07aa835f47f75648d4c8cc618ce1aef63b52a2ddad6d51779470be906f3a9e7c

Resubmissions

08/05/2024, 09:31

240508-lg4m9adg9x 1

08/05/2024, 09:29

08/05/2024, 09:27

08/05/2024, 09:26

08/05/2024, 09:26

08/05/2024, 09:22

08/05/2024, 09:19

Analysis

max time kernel
66s
max time network
147s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Material.pptx
Size

927KB
MD5

2cbb0e2816f9c3ec8881272d6b088df4
SHA1

07aedc1298c5e5540a03cf40c3a284b238606fbf
SHA256

07aa835f47f75648d4c8cc618ce1aef63b52a2ddad6d51779470be906f3a9e7c
SHA512

5b9fa6ac27495c1346bd81a3f32fd51f66641ad713acabb224c04fef891cf2f0bc94b4cd59844f321324ba8b371891d0a455129d6dcc5e2cb7d1bc9cc8e11934
SSDEEP

12288:Ze7Q5Bvvkx7vjOoYuGWk1iGjWx7izqe2UOsKm4oP7Aqu/wkRxuuDl5685Hferoui:MUq//rkZAibXEPaYx5LfeUuVuGqRRcM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	POWERPNT.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	POWERPNT.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	POWERPNT.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	POWERPNT.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	POWERPNT.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	POWERPNT.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	POWERPNT.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	POWERPNT.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe	POWERPNT.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1"	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	POWERPNT.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ = "&Open"	POWERPNT.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel	POWERPNT.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	POWERPNT.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\ = "&Edit"	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1"	POWERPNT.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	POWERPNT.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	POWERPNT.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\""	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\ShellEx	POWERPNT.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht	POWERPNT.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1724	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
852	chrome.exe
852	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1724	POWERPNT.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2300	1724	POWERPNT.EXE	28
PID 1724 wrote to memory of 2300	1724	POWERPNT.EXE	28
PID 1724 wrote to memory of 2300	1724	POWERPNT.EXE	28
PID 1724 wrote to memory of 2300	1724	POWERPNT.EXE	28
PID 852 wrote to memory of 2820	852	chrome.exe	31
PID 852 wrote to memory of 2820	852	chrome.exe	31
PID 852 wrote to memory of 2820	852	chrome.exe	31
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 3000	852	chrome.exe	33
PID 852 wrote to memory of 2920	852	chrome.exe	34
PID 852 wrote to memory of 2920	852	chrome.exe	34
PID 852 wrote to memory of 2920	852	chrome.exe	34
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35
PID 852 wrote to memory of 1784	852	chrome.exe	35

C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\Material.pptx"
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6969758,0x7fef6969768,0x7fef6969778
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:2
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2172 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2184 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1556 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:2
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1332 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3016 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3776 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3896 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2232 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2964 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3996 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2604 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3476 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3784 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4164 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4288 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4236 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4012 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1888 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2988 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2780 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3760 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2964 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2432 --field-trial-handle=1376,i,13301032168673942878,16231126491668333404,131072 /prefetch:1
  2⤵
  PID:2308

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2016da9e4624fd96490848afa767f21d

SHA1
37408464ba6d6761927cc2b535711c222e5aa1a2

SHA256
56eafdfd461d86d30c60a7abdb99eba45612d8597f33b547c74aded55d6b31d6

SHA512
302c4be41a32ff78ca7e16fe8e8c916477ee392ad78d2a05f1601131a8c2146d5d924e201515757573531641dc196448ee508e3a0e4b6203477f616f8dcb2c01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a529ad9a44ca8830d2ddc8c9214453b

SHA1
f86788698f65f6f8525876c01452ddd16c0ea7a8

SHA256
0f25639793b6f86eb981b017f9c302367e0a59fdaa4f77a2ea7bd026b24b8b77

SHA512
8d4ba28bf51767ef2933163becc98443c5dfaa1ca7a7f2d39020effcd424674d46bebc9f2703f68de2bdfd632dc5523dcfe2bc850922074bc3f8ba5531a4bb63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd8b2ad135170eac605af4162dda77db

