hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/tree/master/Trojan

Analysis

max time kernel
1234s
max time network
1217s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Trojan

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\uxtheme.dll	NOTEPAD.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe	NOTEPAD.EXE
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe	NOTEPAD.EXE
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000078000000	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "7"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
1532	NOTEPAD.EXE
1992	NOTEPAD.EXE

Runs regedit.exe 1 IoCs

pid	Process
1348	regedit.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
1420	chrome.exe
1420	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
2244	chrome.exe
2244	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1348	regedit.exe
1260	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: 33	2332	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2332	AUDIODG.EXE
Token: 33	2332	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2332	AUDIODG.EXE
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
1992	NOTEPAD.EXE
1992	NOTEPAD.EXE
1992	NOTEPAD.EXE
1992	NOTEPAD.EXE
1260	NOTEPAD.EXE
1672	mspaint.exe
1672	mspaint.exe
1672	mspaint.exe
1672	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2484	2356	chrome.exe	28
PID 2356 wrote to memory of 2484	2356	chrome.exe	28
PID 2356 wrote to memory of 2484	2356	chrome.exe	28
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2676	2356	chrome.exe	30
PID 2356 wrote to memory of 2824	2356	chrome.exe	31
PID 2356 wrote to memory of 2824	2356	chrome.exe	31
PID 2356 wrote to memory of 2824	2356	chrome.exe	31
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32
PID 2356 wrote to memory of 2456	2356	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Trojan
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7799758,0x7fef7799768,0x7fef7799778
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1224,i,3767701633098926043,4533228919468618050,131072 /prefetch:2
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1224,i,3767701633098926043,4533228919468618050,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 --field-trial-handle=1224,i,3767701633098926043,4533228919468618050,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2204 --field-trial-handle=1224,i,3767701633098926043,4533228919468618050,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2216 --field-trial-handle=1224,i,3767701633098926043,4533228919468618050,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1640 --field-trial-handle=1224,i,3767701633098926043,4533228919468618050,131072 /prefetch:2
  2⤵
  PID:2980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2468

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2052

C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
1⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:1348

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Windows\System32\uxtheme.dll
1⤵
- Modifies registry class
PID:2680
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Windows\System32\uxtheme.dll
  2⤵
  - Drops file in System32 directory
  - Modifies registry class
  - Opens file in notepad (likely ransom note)
  - Suspicious use of SetWindowsHookEx
  PID:1992

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Windows\System32\uxtheme-.dll
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x538
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7799758,0x7fef7799768,0x7fef7799778
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1312,i,3840365822441057193,12531093945250491535,131072 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1312,i,3840365822441057193,12531093945250491535,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1312,i,3840365822441057193,12531093945250491535,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1312,i,3840365822441057193,12531093945250491535,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1312,i,3840365822441057193,12531093945250491535,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1128 --field-trial-handle=1312,i,3840365822441057193,12531093945250491535,131072 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2420 --field-trial-handle=1312,i,3840365822441057193,12531093945250491535,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1664 --field-trial-handle=1312,i,3840365822441057193,12531093945250491535,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3328 --field-trial-handle=1312,i,3840365822441057193,12531093945250491535,131072 /prefetch:1
  2⤵
  PID:996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2768

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Windows\System32\vbscript.dll
1⤵
- Opens file in notepad (likely ransom note)
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7799758,0x7fef7799768,0x7fef7799778
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1188,i,5130567495087612231,2263930649633816255,131072 /prefetch:2
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1188,i,5130567495087612231,2263930649633816255,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1188,i,5130567495087612231,2263930649633816255,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1188,i,5130567495087612231,2263930649633816255,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2152 --field-trial-handle=1188,i,5130567495087612231,2263930649633816255,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1252 --field-trial-handle=1188,i,5130567495087612231,2263930649633816255,131072 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1188,i,5130567495087612231,2263930649633816255,131072 /prefetch:1
  2⤵
  PID:1540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1904

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7799758,0x7fef7799768,0x7fef7799778
  2⤵
  PID:2160

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7ee808fe-df97-4db4-8caf-6c0f584572b5.tmp

