf1f074b0ee8954ae8ee39aa2c69db54a4f92e851ec25db3bac36c1e443d38cd39deedd148fabbbe77a737711e9f4c966b9e98ca4bf6c1d7a5b33103278bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fa524029606d388f882a33b148af5e3d

SHA1
1426b69e57b81b871ce0fda67c64364146e8b966

SHA256
7237aeacbc4e47d9dba86247fdb32d7c06dbbc410ee8621242e29a6879f4f0b9

SHA512
c06b843443c2a7063822737481780c60aaeaf7c7193911cb083f9719582304ab47d1593ebb0c42028dcc633f8afe46022fb020ae6b13614dedf1b29a578ee14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6d5d7a5e8c266d9f29a773895b0f8399

SHA1
9d17c537eaca81cf53c3b2442f82ab245cf6cc09

SHA256
8d1461a6c0f350e9740a54b0165bcf4484bcde10ec271001dbe4c88af1ceee76

SHA512
64a71195e1d65c7a5eecca64152e3ada3009265251f410355bdb1bbd5a1d999241bc4b13310952a13d0c55478cc17b760ce257aa8b5ce2487614e4a40069ef84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
33b3cd38927dbd46f72c1e274979248e

SHA1
75a20da31bd00621ff819f77bc097693ea48f2a0

SHA256
746ae5047a5b0b7fe34d816020d0a8706d44354b4c42d4bc247cd043eaa01f3e

SHA512
d46ddce0090fe57e690134dbab2ece4aed5b7a16bb10d7e415796f4c08266da134c09e60298e556a27cb84fa18f67e5c6c956e4bbfe7172510d6892874653fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
39003389d6d6892b879c3eb3b2c30b98

SHA1
d3df653172b482222fbb5e43e21df73323d3caf0

SHA256
163c3eff3fcbc9fa474750683934d1cb30e88102be6d80e257a0164079d775fd

SHA512
df5cd8dd6382f27eff2cdf4c9eb856a4296c01835115b0e4b53d99c6a92e99cf3abd8527d1875a6432e54f7b37a7a1024d680080a66af40b13a36518bfbbb99f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7b67aa5b8b1d3056c1f29ed0a63d0cbc

SHA1
fffc2f5429f6794756cd88f39838c72a48dd3c01

SHA256
b03e22dea5663ff05d81e44d3d930e325c32eca65e7dc56c15319ae590b450ab

SHA512
0a1d51d09b9ae63b9ba8d95892c90c2ce6cf4e7b7d08f767c00814b77b14ca31173c5e04ca7cd09fa68c434a1828d6813d6c165260339ca43429dbd4420c03e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
addeab3872e1be3df34012bdc1333b6f

SHA1
4745a039a28195fa71373f4f14bd48dbdd19a5dd

SHA256
7f3f179ed2ac2619285aaf21bf7763366fc72e2ee16d0b4da878289399f621de

SHA512
0f9fb1fec6f4ce80661227d81819119cba1b22a06bb48453f0037c6ff96c2a18991e3cfcdc5be217d35c64c80ab9841ff29f6234c51bab44679ea52c5d646d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a8633f3ad213cea560ce8983be90f62c

SHA1
8c3e541555ca979347edb3f6e88a9bd90fa90b34

SHA256
f7b2f6e5635dc1e7f08db7447ad396e29adfd9755569175fd1d45da636026681

SHA512
6a59e4fabd8d9f36bcd35eef6d359077d3046f935b8cf0a372fd9251889c4bd33ed1272512d8d585cdc9f3a095847bbc392fcc3356c1381bf8078ff0894a5914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
02e58d28dc60f20ad93338df61c19eff

SHA1
6c8c3ca0e0c6028b299f2e5caac407060d5d60dd

SHA256
d407b53d9678f9c6f3d6a4de88ea6c90b06cc49b3caf553b200c300fe2dd5163

SHA512
5ffd7315b416d2f8ea3f568733f5660881b69998f888c95a2ed51168d07d75f2cf5198d17129ee18ea61760c0098ab48d87040263befa0637c31d3f15abe4a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a3857d269f573718529b668266894bc2

SHA1
997398d826bfbd107065e654d3c6cfab61c48d00

SHA256
2ae3b5391e97e70027ed213d92cf78d31f50ec8efc4ce809ad9345453a81d33c

SHA512
f1e912142c99857ccc44388916fde79013b0bb6a5a9ebf9b5f696bf0f5c6a6e71b112a86768c26c50017a574aa05a012397d2ae509d5ce0d002fc8a5590196e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
521796167384a2c78dd0ff2858c70071

