90a2d935dcd1ea5a18ffb8194f9a8893ca2f62c9deaccbc8c94855b770387ea2

Analysis

max time kernel
99s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9.exe
Size

7.0MB
MD5

8ad67a1b7a5f2428c93f7a13a398e39c
SHA1

d4f71fc5479a02c8ff57c90fc67b948adb5604e0
SHA256

8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9
SHA512

57475600b531b3b80936bf3015d5a38bba61cfac793cb4de9985d4e4b0afdc12f7f591ecdc8e9f9fd2dcb7b0e3d2fe851f33f80ba2888730774f73ac8ab34b5c
SSDEEP

98304:UNmXStQHQu1OCUPExButIaUgF246UZ0R+xp2exp2U3KQ5KntG:2Bt2Qu1OAxW2kyRU913KQ

Score

7^/10

persistence

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9.exe	8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\RESTART_STICKY_NOTES = "C:\\Windows\\system32\\StikyNot.exe"	StikyNot.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon\ = "\"%1\""	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ShellEx	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\ = "&Edit"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\ = "&Print"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2952	WINWORD.EXE
2044	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
952	chrome.exe
952	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeShutdownPrivilege	952	chrome.exe
Token: SeShutdownPrivilege	952	chrome.exe
Token: SeShutdownPrivilege	952	chrome.exe
Token: SeShutdownPrivilege	952	chrome.exe
Token: SeShutdownPrivilege	952	chrome.exe
Token: SeShutdownPrivilege	952	chrome.exe
Token: SeShutdownPrivilege	952	chrome.exe
Token: SeShutdownPrivilege	952	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
952	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2952	WINWORD.EXE
2952	WINWORD.EXE
2952	WINWORD.EXE
2044	EXCEL.EXE
2044	EXCEL.EXE
2044	EXCEL.EXE
2044	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 984	952	chrome.exe	43
PID 952 wrote to memory of 984	952	chrome.exe	43
PID 952 wrote to memory of 984	952	chrome.exe	43
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 912	952	chrome.exe	45
PID 952 wrote to memory of 2368	952	chrome.exe	46
PID 952 wrote to memory of 2368	952	chrome.exe	46
PID 952 wrote to memory of 2368	952	chrome.exe	46
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47
PID 952 wrote to memory of 2208	952	chrome.exe	47

C:\Users\Admin\AppData\Local\Temp\8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9.exe
"C:\Users\Admin\AppData\Local\Temp\8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9.exe"
1⤵
- Drops startup file
PID:3016

C:\Windows\system32\StikyNot.exe
"C:\Windows\system32\StikyNot.exe"
1⤵
- Adds Run key to start application
PID:2176

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2628

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Documents\ExitDeny.odt"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde /n
1⤵
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d99758,0x7fef5d99768,0x7fef5d99778
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:2
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1516 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:2
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1156 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3036 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3548 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1320,i,14974929799484229020,11086447795447205011,131072 /prefetch:8
  2⤵
  PID:268

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d99758,0x7fef5d99768,0x7fef5d99778
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:2
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1320 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3192 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3344 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3636 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3608 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3752 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3572 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3980 --field-trial-handle=1236,i,13247799646820036418,15071090745535238217,131072 /prefetch:1
  2⤵
  PID:2396

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a37c43c7e9405d627f520936353ae656

SHA1
23c116cfd01a4de506ce401347710ef1a1febeea

SHA256
32e86e675b00b5273a5475931f0e39fbc4152e7a6ba9a5e6b327eecec5b84673

SHA512
0d90c29a93972ef4abdbbd839707a14f8978a77538d4885ea7e39a16f6e510e54b7bdb046e253672ab3e5a88b2f8f88a8c87b7c8ef586cb4fc1e5d4c60098545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c55432c591bcc00dda3d58cd617becc