Filesize
129KB

MD5
68f160b4d83ab8ff75710b9e96514774

SHA1
091aaac46d970c55f65ebd1fb57776355854dfa4

SHA256
a3553119414067ba0904a300bcaad91da837076e12f37d7e35186465972f1f49

SHA512
54a279420377b51c8e2283c9dd244e6df740a0425f254c541e0bfe5839f68ec3dc5b6dcfa88afc2b5638676acdec8224bcf32901374b1bfd86fb71ef49a9bd45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

Filesize
310B

MD5
f3b67a2c826ed60ed41bc48d3191c32f

SHA1
5522d221d7704e21797806e3df619bc971baa0c0

SHA256
c53c85e10a09ec29254583e9785b0d66b570dd9982ba3289e1de8ee893d85abd

SHA512
9baa7bbda4bcf5891a28f46daea856f7d9aad54a44e3d63fed7b2eb5a0d1853ee74c0c772bf4602f2b622f400fc75cd314370da65cb6f73ff7d4c39b70771d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\10c1cf3c-111f-497a-83ec-e6dc88a468aa.dmp

Filesize
575KB

MD5
9ac16aaae4a74a40c33ac04cdbdeb2c9

SHA1
5d6034ea74bb8ea55260205610d2c026f0ab7bd9

SHA256
7f696ddcdff5c1963d531d5ae53e6336ee87a11f0324b2d927fcc6baf99eccfb

SHA512
363ef1b5f852e89e0ab75e15dc32bf53ab53dba75a27cfebfaa3868e1fc8201ecd814b2f89358cbabdcaa1970b02d0b0cbc309cba1963de8d06ca75642cb29dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\850b207c-c865-4e2b-94d5-90449b3fe65f.dmp

Filesize
567KB

MD5
52879e1d47ab6567e403c347e53cc58e

SHA1
658fbf1ca4e432e781aa1934431c3be64b95427a

SHA256
b72bb69dde4c12f4875c5cfc558f9ff3fd804b2ac2f8ca5fd09daaf19e6d73ae

SHA512
83c6c966324dc9712f90627cd0aecfdf4774786b90f9fdf5d7c493f8d1fc304460a8395369a4a824712dade5bfbfc2cc3f49c0ebbb39bc00a27be695e149ae82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\ac998ddb-4d87-400e-b3be-a853e3069baa.dmp

Filesize
537KB

MD5
dd87c8d40a5a39dcd09e6ebb8d63665d

SHA1
2cef6c0f21ec2ad39e21c3ec650d511c499ecbfe

SHA256
b270878fcceb3f09e41b71ac64c9c757ab02ee80c54f34c8d9b1df96cda9f472

SHA512
e13212953a0faa0cc8415420a98e972338ab74323d9fadcb6dea8abe7e332eaf7a67e8d7ef3a987c28c3afaf414d098d31893da72ed214de9451cd39c5678e5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\d0dac337-4228-44e5-a3fc-40201bca58ce.dmp

Filesize
446KB

MD5
8eb71233f7f2e679cc13811c5b9543c5

SHA1
efe030d55d7876c6f1b28c735455e0ff9741b562

SHA256
fe6fa3828b18468ec6f0f8c1d2ff739baa4b9b4dd79e0ed172022d41c5179fcb

SHA512
432aa623ced3fabbfc6295ebd96b0d1c5a97b8af9fe2e1944c1ec795ab7561cdc512d34cdebc26b41a29e3e9d449335e12e53cd352ac6966454e6ee62e8587b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
98839058218839f994b8e103bad863ad

SHA1
231dc87642c3cdf4a41f4c21233c120f87e7b076

SHA256
236861e6339353e02901dcf56d40d9b09ea1070f1363b4a76f2c9fde294028dd

SHA512
399ecd3a4654a815e9f5275a9c59282bbc3b096809d2d322a6aa04f932924a10a15d0f1fb3b3944193c4d6a88f0724e11faab8ec21bc57d09ebfe9cdbfb34775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\06261846-15e7-45b1-9ba5-4435e606e798.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
6ea8eaf01bed1ee9c124fdb0ac337587

SHA1
53348099ea260729ea569a881670fa72758cf59d

SHA256
9d60f05b80dae82e8c60ac96ac3bb6f10daa1c8a67341401be103a647a362176

SHA512
b3fd95bc6af099213a766ff361a12f3ad3480a233f96c3555e9b6fa7f9c8fc7ce08d88e0beb2f3b9ee6e8c671e12182dc75a25eeaebbb93bf729e58ae93858b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
74ac31262b89f2372d9a350585e96f88

