hxxps://getfancontrol[.]com

Resubmissions

09/03/2024, 18:11

240309-wsxdeseh9v 7

09/03/2024, 18:07

240309-wqtjraed29 7

Analysis

max time kernel
480s
max time network
490s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09/03/2024, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getfancontrol.com

Score

7^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{30a81300-3d08-1245-c027-070e630ee14b}\LocalServer32	FanControl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{30a81300-3d08-1245-c027-070e630ee14b}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FanControl\\FanControl.exe\" -ToastActivated"	FanControl.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\CLSID\{30a81300-3d08-1245-c027-070e630ee14b}\LocalServer32	FanControl.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\CLSID\{30a81300-3d08-1245-c027-070e630ee14b}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FanControl\\FanControl.exe\" -ToastActivated"	FanControl.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
14	raw.githubusercontent.com
31	raw.githubusercontent.com
32	camo.githubusercontent.com
41	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133544815328166404"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{30a81300-3d08-1245-c027-070e630ee14b}\AppId = "{30a81300-3d08-1245-c027-070e630ee14b}"	FanControl.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{30a81300-3d08-1245-c027-070e630ee14b}	FanControl.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{30a81300-3d08-1245-c027-070e630ee14b}\RunAs = "Interactive User"	FanControl.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\AppUserModelId\C:/Users/Admin/Downloads/FanControl/FanControl.exe\CustomActivator = "{30a81300-3d08-1245-c027-070e630ee14b}"	FanControl.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\CLSID\{30a81300-3d08-1245-c027-070e630ee14b}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FanControl\\FanControl.exe\" -ToastActivated"	FanControl.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\CLSID\{30a81300-3d08-1245-c027-070e630ee14b}	FanControl.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\FanControl.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\FanControl (1).zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\FanControl (2).zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2228	chrome.exe
4008	chrome.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
684	Process not Found
684	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
440	FanControl.exe
440	FanControl.exe
440	FanControl.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
440	FanControl.exe
440	FanControl.exe
440	FanControl.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2056	2032	chrome.exe	80
PID 2032 wrote to memory of 2056	2032	chrome.exe	80
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 1772	2032	chrome.exe	82
PID 2032 wrote to memory of 2412	2032	chrome.exe	83
PID 2032 wrote to memory of 2412	2032	chrome.exe	83
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84
PID 2032 wrote to memory of 328	2032	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getfancontrol.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c5ca9758,0x7ff8c5ca9768,0x7ff8c5ca9778
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1344 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5136 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3424 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=924 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3652 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5008 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5884 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4652 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6000 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5288 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5812 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=924 --field-trial-handle=1804,i,5109362079890140134,15313785337665068654,131072 /prefetch:1
  2⤵
  PID:3056

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Temp1_FanControl.zip\FanControl.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_FanControl.zip\FanControl.exe"
1⤵
PID:848

C:\Users\Admin\Downloads\FanControl\FanControl.exe
"C:\Users\Admin\Downloads\FanControl\FanControl.exe"
1⤵
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
43KB

MD5
5155b09603bdf32a86fc19ee445b3cda

SHA1
73120e4ed9db3d17f5ceb703cdecde2152f14d2e

SHA256
489af09eb5a62a6580d3bb7cf117fc70d087fd52552b6dbd0431d91e16bbe2b2

SHA512
63facb3a599f857f6f638d9a1c3ae07a0dda8b4977ff2b30a8d822b9778532f7f4dd89635744be32d1782ecd70667cd357cefdd444ce43c9c57fe1176ad182ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
93KB

MD5
ff3d44680a2eec31e90bd8239927b5fb

SHA1
ddd7b9fa16cccca7a5b6d9954e960ec634697a7d

SHA256
7fbc3d23022a64865aed7bde9419bbd947870184d19db77a5b831fb1b024c2e6

SHA512
b8c474fb5c8fb0639ab671da86f51e18e8389e9037aa586456bceddd8da37d2a5db1c895248ae121a7e31c1d1b2875336e6dc7f87af10d5a02e0425d5f90eae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
627a79f9ceae200882cc75dcfd6d314f