SHA1
db1cf82dad55447a5d9e67fa0f50427007504b39

SHA256
271e90adf184a07ff561c09f565f0189a6acbd7029e9fb6352a6e87b4be62860

SHA512
82ae03be186fd258fbff9bdc4a73a02e6d038257bdb6718c0fe70aff1892f5c96937d0a242b8a2e35e622099fb1720da5ccd9ce9c816a814196e5b39cbf71d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\21347bed-9b5f-4db3-b6eb-6397114c1099.tmp

Filesize
265KB

MD5
13b8c0a77e2a6f17f96d0781824cc2f4

SHA1
c9133c1dcf98a3638f87d029d8fb1ce37f1be039

SHA256
cb4b1c83a9458f6d97ad75533d20a6302635210ece2d01e1654fbf9b7dadd02c

SHA512
5bbc8ca8be8586ec4ad3491b1b52c188a4b591a20cd2113755c131006c7d5a4acbd45d75d03ad928e0a19ddbded8d7f4e6c35cbc73b3e0a944f597f905eab6ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\576a8014-7ed1-4a74-bca1-6ae097ac0ec2.tmp

Filesize
139KB

MD5
f6c8298cd1b32ea41e7d1e0ab35dd9f5

SHA1
6d8a20895e0dda0f6876cb5eee269b627d3cdfd3

SHA256
fbe3180e23398a9e74cde05e6bda01985bfc48b99c50f7d23bc228273a897a30

SHA512
9ee07906f161d2469150a09816a7d04d1193af6e9182dd27b4a5c3c39b1b5dda99b504b9251c9d2033822a353306e0b2b49aa5afb46f41c51609d31087f904b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
89f4922a7587a9f92f626d7868051285

SHA1
9419dc4f12c1cafefe5a1a12997cd4c0ae5d6702

SHA256
16d4c209625f423200c0a930685ec659bdc58c7e5c7848d0008979311b945ce7

SHA512
009d7b6d168824bb8c8c15f256502673af694fec8b7fd3761567bddcb0c40500d77de42c13313fa33e7848d8380d097cdc4c14dd21e71023572de5508127f9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
a297040ce50dc588f6d4353dc2f7449a

SHA1
4d47bd48b106fb8eb032b77a2fe1cb563ef3549e

SHA256
642f7395a92183c7a92c1fe10cfc0dfde159b0898293e370d9cbb6272199d095

SHA512
30e259eb530c3b4a23ec135a88dcbe27105ccef487f2d9667426f31f5a9b1c4179287e7b68bf657b236d0dc2e56ebde0e563c815cfc7b295efb51f68aff84176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d415d37da6bc29eed20455c17413dbec

SHA1
9df6cd56d9e6cf82aee9d10585e29f0f9afca6a6

SHA256
dcf2ef234f145081ec6054c432776aec77082087172d38511746fbbb08b53dbf

SHA512
ac94a2a39844df6c51e8c66bf781abe4d007dbd5d9ad608c2ae340307c984c7f24944aae3264998574d80bb3b35c02ec01e7c334e8b70599eba0d4deff8d88df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
024dd67508de4aace83f16712b48f21d

SHA1
1c5dc4656e8270105aa9a19ff0246a7e13349f30

SHA256
8c6e825f6fc2784117892adea295947e3c4c7c85122ff8db4ce833923e3f8da8

SHA512
98cba1953b2845a0aff6f70c6cbfa007e10cf1d139367c46ab59721a6d9707d6595770f6008f44183081cab1d3f1a541201bbdc4ddf9a09e44b694dbf50a9b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
00fafb9253c40f65cc3ba35857712038

SHA1
d1359e77b6c943ebf07735b33c8b84f71c349a5a

SHA256
ed65c3870ba63e429bbb5da4b4dbd1e91804ea1d027780e0359d1824dbee5db9

SHA512
201734769bb9e6b6ba31c9a3ce80beac58b0ad3ec731cd445151289dad1b3ac9005a4a679d7a25e44b15f0d605ee6494561b156223e0528a21e236ef21784d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
ea618272b90d6ee41f67511704dd3f05