SHA1
d58f4eb5084462b98d8863b7aa0ccb4105d3be97

SHA256
73e7f8efeba9a708890632dd7be4cd96198d13b4f1ef6790f0e9d846a9f24b11

SHA512
341b93f6267fd8b695dfe41fc793c236d12e7130198615f84f44a22f6e82224df9e61eb6f5ea464368932ecea6384b67b69bb91eafb13360a2bbd069491040ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d459aab8df58c8eccfb54a06c8ac30ea

SHA1
6601bd6654e87268f70ed26d693e4488f8725900

SHA256
792d018b7d3eb1ace4c6d630ba25d661d68e1c54bfdbb21ce0cae8f61d9744e3

SHA512
2b029f47d8028af17ef62a79a47fde68a87d4096989e516e6cf050da29f714543b3c339002c386ed7bf603a1b83d6431e690742b9ccf17095cfea8e4b1859789

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
676ad96f89468d708ab9f77a3314f1e3

SHA1
fb7e9b116de96bc89e13f521a7ace48e7dd4959a

SHA256
24f7f6b1217cc5540db00beddef6446309681f2abc9531216eab41d7dc7c8f65

SHA512
0303eac5b2decd73d42528f2a337d37e49255b116e3083203baad381f7547aae2cf53ec5d11964539efa4a37a1c05714c0601617470d6f20cc27dd753f7ba727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d74926d00afaa66bc8a67ad1430b140b

SHA1
261e0ebc32a6eae66a382971f920f67acd25f212

SHA256
e88fe55e0035068f9baeb2cb31f34489d7b10c4f697b48768925828a4fc201bb

SHA512
f98fcac52a0cfb598c543324aac5e4330506da6be4876de189c7b3fa0474cb611d9d79fd276d05de0e0e0673ba317b12c35c1217affb4940248fa3e257b916f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d827603808e5b7c4f61b55545d56161

SHA1
cc17412cf9f9f057883cfb5c5bb54381eabe9240

SHA256
7bcf652dac9e6e49cd0ede15deac63c1b81adfe1302f4da3d498f96b9c6342d4

SHA512
7747bed7db591ef04ea3f442c3156828d73f7e09dbd67ab99b1d65f1c2773fd93c64873c4b095092d1732850768786f2b932f3cb2b22c8172654a157d5f3665a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82b8d0dba8c3b548ae5509ce5f255040

SHA1
1e9419db1ba15a993f389ea447a3cd49869f9f10

SHA256
c67f8b1bb52170dcb40109ac43d5fbd13152b7e6d42057bf6b8881b631309d0b

SHA512
229e35cbc79da78d924818d5d4468fb3778648ce6167c2aab5bbccd609ad522bdd68d5cb7fa976498ad747766a95200bcecb2a89e84c984f550dff8056bc8ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
69KB

MD5
1aca9c8ab59e04077226bd0725f3fcaf

SHA1
64797498f2ec2270a489aff3ea9de0f461640aa0

SHA256
d79727a3a88e8ec88df6c42d9bb621a9c3780639c71b28297957ada492949971

SHA512
d63ebb8d19e6cbe9714603688bc29eda4e347e1bf0bb9b0b7816225220263781b84966413a946feb4ae27750371de01e03092dacc4051116073c518d6217fe65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
324KB

MD5
9740903ad962296aaf6a7a49de86f3d6

SHA1
405e26be0c0aa17a52c0c3161472d2809b268a87

SHA256
5db1868925e62ab0277f204a7fd685f320cf22e804bcc0bda830d4eb2f16a356

SHA512
8517cc2fe8d31209b77f533db70374c3d2ec2174541027b55f17b88be15ab8f3cd71e72ac9f492b992fe60258581b759ac737616283a5c41bc97e53d9ff102e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
140KB

MD5
825bce983c337c25c43f1d415dd56aa7

SHA1
16a5b014457e74b5cfe3b7d0fdfbbf0e27d77905

SHA256
3dfaca878fd6ddbc7f91c5e8561b31fae793a5b11543499dc0c9d662ff6c854d

SHA512
0e7be86c628dfcf1563ce2419a4ada709c08fcaf233374eaaec94b15b12d70e13ee346749463921c91e95501c44850cf0537ccf92804e13c4bf48bcd5b947760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
af6358ded01ee49005b0f8bf22c6a338