SHA1
5cf981b62114f9f57997d3947cc187dd830a6335

SHA256
b5ab201f83696d0c8f544f5e51c4d610d9af748ed8f698f675c6377f5e4459c2

SHA512
966a8ffb1e3e78d0ce4086cbd3902c0ec723accdf1ea8a846df08bae27544a5bdbf4b8dd8dcdc2a9c1cdf8abbd774d2b63c0383242047d7d272b8f7124ab637b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
47d3d8ee386e3d27c9489067aa4e9954

SHA1
6adf1c8c0406196356a134b1865e62cf099d8687

SHA256
4d51fbdf79a29e1f52351812a155f231e25190a5044ba482eafae5541f4ae7d9

SHA512
1d527da5086df4037c307513b06c2d8d3aceafc2349e31b6a454371ec00ea18e170559698119fccf7ed4bcb1cdca54f75ac9261bac688d16fb2aaf85fa4d2927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
65dc484efb5af5e346fc51c210fba1c4

SHA1
537c307694a50575868f41e41864125a3b12da79

SHA256
0ee81e68feeb86585ad89bb1254b5dc080325bc23c8fd655e6f2e813fd12c5de

SHA512
7eec7702e5dfe5d02867a6f0cd3a20ef817eb31ee579af954bec4653525c9294d52c4e76f73daa0079df90e0cc4129ecaf317da840a3359a0331a9acffc44fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
69d7b2e7161b6c47c9888cc470228c31

SHA1
12dd6b69e2d5bdc898ba10df5d7a48c2cc3d7721

SHA256
bee3ce09af5cbabd7a672a48bb53fe52f13a7b510d1c8e6919a8c4184e560c26

SHA512
622dc9cb1a12bfe617009be65bccc3f1c294adfc4d342affe4af1f1ef3d61f5821fb77a4daf981b783bd25e0c00bbb27b2ea7dfde3a70d2c42c12e3bd798866a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
433dad2a56c573ec1b90e69656f3059e

SHA1
4f8b3a2b06371e52b814efc55066dd54e186c306

SHA256
330ab3d8e999eb5a6fab8b7638dbca64fab097fed493600a64f81d02ecbb62cd

SHA512
90ab7246269eaadb3c3b9ad89bd0b00e3a103667807eaa993c3d20d0e43c84d5aba2a69a30c4c81eb687a911632799ff63715c34a18ceaaf0da1630b9e9115ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a4fafe24f57d2e02482421e429c26084

SHA1
4d1d06d2e8c1494a2fa67b02219a5ad86a257ce3

SHA256
cd7b60fb185f4ee59a41e6a71628dc921ee969621066316c61a9ca049eabdbfb

SHA512
a90143d0edbe7f204972d58f14aade8a9634615c53fa414c80b9c3eaa9de3c559eaf04949a4c6da866759ce13593f6042956962d3df4f6d6120b034d358d53e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
eaad72e18e3d63d71d0dfc76618ae831

SHA1
f0018c63df3af37e677b6d66d8ec91f6d73684ef

SHA256
d9f021f398a48b46b46a2555d22b6c8120e2ee7fa4bbf406054189b9ee78725d

SHA512
cc04c56fe60549344c0dd09a819b14cad48c653fd1ae25a21cffea2011d748545b0232040f49bbcf4d2b68bdc65ce612c200b64f11a706dfcd15316589a1d05c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
52f729b08c5d2fd58b69794bd227e299

SHA1
ba3973c9831e4748205ef2c3fa62105b48a84359

SHA256
ca26ebfd8a11dfc60d181437ff389abcd7fdf3ebcc2ef9c1ea32ff8bb698c829

SHA512
73f27cff92d2d6fc18c2b4c195154e7aa3fd8d7dc09e1e34486787d6516ca60e597fb022ce2221d94cdced0b6bf3f75b53b30b1ee5a08ef8495a5ec49bc57f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cefbb4339dfbf3b413455aa809c15a3f