SHA1
4f559f18e8ecaad3940aeeaba8aea0ac1ff7ae21

SHA256
ed087528d06de1abaf0a12cd18e3040a6af70942d998ecdb730ffc5fe24a74dd

SHA512
b2dac4113b6ce4cf848ef9c0810fae46db016db65941611f99a08212ec74cacf5bb5dd1cd58cd91d37acb5ebe051fb3bd93f86f7aa28b7b78132670ad7c770c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
792B

MD5
c91f16ff3300bc2ef08620aaee4eded6

SHA1
277f4a8dbbc9873f3bd1605ae9edb31badd02bea

SHA256
9ad9a8f7253fe199291681cf23cb770a2033294672a7e3efca8b20e3ee3237f1

SHA512
de9b44017d003358d9ea2964cf7f722082ff8b5b8a991ac70a88d60d2c3e2d0df8bf370df5fb41bf2c8ee500c81ce3b957fea96f3bd04a23ca6acd9436989a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
777ee097a43fd19be28322496f8a9a87

SHA1
8e88eeb9fa8058ccac16feac6d7ccbd2c2424463

SHA256
5500155edb8da722760e78b98a272dfd72a649e55b07c3f9a81d0d3ed9c256cd

SHA512
2f93935e57e5de44fbcbd7929fac377727397f36c68b2eeecdb4225e0eadfc89bbf4d229bcac13bb993a65464c389d1f25b88d9fb567215cf82569b4354d0e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
2376188bfd3cb518cea0489af0b3a752

SHA1
75593f7b8ff23b204927602f215ee64272d933b1

SHA256
05768c00580acfa250eaf3a9561e093c9155e236b6da47772d30398a8e58e2c6

SHA512
81846475d6e728b5f228b72c159d1f88c90e3082071ab80cc1bb11a06f359ac5f275e7e4ad9470db6ed1a82f12a1033f807bbfa1a583a04e052fa1d39facdc30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
4834b4367e626825dc751507c51f833b

SHA1
45a6fa2798a08025d6579ac477107586944f2dc0

SHA256
27e827081158d58bdf7b2af5204a373f155838bcb945aa76ee43d32915c370fb

SHA512
99be58984e9b48ec9dec81a2b4e46f4721821f8bea57586d8d909bb53bb5ef32ff0e1ff04e33c3aecc996bcbb167119fc966d87cdcf2ee618728926fdcd32ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9d9dd642b7dcccb0de162cc771a1af18

SHA1
adc5fad32c79046894a47355d3c2ab4922fd314d

SHA256
bc958cfbd6ece1f2e1635e29a8faafae590c2b74f971f7bc98f52f4c8bab4002

SHA512
59d0a6f097d1cd8fedec2fc65006922161fe094ae6e58799fd361a3c0e07a5b90ba286e1b5c8eee9c6cf33bf016f9476ce0068ed2641a93609f813c375d9b00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
29f5255991f43897c88cfc1d00e460b2

SHA1
ee9d669ea99a5d07c44931d724828f38ef65cc44

SHA256
c3dc2637a2efa941bfe04e5d35922b455198243a0c0082f778cbf22397dcd516

SHA512
42b5d66b4a5266a8cc0752cac8c25161476fa70943e652011b4dca3e4c9a6e4f74c5ebb9ce698571e7d9f564b33ee3a3dd8124f28f2728937373490b0a4872f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\metadata

Filesize
1KB

MD5
dc25e664584adb9d95d45d9262355a28

SHA1
17b973f38c8c0e3ca211bb6c67376ab5848928a8

SHA256
6503189b7f4e274fb8815e1efef733006c9c99ed481d07d7ed84c4ba71bc13de

SHA512
4fc09b7caf85fe6e5d3a7d3ce444203a5960c2f51ae205bec0a18540edc4ea0e7460fb648ee6d628d54feb45ad8f05f33e49eb75546f2e6e339f93c0417d3f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
7823b4c92da4c831997251c55dad2d67