SHA1
0caba307aa32c0d7b9716a886be68e04dcb89b4f

SHA256
f87176d8f2f99fa5fc3a1d9a2c98ae4e9c04b04c78f12d2624ce29a0cd4a3c9a

SHA512
51312327f6f37f073958d52f39a3ba4bf443f484104a8ea6419031ff533b55ac4b9e53df99716f484e61f80cb9ed2177a0869f4285f1c3f023a0214bf0e0bb69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
ae3b6efc6e3f74e070f0664943db89f7

SHA1
e40cac610c54deb40887e58a2a5112a18927cadc

SHA256
7df803b1d782d817b19977b1be6e74267f65f09777819a939e2abdcfe90a02ab

SHA512
a0b5ced299d84cca521f0a0a178afde237e4be83a8a4e123868dede6c2ddd68b9a9494d84c5bb8d71b95fc1e0100e64b9f8ba1ed8db50c47517761beb7d8e296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d0561e314bd3d1bd12097ae64bfe32e5

SHA1
4645d7c0a0cb9588d60b69496d9936bb864bbe12

SHA256
a5022101a017318f52877b20b4fc48f841eec1ebb5639f953913d386cab0a0a0

SHA512
7a7fb12df7e462318fccced95a508e903a103f657972b419beb444b0e86d7789f0e0fb65d7c2a07e8944bdfd7ee1de810aedee5294a243ba096d789a7983e96b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e547bab05a2606570412d5065e7ce1c3

SHA1
b344a0c040a2117ba0db12313e6957dc68e2c009

SHA256
cf651595be0388af8e73d422e5627888347488241426ab049aaec237eef18a22

SHA512
3f7849f035c89c0d778570ae8a356f5e620298f18f91b9363128c9966203f70052d5e4b03c5ee1e01bc7b852640ca70f26eb52b6311351d1eab703c2054c2462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0751972a516243a03f234a6175767eba

SHA1
171565f6b230311401dd63fb7f70a620d0ad5917

SHA256
33aede62aa94df7e7b687df64610e6d27f54a5b120df996df388f822835e9727

SHA512
b4d25b2738290ebad593270751da393a9d65851ff4b8647f9c4925841c85aa878ff480e2e25817064ed54086719be7ce4e01b13f2876be95bce9e67c3db73eff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
afab62008719749053c343c2e907c31e

SHA1
bae00b4bf138e4d6955a4e80dfd1c66b5a55c006

SHA256
98d2a6f80a7f212aee7717e9a59f7c514aa66da3ed870b5682b12b09a5714106

SHA512
ce8d85e94f579bd6109d8fc5f4cd6676b76dfaaadfe786eebcaac7240a713118f4092e5ffd829343f3bc3d8a1d36d12b91be89f3c5a2f97587d6df3667fa4af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
db9b6a6f051f0c982f1eafcc652d7eb7

SHA1
51411cddb3b98959b94bfeee1769394572276b95

SHA256
eac7833a7d6ef0ef717670bb42d2deeb1b188d8aae0ebfc1f086fb59bae68c33

SHA512
4f08f23162927222dbe40a9edd13b67043889d496015736feda53fba68d13a5427ae145597d9ca8128f771813b9542ead2d98247d72234108a0276af9f3e3a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
40d5190a8d2b455182cb30932665845e

SHA1
e8016211cbd160d51e3f8d962826e90cf4dbd36f

SHA256
ba96275470d6701348d69c5e1ffa66e6b288cb758ddcb8543e4e0225c1ea5df2

SHA512
e30adb4172056002fc9b0742241125188da4c296bb0f6bf436219230ee2beab312ccd595eef463712ea607ba062d1f895dc07dd574a5c8624abb0e752527f3e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3d1ef99a3ebf1aa877881aa542bd8d2f

SHA1
7032b6230729f8962c2932a1095b6f13cf1f1fa6

SHA256
4e47f9404205879f50c791577513a9619dc4ee6706c3f67364fbdc69bbd9ad1c

SHA512
527f59767a58821e39df27df9c5ba5cb009bbf47f99f9e0115bd00201221cc1d78160c9e4b05b51b6f741d5d623d6b14fa197ded8fba2ecca3b4a4729c774143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
95d54d253ffe55983d6e929be23c089c