SHA1
b74d1afbc280e4a9f8ec349270764aae95ba8394

SHA256
df9d58d53af0cc30fb53bc7e36d19f7d2dcc28b4bcfc0ade12244bac23a3318b

SHA512
802facce6e3a3dd644ff65baa416e36b9b704a02496fb59089124f058e5b7b797685d9d455d768b3c3bac263954d0c67ee5445b1c7752ca5be30cb835bd0d261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f11a19893a455097ba5a704936853bd8

SHA1
38ca6af945a61638808ac2e3489c38f48342c5e1

SHA256
9399bab080f41178fc92147b36066450e52b79fee52990a4db4e55c1cecf9e3c

SHA512
997662876826e159f1dce4976a5cca638c35920b2f3aa109e0a9087d1bfa1946bcfbd5c792992ebac36b5e055cc9f15a2e12d42548f384b57c7d50171bc59543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c5a8ab2b92d016c9f09ea61d99e3a2c9

SHA1
14b5951bba797e4633d4760c049222cd4d247602

SHA256
d99b0802062f796e133785fc05a921c529d28788c062fe006d315dd584069c7e

SHA512
94e993023d97c2b1c4afe16313002d3b47dbb8dde86fe2132e391c3fb4bfc25f1fd4491277dd2c7f9c7ea01cb215fd478266fc3b142541d72aaca39ba81fc790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
38e073bf0c0f7a4f6226a33a1bfb8704

SHA1
24834f61c1839a0603da8ef167fc8fdcb934cac2

SHA256
868c6dd38b2e1d76deed8961a28b741362202649dcd28af1492def869926cef0

SHA512
9ef80ea7947257e2a654eac757ffcaec340ae249a5e9c9cdeca6e60adce9c9d297c94e4f7451fda0094953f9ba849d4735e6f06f2264de1e05dc747b4d2ddc02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a8b6a847371b5479bce82e285832e69

SHA1
87883d12e8ce744cbb379cae0ecad7d080b7ec45

SHA256
8d53766c3926d7a772584b7f2699d7e475f27c10cd161edda9bf02c2ddf55048

SHA512
ab7be14f80a599590b3dd4259c73732090793b8ede783f1c1b37f8fa12723b982f77a9e8b58e4cccca7ce4ffc28c1b25c102989a527c52c02801f2d77bf9b78f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf17995c1339eb7b661b9c16fe47499d

SHA1
d66789e9b5f3181dae99efa378df42026232a4c2

SHA256
a79dc248ecd4eece14b9a405e3f9612d041753c4ca5448ab3e996a12e46e31b1

SHA512
e8752e157a7a689f883574f89683aedf282f7d2296d5eee0b7c84f9d8e2cb913ea56aad37059a57ba01b5b64b19cadbbd48f91a453f3fbeb5652bc605f945cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d132854f619b5cf762bb281416da5bf4

SHA1
dc8ecd9886420486255f07a778c023571fa91efb

SHA256
703a1e34cd613647ec1b13c4821420513ce76fe5fd2e57d669619e89ed69cbb3

SHA512
21bdefa56703bcf22b5a485763ca96231cb50b4fb4cb7e011496f47849df0a8d9762bab9ec53cbf62124a8d3b6d618bd5869e1b0cb4f6b9908b5875c94535b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf64a66a19aa19bb77e72c2ba8ef0c41

SHA1
af6c51287a9cc6fbe2d4939387aeeb98e295de53

SHA256
7e670ca5db44bddb16faf38891d1f4c50d3d5c4dff793d9129805a837da1294e

SHA512
f5d9f26ac223a5e097bc378e086d76340766d9220e50db6382c7676535ee1c8da643fa0ee04b91d3ea45d143b83e367b2d48d4a0636ddf4e22b50a5425e61f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9cd4d25e326e9f3aed8767704fa0199a

SHA1
426503e3fa5db137ecaff7b9a6bdd48d0b1ec88c

SHA256
f1e1cbc11fb8b69e7faacd03766be6bf13fb5912b7ca9022bc584d36f8406651

SHA512
efd3f771f33f8df8ee1cee427e2ba7db182ab1fece10475996868e140a21d686e08e8cd47c458afb1faf506717e5ddc453fa04c6dc5c109fa40068aa6195f11e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db759b72b41a52f829bafb9000511ced