SHA1
85a890d4775af199d9df8043395bc5541b3847c6

SHA256
c05d10400fe909a7ff74b5d78dc16f1fc4742bc1096f9adb9d5c16d45cd334dc

SHA512
820846d2f78c89c8d790109224e3baf2e1b9319908f4897db5933f354daab900b4150dab5f6ecad5ebdb3d886c231e89be481a61a5d57bbf6daee15fe33882a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
849cc70cb31f82b2eac17e058e338ecf

SHA1
929c946d85b45c6ad906b9150b0d7826119e2162

SHA256
4e8cd1216b176c671b33f92f7d58059e7b4190f4e178f0bb762759378af83ca6

SHA512
57a85314aa05a3e63a730633a5d5684f8c59bccd1e0194f87f4640d396ebeb1c2a750e72dee6d612af53d5241c2f347d30333ae5a711b8f3a1f21ff73e0a31d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
fe7ac6296a783949264d5abc8d69b443

SHA1
32bca04fb95f953deb38e3bc05c0314362420b76

SHA256
ee1ac8b2768e40583cad98e8edc274ec882384c4776b3fa07b75a6070d0b6ce2

SHA512
e4f55e14469880ba92bbb61d3708d3489f56f195d0a21938c9ab14588a29172258849c84b72d3405665889f88a55dadeba6c5a02b211c44c9ded24feb76ddbfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
a7dc3940a6f56f935cda88488c83b76b

SHA1
f14645deb8988f01eef5f1316f48b33f307a8172

SHA256
40de07e3e0e5ee8ad6f560960012069f1cbc0519f03d1327c12893fd923d16ce

SHA512
24b5c16483a958b3dd5cebb789b9da0efe65ee30aa092307d81e6003d0cbb938fc1532e2b641bfe4c1f385e4445aa43dfbafb52795f311c641bcf24ebe04cce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
79a89eb3e42fcc1f866ede2d8a0ff985

SHA1
9133bcc95abc0c21141a03b825a9020688a5a795

SHA256
c88d0c705224c7c2eee5058ef8c845a186ee650f20310fad1b3f45eb35f184f4

SHA512
013797e4455bed9fa84c531f2e902b415608070bb4b5c3578ba76f09eb2678d394c6dfc6f4c7ecd7a64702dc2ae9b85077897c2aa811b2ec06f699a4cdb6d43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
03d881fc5a4ab4013bd1b30988abb179

SHA1
9ad861569715575d7b676e5683b14dd3cffec304

SHA256
5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8

SHA512
29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
477B

MD5
cfc022d784912b4d9e633845571f5fb6

SHA1
a278b36ecf534cbe3d47b40a9f2856603eccec6e

SHA256
d7be9c50acbf692311c9673258aa8e7c7dab301c7cd535741af825a075b3c9e4

SHA512
7e348b4dc83af7555f5db9fe72109ff3aace74da4e551ed3092172f376e93edf1e3638a8ef6210c599540d298d49f2fa53479f24cd967fef13179d33b032dedf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
19B

MD5
b4ae87971a894fa5eb3381b34edd7fe1

SHA1
3954d08f19fe493fa177cda649144489f1b52e1c

SHA256
fbe8303f428284857c2e82166497a7851e6231ee0d0afdbf2ce30d862ea30a00

SHA512
d2c97c0d4be484b351e359e575bcad8327cb4bc9927ff5a2b6d2d7f510fc63ef0c8087edfbd3ecd448d8d6254ee397f29437f06af04cfb115207b39e450034c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
00b51cf57a2025047b2f8d08e0e08a7f

SHA1
5f75fa0069d6c5c671ffba7a93eb26e4c5c9ebf9

SHA256
81b03027c5ec4afc91b3bd0fdc105315006fe93d9bf40a2f8b7e51cdbbed307d

SHA512
26655c627bb9ea9e59c11f7e58fffa8103024d935eb6a581b6580f8920775a6cecbd35e97ef4c3af96cf912bf770b3e7ee8c24a2b86aa6356a00d361e561ea2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
479ca49c2af1f784e2bbfdd2a45452b6