SHA1
3ccb16bc12192de251c7f295d407f4d04c92ea5b

SHA256
f75ff94b530875ebbdf758b28eaa69a066700475d3795f9b87cfa72ed81d2acb

SHA512
c659c2b4aed61896b97117fd97d09aa2076cc1739d2dbbfe97e37dc322f2998f28dcd85078d136f7220c9ae8a2c15855b884d5a3161c2443c49467a81148c9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000011.dbtmp

Filesize
16B

MD5
6de46ed1e4e3a2ca9cf0c6d2c5bb98ca

SHA1
e45e85d3d91d58698f749c321a822bcccd2e5df7

SHA256
a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06

SHA512
710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
966b3940621f523ff486aec8a774a137

SHA1
8009c51f522575c8c9e47dae7432d1ca8978901d

SHA256
b31a5a555f72839f3206cd23d64fa849925de8b2ff24314f63209e554400b5e4

SHA512
6d85e4ebd91844066798662209a1dc017c04d24880e1c63528fa50ea975d643d697c754d1bb727bdbc756e2e0b6b52ee15cf0d5fa293f70d2293494754c54a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
dbd5ecf40ee22ec1dda2136a98b22333

SHA1
96e55553008dfcb27aa671502eb676c8fe667ea5

SHA256
07797c8b4673d82d5ed97067f9e75e0ad922bd43af2d0725ef80a90c05ffbb30

SHA512
155972fc46f8be44bfd607a75ac7c06894242d55ff59bbf38bd5ee46300cc64c0103bab3e3cc1e2b461f968c65cd02e0089617562df5fb7ae2bb33cbf46ca49a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
552B

MD5
0d80b6e8941091f20f929dc9c69ee048

SHA1
242591948d7cde53c21a92e7d0e0c6168b4b2fec

SHA256
3fd5df657f2cc7ab4cfda0165135f4644ff34cf10384c8d6a63259b4e3a3bc2b

SHA512
d9b9ac449227791db9814895aaf49e5fb6c2a24d70664128f40847d61a9d10d2afbdae54d1934142fe8ee466476ce179b30ecc130aa2d972a8a7420f9acd0188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
571b34ceffcbcd50f83d14a0892eb09b

SHA1
535b899545e648b7e787288c680b1b184c7d19b8

SHA256
5f9c97d079cf3c54bcc678c869a667d6318a105d1e5b03e9cf5b3b80b05de3a9

SHA512
a6e2c83b32278aa00b8b9723c45b3452841fc459f192b5d2dd700e1d72733a48e8bb8517b7eb72e654b4a080cc39f255b47706ff3d0ab0da14eca1facc163e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ae168bcde24fc862971640754cabb824

SHA1
fa704c5d5316a1864459905da44fcb03f8174280

SHA256
12fac470703ca1b2cddab8101fb9fc6422c7de12f6211aa3ce1b633039556baf

SHA512
2239887001f649222d793a6a56ec0b3c1425ecc731a530b933b5a4734dc76bda4b6d23ba54ac2c1cd5f48bda15245ef5fff0ac3f9ad5e704bfb7d222eaec7c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
33c29af357561d9c4b53765dbfa33894

SHA1
823891a10ddb20c4546929df8ada521b17ea92b5

SHA256
50b25f55ffe37ee32fa0c38045013d81b8fd14ed6f0b59adabc22b7ed7f4f939

SHA512
da5d353cdb9b3d82e0a43991d3f17ade7d59db7f688d6828080d457b92f1c5ead5abd2db82c717979da3117345bb69fbe651962d229c0b1c7a9749f779f5aaab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
e36be915edaf430a3af91667fa38359c

SHA1
781bcfa8c4baa9b8d9c7ce5646a3e289b3a41e38

SHA256
a74373556dd2baed83678fbf0bbf02673780aca26e012e3f9c2631cb91e340b6

SHA512
8d83ddc6f33606d4fc5596456f955cacad02ee4b802020e797f183166ad857e0595e53d0a6afde8067763a3fb4d8f8fcea769fc3d95c4b5c96e1ce1da913c7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13358868287067600