SHA1
2122479d3e204549a68beccd22931f3081d540ef

SHA256
1ec475dc84b63414829b09e02970b6bb028b998d9690ca606d952c9813da041f

SHA512
e26dda0fc5151f811561673454b3af16316237d1682f73a513e648c2b1a3d713216980747ef65035b90ff69183551bb54c61da4d8376a0a5ab032b69567999d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fb1b67b77279df550cff4ad520a05f85

SHA1
54ea7b88d0639d702b21d4304691357772b4fb61

SHA256
b66d1281686b6d31b07816f10644b501056630c10731c4c09395ac1a945c0cb6

SHA512
d5d70078c9f9ab1ea8962cb534123b04bcd810c8c7f1186cd2c59ac4a0a24f444ab26654796b531660a1c0c5ec5545ad40e419312373dccf02bbbc49dac55d20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d3447324694de3ce670d88bd0df80861

SHA1
8342d79b11fd19780999efa191ac3fbf80cdde6f

SHA256
9049b785f6e7c0fc2a0da560103ab87f4728c371d0f8ce9e28a0ae337410cedf

SHA512
0065ff9276d1569d5f7faa7cb5ea2809b06a5036fb3048355889065276c88b3b47f21344c3a2a4b13a17a68d73e576f87d76771604b896ff38f3cad3e26099f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59291a.TMP

Filesize
48B

MD5
c88fbe9d50208a1584c3d6226e29543c

SHA1
777383b60cda7b1cfe99d6ce4b66dbeb336443fe

SHA256
c0352e4af8bd1c0cbcd4b137ee25f497cb0906d2e9c5a5a9df7d1621e310e163

SHA512
547354671f8f976be0147770bc2c4d2f79b45f5241c5ae9793a0413f99be4db42a55bc9840219553d98acd3612c857cfc311b71752f445f9f4dae99a8f455064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
9c7ed83f0ed9a58e70eef7b90012380e

SHA1
23f5e322a1b5ee390bb3fcc2e023ec3964c50a5c

SHA256
f36e54e434d9fbe0854a46dffde813d2bd0ddb5b8a147a8cf4fa4826eabbf860

SHA512
41bc1234099a903d53fe29f2b77058a645ae8688fce2f8f5551c667c7b36b15b6cf65b08b55c4f306e33df684fa9e2e8c3b052c39b7cff8acbc1baff2910857f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
03292c64f6d85d640b9af4c7a42938d8

SHA1
12d20b45c96ce74b0d6bf61450e0d40c77b2cc7c

SHA256
d539a20713b10afb2bd61b03b57d585e240eb355dc9ec85771537ba144f613bc

SHA512
1df7eeb1ae26925a5810526329ebf23afdd26692855ca6c3e1c78e96d2455e83f565deb41ee41bd19909eeb1ed4b163f038164fb26629fecc9fee12047dc3bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
e52d387d14aac229512d750850aaf133

SHA1
23de9b944844d502eee70d9f4569d4358e59f393

SHA256
e46adece2fc9cc3803b1698c1a7079a927fd33a4b82b7e82c20ce383aec8f04a

SHA512
5b7f0abeb8c5b5fc76b5cd3d12736175e91d2dca4cee7d60b4bc9cea64ea4b367fbbf05a03053613bdaa47b952703cfe27ef6cab99654c1761a2db9c5a0ce292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\bkp1_vbs.jpg

Filesize
5.6MB

MD5
b7a25f46332902a1d9fb97fbfaaea500

SHA1
d68ea41efe45227f01e621a781a79931cc4fbd72

SHA256
836ff727f8b03a9e061a89b1b32b96e24b78419c62c33a9995b5f3295a5d7cb0

SHA512
ccaa74757dd002aac585c093beaf63da03d680c10e876973f808b539b1dcfdc44816be3302e19d032f3bd25a1ee457735f8f5ebaf2a15a3bb208e6b63938449c

Download Submit
C:\Users\Admin\Downloads\bkp1_vbs.jpg

Filesize
8.0MB

MD5
a9f00cd72f53a3be0f8738f63d2bda1d

SHA1
19351a79881daf08b3d28e7e895c6b8e3bbf20fe

SHA256
a8598cd99252701e326c2c18d50a483cebd18114122468c9cc40eb5add5fb1b2

SHA512
84b10d99be167de8b514a0937c6084b5217d465e4c2c5868472a7e7398ecb714b3894ead6a27d83ee45895184f604a006b86bbc182a08bbf763832757fdc7441

Download Submit