SHA1
6f6ada026620abbc37b0c407e491044036197ea6

SHA256
2e02609e6949caa6807079fabe8443d31c23b2639a07b57bd0f27a08a12f71f8

SHA512
cd8d44f93760583f9820c0696323810a2b8f53b71b2ff65f8d8938fe5ad6efce5c8fa90db3ce939998b823c05fac146d80fe9ef8a2e323150fe96ca2b62eb125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9af22c4cbb89e38f8db722532f16c600

SHA1
ef96b54a9c9f7ef7b664c2ff04c7f67de727fd65

SHA256
91788680d3bee84677d7c29696ecaa5e451064a317d82eedda56482c2bdb87f0

SHA512
1231a2d4b2d6a5ad39e66c97bbff882de8ffeeed95764e2aa4dfa2f204ba8edab7c0e429c98e266495cbf39f64d53c19cfec5bea5e549b15c1ce85dcd59db3a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2843d5b1372aaa4a3d49ea2a5aa9ec69

SHA1
2e2396211070ed81bfcae12a2129e0eab30c853f

SHA256
90cea3ef28e550957a809f2ede2caa616f872d67cf9222e95cc4788197e05dd9

SHA512
70e4c7acd866c986811b878c8c0f127cc0d03e3481edc9a6359dca0c05ae75529ada4f23218864d8699393725164dbe7f8eaaf4aa1dee125fac2b85eae95cd6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
07fa3dfbff44cb9c1734fb8221398fc1

SHA1
d439e522176a6b8a37f497938658b04bdc3e83e8

SHA256
2588f25268a87318bb8267e013aa7b6908cec29a4b7e437d45d1b7daa11080f6

SHA512
0bbc60e3660fb6b214af4da9f02af093de215b5c6d88e71d3d0c53baa5fe2aa6ba4262dd14b9d645c67608adc0db96bc19384c647d01e2a252258a25dcc337ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9201fc752bc5e43b3fa3cd4622701a9

SHA1
e2ff4e7e558106eb5f7076a3b0b52a22af5ef33a

SHA256
f2cfeab8b3ec62aa290e4cb11bc0cf7551759c04310477d2c520d0f4f546df71

SHA512
21fa3c24eb21a44fe482490feaf68e61186f532ffa59604b23387e1845787848f107e3c48e6cf7c0bb49dd7465e6de3acb6d74b2036a1ed7b44943b8f0358628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c26be1cfe1a91a7ba685496533cd4a7

SHA1
fa805c1168303230854c7bfa714b49217c4dd7bb

SHA256
94529fe4c703d47c5b0953376e308c94b05470434998b6fb737a7ef7a0348a80

SHA512
dcbc00f771addd47896b08983de017dad46a43f70a0bf961d64964e976ba4ea63b6fbe71893d284295236867f3774d6ef89d743b32b0df4b9b8dec73e0af6594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
84f509e42b052f070ee81d1bad0e2c96

SHA1
18ac242f3b9b13274d5a9c069aa6e0e9e80acdef

SHA256
5e33fbe944ecea58f988273ee6b567634a369b79f264f95b19c435090b9e579b

SHA512
f9f503aed669decac806dd4b2cf4618009b7e0112bb832ee3b31f3cceb8a953e1152fcf0516ead1e4f6c5872fb214502db866d2f43d5c52f69b8a1dc67db2b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4bed4e032668df8b0cb86ab17436250e

SHA1
9971189346b1e55f41efd3306d2c560811c6807a

SHA256
fd79bc1dbbd013c176af79551a1b6c9917f38529cf0e0d22813115ee5779ff8c

SHA512
905c9f14bd6535b0eb18266ac83a31b4f77da1476efa90db00a1a6ef04f858eea605da378ddb640b3b18a3df776db7361a61766c60ba29de8176c49b74a93bbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
16a3ac8601e3b2d5c016264d8dba229f