SHA1
c34295025716ab3426ba0630fdb5e7284f8129a5

SHA256
fee1a6e07591d804f8e8ef2e75a641af3bacc2b3f6324c7f119fab2f360eb011

SHA512
0ac2f857e9b24c3370574e40b8fdc28f603b606c9fc2315bdd33afaa3b0dd0024a4164c603e348139cf5c4dc6b54e54074dbebd33de86788864067e0530cde4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
397d102759d573b38b2398a0873c5c28

SHA1
305bc8dc76ed86b28402acad8cf109c0ff258d2e

SHA256
48bb106d768d0fdae16584a28d48037817854f4dcac7f69579af61675b2156b3

SHA512
2416400a6625383133f99702d4b2d00ae9d80dad7f51b85907be78af2dc5d0bb28e675e3fed7d010bfa2f2a5c73068c4393746cac6cdbf49c6a9c87113de6c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bbae59cd8c388749abf205de869b974d

SHA1
930b2bd0add6035e64dab0316d6f015c5cf75c92

SHA256
53215da3bdcaf9432d3db8594f9a01535b575d0836f6bbc7ddccfd4461310614

SHA512
a449d751f75374b73a170611dddc594cd9ae6ec45f538ba11ed7075f3f586cefd5188007e62df3660319c9ac981aa5e74eb6916f0531ee1c3a033c984d62fd3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
515abb0d0906c67264b8c7108182abf3

SHA1
fc3d70eecaa82e0ac94217b8897a53d96fcb7bf8

SHA256
12bce411d9b34f3eb54b615c52547041462ba254492caab7c3807becaf33bf7f

SHA512
970271473302af86d8d49d387d4bd92ab687fd74fd246d1df094c9fb32b4f37d0c7cef9ed198d52f1d09ad3a7b0dc0ee3e37bd2d9f0dcc1884be99886684bda7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
edd8314f573827bbf795c32f0409dc36

SHA1
5a970caee7efd2e12db5adaa79632e50ce535217

SHA256
1619c04b235f89de996dcc44cfc82657706583e61dc9357632aaca1d41e70da1

SHA512
7cb8f95d94ddc6403e36ae3d268f1f619725373f8f952aedea0f2a49554e55a04a9ade1fe69475c1b9ae68a50e907a031773d5670785c23975dab34ef4d49d9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
2cf499cde34346deaba088e35199cd6c

SHA1
67074d3792e278b672f1868b0536bd83739a940e

SHA256
03deee7f100e726414a3fa334f093a0565e804495f6f7d7fb3911f0a776b9bbf

SHA512
bbb9756be2741fd2836cca2474bbaee16b96ec12d57db2eb81fac6b1ae5d25a446c41ea5ba1d6e1d3fe10c9a030e77186ddb919b0284e22c8289c233aa039ad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
476db4f6c396283819594f6da224edfa

SHA1
8ecaf84de49bb3ff516880d5416f164e57068be8

SHA256
7e00cd4b7c858c19b40d4b17b85ea74447ad9319ae71810fc25deb75d89ea05b

SHA512
d8adc8b860347915ba698963902cbf69fe27768648b71de6d3781238055c4bb349237804da9f2b76dc7e4556388e7dcc2ecf1c4ef4e7b6fe4cd305ff5ccf38a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c4b959e5e5b8773f459617833c6cfa57

SHA1
60631a9b27287e61536c1f0cbf0d62e256c1a33e

SHA256
d6d08bb4e7c74705e25fcdb2c6e212832834ab9839aa4bdfcfc3de93f0a07845

SHA512
d7ad823cc8c8b30ad6c242f4dc69b306f0ed8d9acbdae10878b59f00ef27599da1ae1f469dc33f7d850ad66498986baae548b484afb629a6290530e73cc969e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e6eab7e7b5aef64a0905d6f8f6526184