Filesize
354B

MD5
02c1c7d02e3c9c92f1e4899c97940b2c

SHA1
f287933dd4d2cf7a0ec2d6945302d9cef65f9664

SHA256
b505ab7eed633746e95dc03f2dec847a52bd286a9e58804c21969bdc8b265ae6

SHA512
2c938cbf50622dbbbc54a819f2c6c2bce21bbbcbb5c1c02fc7cc1ecd0871dd2f6883ef20cffce5ef4d0eab0a5987e861c7d62d1d31115a52dda2952b87a92c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
4a5e2c077601b854c8093fcf43b210e6

SHA1
a6fe2a168d8baeb89f0b534c6d8e37fafcbac5ff

SHA256
42cf4317b14e1bae21f5b7c55699f007c3fae566ca536c40d68f007807fad1bb

SHA512
c9b57f194e69650491329bd736bc04db1e29bb0e88eb8e9d6ebb0812a917ef1e016595b651bb4b045ce6ba9b48812afa4cd67c850a224c24855c2273b4266d99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
034e9b74b6ba4eb3ce0798e27a31242b

SHA1
51bc86693f7ba91930d46c049674fb39f6c7e442

SHA256
ca1e78b5c0bbf648e9e511aa00fae4b268b3ef42a5c7524967ff6af321e403e3

SHA512
197f8eaea03554c18a4eff6066df6aae48f15b346cc255f49763d82c0cb8b900806a02e20ae37de4ce8109d47fe58279f7ed7072c89ad01dc35a6694b15a2e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
ee54f0492c93961db666fc6388738e54

SHA1
474455e3791165fc2a81a3bf1a1d50200724c6a2

SHA256
5a04732996ae446f779ab7f4794426a791e99afb9250ffc9bccc81334709e3af

SHA512
34365cc17b513439f6a50ff11e90922dcf0ce7aa19d8ebf9f6347fd8d291bd54317838fe711dd25fabaeda27efc5299e304f16ff5aa84dec035c5b1534838787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
6316ced427e0896eabba65c73a534940

SHA1
efd205e6f424ead848d34c60dbc1c78b6224328e

SHA256
0a54d5903ab8a4927d4ef07ffa5ad577cfd670da9e92da498fecbc70f6710f38

SHA512
381a08f735c4867750e5540841c10a911f3af98e42089fb50a69766ce9f6902e265e88dec1695bda15b7a709d3ccf311dc3c0252d7f5592fda0d5fda6875fa86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
485B

MD5
011c2b5f821256ca7883ca6344da0510

SHA1
a7547b411c7256dfcc7edbeb0ed9ac77e7c248c0

SHA256
60b311f2457c28aa53474fabfd37bcccdf3a73a6fdce35007b391bbab6e50f5e

SHA512
b9f80387b55df810f768124aa618c3de9609d9717cb0f08bb628551aaf011db8ad038b4a3035f2ba02ce2a8ec43eec1eb3da76cb2b876a571efacab56a4044f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
19B

MD5
a2f36fd75efcba856d1371d330ed4751

SHA1
fb7c3dff0fa2b47c6f0026287d12d16d05d14d8b

SHA256
561fe33b81dac187686e9e50103590f3a857f4e1b9c8ada714d43964b938ea7f

SHA512
79ca96560a074fa678cfdc06007d0e1e01718831d18c4a800c5361b8ba8091b46acada47418a8d7be3b626d2d9af5cf346abcdd88166a9d1634f81157ab1ad6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000013.dbtmp

Filesize
16B

MD5
a6813b63372959d9440379e29a2b2575

SHA1
394c17d11669e9cb7e2071422a2fd0c80e4cab76

SHA256
e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312

SHA512
3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
63ec9fa2ba7c898de55e5cd60b14e776

SHA1
4e06d73b7583c77939d37201ef2eccbb9f324c4f

SHA256
59c2089a69e4f77c1722abb7c994c2153e95bc1ab85a98f9fbeec3f11480fe86

SHA512
5d8b542a8ee8f65dbe3d4e925d88a3f9a1e4d6db04ae329324ef190b494a0f523e6577ec32fbb59e05208fb406a0157d1536a20236059eed32c6f85edb294b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
1c0c23649f958fa25b0407c289db12da