SHA1
0d685f2a7a33a17b77ceb27c94e791e116b13c06

SHA256
c26ee12bc4c84cd6023d81b1d9928ec640d8e05593060cf5709400829f6c3e3d

SHA512
98e1d6aef8d9d153a8dcad2cd5f4675b8095a1680904eab0d400ecd07083cd908156ce0be391dcfe010d3cf24455ba58b32b3d5f82c44b5995b7863eac1049cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e4c483e3fd7d14f0e263bc22b1e39eca

SHA1
968a76d07977798e0ba28f37edb7554b8605a706

SHA256
935cfa1eee186ba409fb1059629cbd0bdd3e8c2e16dcd784c7afea6bf978fce6

SHA512
5bd962c247012c8058220b917cd4cfabf8435095c780a73de3d24217a25878497093da712cd33665e46c45cc1b0b5b4182cb87fcbf55d23706c6dc5f9341ee7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a70cf08ca7a1f22b4b3949f81d514c39

SHA1
03f9961e7bc4b7b2cf05c6398774d07842624538

SHA256
d372bcc1b2e4feb35ea40ba9040ae02d197bd2dfa49118204c0b68c21c6ab7e7

SHA512
426cdd46913b6851855f73237146b4f794a916a45d50d73939fb3738103f0a08e7fdef5c00690fd8cc47c48766c9f10c2ae1349d75609fe0550ef623f503bc48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4fc165e2ad24abe7b876ce55640b1f7e

SHA1
32ade5e4e51c93c73936b60523f06da76eaa3d2b

SHA256
7a19bab46424efb3023ed32d397a2bc679373ecd83837aa040aba992ebe21add

SHA512
d6fa017a55f35b01dca1ccebf5cff8a169d61940a339ce1b258b742c454315ff28142b0994f2c424c507c138d006216644ac2e6715c62e9b253045788192d5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c664db240429debfe3f146e6d2a35eee

SHA1
5381f917b76b4a7aa83e431cdfc80095502f270a

SHA256
b02446b8f5faeca4a11b0721e03f38ed5e8424d7eff60f27fbc055c11e9c7473

SHA512
eddff0afa1a1f8519a4a27a6d7a3dd3851002b8df7e4fe2463613d75980a3764ad3a63505eace7e1ea333b875ca2073819eeba64ad6e6d98f0a349746b85786c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5c477f116021ed00bd06521913b31aac

SHA1
7be7bf678f769ad61d954d65038719dacb608a7e

SHA256
100b67a70d528b8f905b705afb736ead520bf3a7580e4018254d87b9d2483f42

SHA512
66fbd992111611309d14d20f1c11d2c48c989d4490a05fc9c7707766c4da0278d1179d10efe5c7cbdbe763ff72b76e0131a7dcfb3e96ff8a03bb3a88c0fcb14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e8e7b807120cb8f3e9a6998310d72ad7

SHA1
65b9a6af49b491e6974c786cc9dcaf42fd17a159

SHA256
69a88f0892ed7f851ebe386f2e08bdbf40083e241f0e6838201775e8630f2c3c

SHA512
3700b1d984129d472296fcd4053c38b3b07ad838ce335ecc4c40e20fbf0dbd91152ce8d7686251dc25d13be5bab524621d960700bb41ba9c027e5eb16ac06e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
36KB

MD5
d7e54fd6ab8d50c90b650492f1b76ead

SHA1
c4831228624a61a9bc87ad926d4a8d4d267126b0

SHA256
936bc3c0ae35509885f3125645618942c3b32117ea20ff21a4492a6e4e30f630

SHA512
a8629becbe625f67ddf8556d89114e21f32d4bfdefd29a147ffbf53c4cf569792a2c83fb40f145640ec2bb858ea5a9c2fea6ee6ea2534d398e8424be840280ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
66KB

MD5
ff77b32174a45cf4f9aa85681fa3a41b

SHA1
ae95b533c7f10cc3a82b002ae70edaadbd66af8d

SHA256
9530eb72deab1cace611fb24f947aa3fe18a3c104564129a3d495ecc13e1dba6

SHA512
f3222661812d4b2562c21dc121bd6a02aacbacf8e7240c4135930d0f62150d9880200bc44fe0615a84f1a15fe80780caacf152620f7de9c3c548945e69a17e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5fa61714a02b10261bc87db7015bc2d7