SHA1
cb14381e81c009a9b8c22c884448cddc05d5999d

SHA256
77cd44734522f6e37e0539b779db3728d04c46764e91d49bca2119dc56966187

SHA512
a5fa91a31ec9fc6ca2dd838558a44f2bab2006a7f4e91a1597108ececf0cf57975cae96c8eaf0048d538ac74f75b1c726b7e0c53f430dddee75d404b70ba31f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3923d710a1a0f91d73a4b1f5b85bee19

SHA1
bf52594d251bf67586f2bd52b74f3b1d9b3e3c51

SHA256
f1febe7f6a323f907020ae19920aedc46d8591adbd0ce622c4c961a07524c00b

SHA512
4c049bb3a0f1dc7fd8c236dcc23493c666d487006edbd76ca8ac3c073d6b4bb7da4e8d8416a4810ed9eb136a493036df340b94365a1b6f0773854fb65f2baed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d4e4464df52efeb7b2a3c2909a4c077f

SHA1
ee58f7c8cc7078a060aec5344d11319af7d5ada3

SHA256
814e13d0187117eee0ac856bbc20adf5c882dbbb8c4ecf4e637857c81cd17ccb

SHA512
ace6481e28303fe9e04309684b9adb82407ad5e002eca090b5caaec0d29c55dc8779686b3b4f9f36e0861945cbf73e83a4a7ca5815c8d0854a3092e20a85ae69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6f3905ddaefb842e6500fa19d8e9f9bb

SHA1
44c1fac4c526f658cda1c68dcffb8c602465d1c4

SHA256
e1c6e02d218638014aac521c44e07bde0d410d6c204bba6075e3c13ac7f5a3b2

SHA512
61ad6f9daa470292c3d2f7e611fcebb98ed863eff66587c13d4cb568f4d9a08fe7e28705801291235d9e83bc0526464cb5cad8d671f42297a31ed7bf45afa12f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d2d5f7ee9be4b12461412532d019aea0

SHA1
512c50a00d31f0ace9ee472d32e029ab1d256733

SHA256
ff45656b6eaf86726f14da81e3f83fdac2dfe74d7243bed4a5762fe95084c938

SHA512
8f30fcc241d2366d5f73ca0f75934f4bac45e35a4776791c918a007d7707cb1b1b9a53ab485247ea693491bbc0c4bf7652cc4900589fe99b918fcc7beed549ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d5b7b065927d26ed164544a077ddf7cb

SHA1
e3535f250a4ef20acf4af0d95a75f6f3d0762b4d

SHA256
394e23b1b1102693700f670a631f86ee7bda11b970e49db91bd60d5afd92f9a8

SHA512
9522a6d0f1fe83c90683f150b2fe0e4aaa0b485858ca923136aa09b4dbb1b6b98095cd375d5db57e1910737228e046ac38137130b18d5a102e4a9c718f3073b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e9edab41c4f95de85342f58bffb3532c

SHA1
f1bb1a3c73cf228acb1969a294e7f4a42d723407

SHA256
53760ebc05067b9a6064261b483b2040ebb89e1f9f9f1d0ce397dc8808cc68d2

SHA512
c3dcd779bb24a63cbcab40f5be68183dbc3eb850591432ab209b3c5fc0ab69a5e79fe8d272ad9d7068f215988c756ee2433653bb7c49977bd81e57317fda7341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
266KB

MD5
f4219c7dcb94e1cba3dbb031ec98d29d

SHA1
dad77ddc2eb6e6089e915add0267b1b8bf9c1279

SHA256
fc0b3db7c093e4a52813edf6332e184cd3a9dcdfc39f7ad571fc9f1578a4b857

SHA512
0ce2d73a11a50900d67a89011527f0b466fd404fedabeda429300cdba95dcbc923d97324ef0de067b6fa74b778cfbd8874e7b057dc37760559c0b99ae7c5e52e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9831.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/1724-0-0x000000002D121000-0x000000002D122000-memory.dmp

Filesize
4KB

Download
memory/1724-63-0x0000000072BED000-0x0000000072BF8000-memory.dmp

Filesize
44KB

Download
memory/1724-2-0x0000000072BED000-0x0000000072BF8000-memory.dmp

Filesize
44KB

Download
memory/1724-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download