SHA1
5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574

SHA256
d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf

SHA512
b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
318B

MD5
8bf4b9e45d380bc9eb34177062e9177c

SHA1
134cbd4f7a833d898bfdd18a528aeb67e2e32efd

SHA256
79999c7c4a591337406a608ef43b4b7a8381a23a85cd6fff2943ddadd532a1bd

SHA512
9b037f4a1d80ca5f0d62e91adecf372fb586b2ba46ca2a30989dc5680f99fe55bd031f5ce3a761425b07c6451653c210e54f20f7c0ec090dc491f7deec7743da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
3e76969340d626baf65988b7ae4dd9d8

SHA1
359f195d598c0f819befe45ad3b448cdb01a7b8e

SHA256
b808cc8b8230abc2c94a6eca6cfdd40b83328cdd0944e8083f8a4331d2701515

SHA512
bc0dddfbcd3e66e0fd8c8222f5019b8381c1fa30e7f8e6b6edf714be785a63674683001d98a4f06c89f46c886eeeb658ab34e54f96b1340d029c729252f9fdaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
d757e9f525200060aefbd2e00bc69809

SHA1
ae551809c3435fe3e6716b76dc23b7294189b4ce

SHA256
729406f9e7c1e50d927d0c6916ee0a97eaa26c46e6cdecef7580e61b8c0dfe20

SHA512
50c15062061f449952bda82a8b0cd4bafe6f3f434f642fadb8017e65c09886bb4d0b52967c80f8fa380447c63d79b6518f605a3efe7d8eea40c2dbbaa0d41953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
266KB

MD5
5d942b0d6f22b1f1e7e5242edf1d8e98

SHA1
84d0425cf70b8af27b96a8fd17589f9e3c4189b9

SHA256
abb35c36879c23e56e168f7010efc11dda8a79dba9333e2dbaab3aa7264a4005

SHA512
b42d788f25b5822e5677453f97bc56b00c29ccdb16536d8673188aa44d7d8e7e95d2a820559abe79d7fca73c0ee06d928f51de95ac250414d056efb7b464984f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c76f6089-cc76-4998-a021-6aa5f823d76b.tmp

Filesize
266KB

MD5
90049df3b0d1afc08eb0bcdf08af933b

SHA1
afa4f46f2b651a731335cb0c80a3f3099b7120ac

SHA256
950cc8eb849b5eaa7f54dd88b4798cd9904654483ce9e58c5e18b26cb0dc3d00

SHA512
2c4045052f18ac383229755bb4f27d3a97a12e17317a76c4e22d824b988a489db137281f23c7332039bf9d402269efb4296e5ed5c35d49d19ba6c7f84cc2daa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
c0186f635bb650bb19b11ce3dc43cf86

SHA1
e676b07936215b4a5e58b54908ab0dae04622d7c

SHA256
5ab83c1f4e527a85de06f2fa5ba82b9f16e4015a5c165e890f95f137d819be1a

SHA512
21c53cab1e56d72981dc88821f11418c14a57c8f90846ccd99d7daa15a70d3aa215d15498df79ecd48dd3688eaa9e41e8b65230eb60fb6642784c2ead1f5b3cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar213E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Windows\system32\uxtheme.dll

Filesize
324KB

MD5
7c365a4d8771b5d2c2f87d727a488fe7

SHA1
f1ce52bb66b7d6bfb49ba39d03ca7edbc043c4c2

SHA256
2ae7fc2e143a3cb03705ecdf3599a93c9f89656b64ca37543dc07b78c058ac4d

SHA512
64253dd4bbcab96739572cd0df8cb5b24c76bda939f28cc24ce04463fa1c5ae705a5785da7c33128975aebaac2f7d76bf8316362d823914727d408438c8b06da

Download Submit
memory/1672-503-0x000007FEF74B0000-0x000007FEF74FC000-memory.dmp

Filesize
304KB

Download
memory/1672-504-0x000007FEF74B0000-0x000007FEF74FC000-memory.dmp

Filesize
304KB

Download
memory/1992-151-0x0000000004CF0000-0x0000000004D00000-memory.dmp

Filesize
64KB

Download