SHA1
69da5c887af00c565cdc12b3ad6c16dbbb01903c

SHA256
f7d7ae386f9839136fcbe17b8d2aca0623cb11c9c2c5c49936e1f42080a34da3

SHA512
4d3ecf860f672eee1c4ceb629fe09b0781f720ba6fdddd25f436f4867939478675d8baf268157c9b1bea0352275487c8a5c9765e9e473789b0bfb0a7a8cd3f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
17fac51938d7b9aeaed00496cc88e298

SHA1
079da7ac58ad56666689c7c767d6fb6d9d0e029c

SHA256
0d7a721e2cdf2a131cd9037710f6962be4d5679f22f05ed748b1b374db2bf275

SHA512
1f48596c340a98d99d6482b39eab4f09185c33bd77938e5851d9ebdb011361a4eeeb7bcc441234b1255eaa62c8724ef7ee15be1af03637b38859818f8c88cc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e407.TMP

Filesize
48B

MD5
bf60d17b8b3216b3dd57869c9dbe59d6

SHA1
1d8b506a3cb82714db53a969959fbbc7ed152de4

SHA256
5e9f52be091970b9518302c6b7525bee4348eba2f7bb1f4a4b65d5e780ba5ed9

SHA512
d9d54742d47411874a91952723919b9531d87c3432f06bda62df82a9967ac07fefe48ebaf61af3586069bec71d1f89768f099e18d81e8d832fb284fcd1f10610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\d62ea3de-e9e5-4032-a681-3c4ace5145bc\2

Filesize
615KB

MD5
0935e6a4bd6236bc644f7c7710143e36

SHA1
fa26762fed9d2303882e3b89e3323aadbf8a2e61

SHA256
800797da55efd3e42b0257ddca6f1a2e87d28b278fc3d7a1fccf5577067059b2

SHA512
06159c80d861d83b03e9b0661030284c0b27260c2c6be146a76f182fc8e4d0eaf6dcf51ae0e48a53ce775ed4853891d056c6253705c928bb14ca89377364dee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
f9749de1d214de8d3f81a32e66965aa3

SHA1
34eb6cf3eee192200a9b49f0ea2369d3c78fdc63

SHA256
8ffc5a8d7c7f56df7cff315f4ea2b8a0797b7de39e4dd1b29231a8e89898301a

SHA512
7c53772c7c16dad24fec9c52e9794de4e25f2078822b06d6fde4bc4b7c013d5bf31d4b806f363041bbd608f82f4f4076fa1b2950efa32aa40e929e4f24cb13d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
a8dc8dddb186d450a316066f1b699512

SHA1
c755c8fc87fa8dbbf3a73b7e668bf0c536bb6590

SHA256
5f1342c152185a3c543aed6ae8d5a1b2e2199a138dd195b723ed14ac181ce80c

SHA512
153895c08a0e972446256d864d0f61da36b42e4775fc0558b526bbc89a01ae047a9f7065dba840db3dc6103a14d6d6ca11eef01488da013620c19571792d7e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
6965e7a0cee8261d7c4b182e105da65a

SHA1
4ea792f4efce509dda33d1aa3fee018984f454d7

SHA256
5339bda7170a0981239ec9ceebdc70647e01ec13fe65482f2c382bd4126af4ed

SHA512
4135061f8c1934102ca37111fd632c2f2c917b2d69f01f347abc6a39d27690c2b7f52aab61c75e97b9f5e513c4c232b8e9d2492797b6600aa6896e8f22b339c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
3d0909df5d702b83470a3c1807089075

SHA1
411783fee9d93299654cc10a2a30e5637f5580aa

SHA256
daa1e697c2c52d6c2eabdb274fd268b2d36cd3af715e54f25ab2d065f05ca938

SHA512
19fa5dc144dde833d75dcb4a28d319b2293e315c57ff624f660622851c638689114314d67ca75fd18a7068bcf141e097bc71264abeb2a3b98ecc5a498da122f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
fb865fec54d6359a55babd507317ee8d