SHA1
42909cb211f3d4abcc6bcdb5f200430245cdccc5

SHA256
387c9f8a0d1452afddbd16bcef099f318e8b4907c0d7dab7f8dccc8930e863e0

SHA512
2080d6a479b0c6edcc380d0868a252fb3b7dee15e980e44f6ad58cc10062ddb3fa1c424177be163317f8295784312873f74b36e5374dc385fe7c797533b3d542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
317B

MD5
aa87631609c601badedd6861cd118a82

SHA1
085e9ee84089d325e12aecb41b6b0b58277a7b9d

SHA256
32748a6231e42b8eba9b33fcd1ad1fd01210ed64f5c9d34d35334c66eeb056d6

SHA512
59302975182586584e22ea3c188e70c252c0736acff9b1f025fd1c366086fb8ad79dadb8959e6a9fc3ed9f60f18b0b659ec54fc7d0abbe85a4e113a8f7cad725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
12275f46db968e27e4edb23a4517904d

SHA1
1bd41f5f55dc8532c45c5ed91bd0823deabe3d3a

SHA256
0b9769e63620205002586d7dbefa19d6c3573ffa65bc86eb49113ec271feea4a

SHA512
084364c331be5c6b8c537a6c56b732ccdbb45f0d74a1e0ed89ac195e9ae43e15f15c953e3ed188990f0abb7e0e6456fa4b6b34562a02c180f7c061a7728c8b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
6e038c7b326af4ef4e54218d0d501492

SHA1
4c8929b6980cedaadad505fb2e7acb920b292b19

SHA256
ffa3a2247d810d2fdf50f142a60b90fb17fcd6a76c423383e0ab1a6329afe0ad

SHA512
53dc04a78231493436e20acbf0733288b1691c7030a7eeed4d087aa1b983c8343d0711e6a5364a9b4598d816f95c11788bd33168b622b777d2eb1f57d44336ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
8b7cb42c968c0b0716cfeb1ae8ca61ee

SHA1
72c0bf4d80605a0f3d75cf9479059e321419f4c2

SHA256
fb28ad05c73151f24f8734a1128744b5a38ebe3305b4f21d69b76e0d34a688a2

SHA512
63ae193152f4ff2dcba40bf5c3966621e02ba456be4a9d5eebddc5efe6667c9d7ff7e200d7f1c68081d40d4f2be1b4f2caa9777bc483a1595479139227d846c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
139KB

MD5
c0fb8a84db2da3bf1125685903b0f243

SHA1
cd680787b4c00ffb29ca0b1764bd4a40a53eda3a

SHA256
7ff5cfd0af49f51fd9081e629f7e2c538bf4c497d244d8376c04e56bca18a211

SHA512
7857296a66473ba6a4b1f92f83a1a2f9ffd3db3d5ef431ac673c54e5b43a2cbb66622c5532bac249ca8f31c7b8da283da007fc4a96188db3c4d6662d4d073248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB415.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB554.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
20KB

MD5
1a3767770286987038da92ee6f0d108e

SHA1
d2a3dc90531d799652dd6008b1d9f42b720174f4

SHA256
2ca0a9b18722b4826dbcf032c36f3a378ad0a3419f28be0ec1a20d0549e19c9c

SHA512
036af6d7d5387ed59657435dac710c58da69b33add0068e2ca640cf78648d35fbcb374dd59b5f58556ebe208570e0bb374a6248e6fd63e91f18c7ede0cd71278

Download Submit
memory/2044-33-0x000000007222D000-0x0000000072238000-memory.dmp

Filesize
44KB

Download
memory/2044-31-0x000000007222D000-0x0000000072238000-memory.dmp

Filesize
44KB

Download
memory/2044-30-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2176-3-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2952-29-0x0000000070FAD000-0x0000000070FB8000-memory.dmp

Filesize
44KB

Download
memory/2952-6-0x0000000070FAD000-0x0000000070FB8000-memory.dmp

Filesize
44KB

Download
memory/2952-5-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2952-28-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2952-4-0x000000002FD41000-0x000000002FD42000-memory.dmp

Filesize
4KB

Download