SHA1
f6f99f0ab171cb5b32716566628aff075bd3b88a

SHA256
841a46ea25b798f98d78d9bfb5f945e341994e532cb5394217d175a4b19910a4

SHA512
ee60b6813d1c9417fb61f56eb610e76476ed460aaec7fc9f530d3792c78a0eb2de3e643cd96a30032107a080aa7a095904aa1033487c8ad8f032c5d310bb0237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
78d753369d9058a76a520f0d5e9ad189

SHA1
0dd188807e0f9320231469949d4088ff866e2293

SHA256
2a289644d41ef9599ede7eac076827f0a8d54fbed730a6214c639b33c5c46cf1

SHA512
3a6716245a68cbc83771f8c359f0d80926ad343cc9c0860d1214f4705cbf48d5dbadb80e1557830626f4e3b274ba93e145f97558ef828ac55ef75b39cd510645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5892e4.TMP

Filesize
94KB

MD5
349fdb724c4e8503863efdc1346c6093

SHA1
95aab0342b3ffa38c1c90f7da4daa07d8920afd3

SHA256
7b5d9ca1bb1056de05a108cf2d8f5d5df6c716506636bf54766fe44e1fd35188

SHA512
8dd9264bf89c5d51fa9baf7ad083c4ba00f0465fde544174f9324b8193d34414fb4131bd8c7646778e3e94a7861947462e5db4ccd3a87c3d5ba1bbe01c1bafe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\FanControl.zip.crdownload

Filesize
5.6MB

MD5
f5115feb8e76e5937a28f4a02dfcb021

SHA1
3f5a3265315695f3f14d25fdcec3a7ae1e25f695

SHA256
e0676196d6c50038c01caa94ffa8cc6e206a86a261d25d6e90c676e3aebc6fc7

SHA512
42ca0b92a22df15bd61301127ece7c8bac556c48d734a54c408aaea1a75a362773631802be857e6dd79b8ea5848356f4b1bb0ca5955a9e01d40ced6083fa6da3

Download Submit
C:\Users\Admin\Downloads\FanControl.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/440-485-0x0000016975FC0000-0x000001697606A000-memory.dmp

Filesize
680KB

Download
memory/440-514-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-481-0x0000016974F90000-0x0000016974FB6000-memory.dmp

Filesize
152KB

Download
memory/440-483-0x0000016975010000-0x0000016975018000-memory.dmp

Filesize
32KB

Download
memory/440-484-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-479-0x0000016974EF0000-0x0000016974F1C000-memory.dmp

Filesize
176KB

Download
memory/440-486-0x0000016976070000-0x00000169760E8000-memory.dmp

Filesize
480KB

Download
memory/440-489-0x0000016975020000-0x0000016975021000-memory.dmp

Filesize
4KB

Download
memory/440-490-0x00000169765F0000-0x00000169766AA000-memory.dmp

Filesize
744KB

Download
memory/440-491-0x0000016975030000-0x000001697504C000-memory.dmp

Filesize
112KB

Download
memory/440-492-0x0000016975D10000-0x0000016975D42000-memory.dmp

Filesize
200KB

Download
memory/440-493-0x0000016974F20000-0x0000016974F28000-memory.dmp

Filesize
32KB

Download
memory/440-494-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-495-0x0000016975050000-0x0000016975058000-memory.dmp

Filesize
32KB

Download
memory/440-496-0x0000016976E90000-0x0000016976EC8000-memory.dmp

Filesize
224KB

Download
memory/440-497-0x0000016975380000-0x000001697538E000-memory.dmp

Filesize
56KB

Download
memory/440-498-0x0000016977030000-0x000001697713C000-memory.dmp

Filesize
1.0MB

Download
memory/440-499-0x0000016976F40000-0x0000016976F4C000-memory.dmp

Filesize
48KB

Download
memory/440-500-0x0000016976F30000-0x0000016976F3E000-memory.dmp

Filesize
56KB

Download
memory/440-501-0x0000016977140000-0x00000169771E6000-memory.dmp

Filesize
664KB

Download
memory/440-502-0x00007FF8AFAC0000-0x00007FF8B0582000-memory.dmp

Filesize
10.8MB

Download
memory/440-503-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-504-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-505-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-506-0x000001697E7B0000-0x000001697E8B0000-memory.dmp

Filesize
1024KB

Download
memory/440-507-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-508-0x000001697E7B0000-0x000001697E8B0000-memory.dmp

Filesize
1024KB

Download
memory/440-510-0x000001697E7B0000-0x000001697E8B0000-memory.dmp

Filesize
1024KB

Download
memory/440-509-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-512-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-513-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-480-0x0000016974C00000-0x0000016974C0A000-memory.dmp

Filesize
40KB

Download
memory/440-515-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-516-0x000001697E7B0000-0x000001697E8B0000-memory.dmp

Filesize
1024KB

Download
memory/440-517-0x000001697E7B0000-0x000001697E8B0000-memory.dmp

Filesize
1024KB

Download
memory/440-518-0x000001697E7B0000-0x000001697E8B0000-memory.dmp

Filesize
1024KB

Download
memory/440-478-0x0000016974F40000-0x0000016974F8A000-memory.dmp

Filesize
296KB

Download
memory/440-477-0x0000016974DF0000-0x0000016974E04000-memory.dmp

Filesize
80KB

Download
memory/440-476-0x0000016974DC0000-0x0000016974DE2000-memory.dmp

Filesize
136KB

Download
memory/440-475-0x0000016974DA0000-0x0000016974DBE000-memory.dmp

Filesize
120KB

Download
memory/440-474-0x0000016974C10000-0x0000016974C18000-memory.dmp

Filesize
32KB

Download
memory/440-473-0x0000016974D70000-0x0000016974D96000-memory.dmp

Filesize
152KB

Download
memory/440-472-0x0000016974CB0000-0x0000016974CC8000-memory.dmp

Filesize
96KB

Download
memory/440-471-0x0000016974BB0000-0x0000016974BB8000-memory.dmp

Filesize
32KB

Download
memory/440-470-0x0000016974BF0000-0x0000016974BF8000-memory.dmp

Filesize
32KB

Download
memory/440-469-0x0000016974E30000-0x0000016974EE2000-memory.dmp

Filesize
712KB

Download
memory/440-468-0x0000016974C90000-0x0000016974CA6000-memory.dmp

Filesize
88KB

Download
memory/440-467-0x0000016974D00000-0x0000016974D68000-memory.dmp

Filesize
416KB

Download
memory/440-466-0x0000016974BD0000-0x0000016974BE2000-memory.dmp

Filesize
72KB

Download
memory/440-465-0x0000016974A10000-0x0000016974A1E000-memory.dmp

Filesize
56KB

Download
memory/440-464-0x0000016972920000-0x000001697292A000-memory.dmp

Filesize
40KB

Download
memory/440-463-0x0000016972890000-0x000001697289A000-memory.dmp

Filesize
40KB

Download
memory/440-461-0x0000016974C20000-0x0000016974C82000-memory.dmp

Filesize
392KB

Download
memory/440-462-0x00000169749F0000-0x0000016974A0A000-memory.dmp

Filesize
104KB

Download
memory/440-460-0x0000016974A20000-0x0000016974A42000-memory.dmp

Filesize
136KB

Download
memory/440-459-0x0000016974B60000-0x0000016974BB0000-memory.dmp

Filesize
320KB

Download
memory/440-458-0x00000169753A0000-0x0000016975CCC000-memory.dmp

Filesize
9.2MB

Download
memory/440-457-0x0000016974A50000-0x0000016974A60000-memory.dmp

Filesize
64KB

Download
memory/440-456-0x00007FF8AFAC0000-0x00007FF8B0582000-memory.dmp

Filesize
10.8MB

Download
memory/848-441-0x00007FF8B0270000-0x00007FF8B0D32000-memory.dmp

Filesize
10.8MB

Download
memory/848-440-0x000002813F0C0000-0x000002813F0D0000-memory.dmp

Filesize
64KB

Download
memory/848-430-0x00007FF8B0270000-0x00007FF8B0D32000-memory.dmp

Filesize
10.8MB

Download
memory/848-429-0x00000281245C0000-0x00000281248F4000-memory.dmp

Filesize
3.2MB

Download