d6acd5fb886f830e4a10e4a551b1cdcc2a6a48a460fb35e75b90aebf3bfa4173

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
11/05/2024, 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

view.html
Size

83KB
MD5

84b593993c67d14fcb1fb7c957d90918
SHA1

89c25737ea4e83ff938e12210ae9479357b9b01a
SHA256

d6acd5fb886f830e4a10e4a551b1cdcc2a6a48a460fb35e75b90aebf3bfa4173
SHA512

515cfe5a7301f6a2f6344f6c3392d329f2ee18338996da2cb3084a2db9a150983c859312f7f96cd0de41f865fc40a1f7ed592bafb2229504f6d81c38f749a4f4
SSDEEP

1536:LR+BjXVs49wetijlbMtQFKFwCQEO1Wh+1po:QBF0jOt8rEf

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1280	javaw.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2084	icacls.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
10	drive.google.com
18	raw.githubusercontent.com
35	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133599181278590566"	chrome.exe

Modifies registry class 54 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000d06649f9ed97da0128ab6e4df197da01d500bca7bfa3da0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000d06649f9ed97da015ce41268bfa3da015ce41268bfa3da0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Desktop.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1940	chrome.exe
1940	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2768	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeCreatePagefilePrivilege	1940	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
1280	javaw.exe
1280	javaw.exe
1280	javaw.exe
1280	javaw.exe
1280	javaw.exe
1280	javaw.exe
1280	javaw.exe
1280	javaw.exe
2768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 3232	1940	chrome.exe	79
PID 1940 wrote to memory of 3232	1940	chrome.exe	79
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 3224	1940	chrome.exe	81
PID 1940 wrote to memory of 4616	1940	chrome.exe	82
PID 1940 wrote to memory of 4616	1940	chrome.exe	82
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83
PID 1940 wrote to memory of 2740	1940	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\view.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ffc6ed4ab58,0x7ffc6ed4ab68,0x7ffc6ed4ab78
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:2
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4456 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4784 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=220 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5636 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5196 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5876 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6000 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6120 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4720 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4176 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4768 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1756,i,7536238623862136490,14952275075055132167,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2768

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2364

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5104

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Desktop.zip\jar\NMSSaveEditor.jar"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1280
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
70381ba2160f9b607896191665d2b8ed

SHA1
9781c77caf03419ab1562cf005815f61d29c0da2

SHA256
22671b74547416ce60e0a6c0ed59eb958f9103fcc2275633e1e4f3497f06ac0f

SHA512
0a3a12dcfda6b63a8a6939268975c6ae7f950ef5ca22814993e3b6d41726bf335d1bedb034f97b80dabeecb72ed3bd0c1e3a1677ec16dacffa771ecfbea59212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
140KB

MD5
aa99377ec6d27095a1d996e240ccdb98

SHA1
7fc2188f78f524631675aa98d6c0fa5353a82a30

SHA256
2fac511d06d8268ee9657ef72f013fc85851a523542716e648ea87171d595845

SHA512
0e403037659b947a6c4ca1f97bc618952ae9d2e4981f09822af77a02d6e5fa71248667446985a1a086139ef13212eaef2165380ed96f616f638316f0f093a771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
bee11e44d26540ba896217f1e7f65d4a

SHA1
7796c2ab42c85718b33ecdabcafe39128ebca2d8

SHA256
72fb067b4c0a1bc56e78607555605ed9c2ce0132e638b192d00a008356980d86

SHA512
609a0270a7c189f064111480095a5521fbc54667b1c48b7cea9c81cb9ed615d1e32ce3a6b665f0691d245ef2abdaa6eaeea9dd94bf8356fd3f3f8050f54742d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
edc2e7fd2f61a710eecdad0aed585d43

SHA1
1c36b64d36a6b108267506b9dfc7b6b171e78f62

SHA256
76d67764e37c8e55a1ceb4bb700b506185b4432f29914758609bcd75a0f79d10

SHA512
a98bbd6282555c93358653949e5aff3822c62a53b65fc673cc0e46c5922aa6cae0bfb65460ec3916ea034f923e678104265f712d934da594df87005900b81305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f0dd43b5aafda2bf300c6fcf29b162d7

SHA1
a0fffa0b7f992452517eaeb0632d6719c8544094

SHA256
c7827c4272108f1702a62768370793afb93f63298211dca1d65269e466406760

SHA512
73d8d06ea2b388e158dd8b17696e62dfd9381b5a1bcf5de2b13a79acdec43848d983398e58ad23760490cc6af8a03a2953d15d7acfd7527747263b985f43ac3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ddc6048ffb76d76d836ff0e42803a05b

SHA1
9eed3e1f4837a5d3502820e6b9913bdf4317bdd2

SHA256
7c6c4b57b6fc67f765a9283529fbce29bc95bb48a5e0d939b0a562ff4a781db2

SHA512
7151fa6ab2bb9ed1b9a93437a55dc40129b03a0628aa49cfc70b027e01aebf632bd4f9187bb28e20806a7fbc4ac2862443233e4ee5f3a787183907c934d53fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9a30983cec40728249b834e958c8745

SHA1
13f955fe6343c9a337a7fc72e7b5508a188d989e

SHA256
053deab55e1476fbf1bfbe8da481aa45dc0e4435804d8fbbce01cfab3f7035bc

SHA512
d381776f2ae411c2b187dff6c85aed21abaeac6696262d27367bf56978c560742ac77ae1a96b778da492803d36008dd31e83d45859b99f63f1240c7a0caf11e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
3cdc8e6fd3ed6c9e60c9e8fbfb0598e3

SHA1
e897a247a37e2eb27612deae2f0df8c437078ee8

SHA256
92233d79454d9dd65904eb9244fb6ca9886ef26edba341d4bfd49c6e01700c71

SHA512
3583f44960db9ba4a5b203b0be0533da79e07c0ffbd73c9d633fc3140fbc60759543e699668fe156c9ba47f6250cb5ee56349430e18ba09ec92cd68be875b22a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
d7a6141e19e1a91abaf0de79045f812e

SHA1
dadd3f1173aa2ecedebb0423fdcdb4cc11ba8a5a

SHA256
870e7d54148e024ab7601470ea688d73edb0281667a96ac28d7cdb2f097c0cf0

SHA512
401d8fbc3e2648d6a778fa84687d4e4b57c5de4059be55bb4555e4789b69c84e481b1ac49ed20037b972d9d7cac2795ac276154fb464a1879d842b1e15c5a44f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3d0119007843d475afa84f48e062a8e3

SHA1
676a38d98176a9494c21ce936bc3b6992819cc06

SHA256
a985e17ac15cdd5177ef8a37ef8040744eea43bfc85a7548c9b09b17163892a3

SHA512
cdb3e02d5c5429791b4a467654c591c7a697db855a6b2edf0423388b05e21f1bc68786c5a4b7d23e394d66e4a5b2aed2f8e1f9e93521382836d041f105cca526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4adf0e0c22c85e3684d4b5157342c964

SHA1
948c5a66c10ee27476b78c9bbd9966a1569ceb68

SHA256
190d5cfc4b27c0ed87af01589f5665735921a6e78ccc4af95ab79429bb83d6f2

SHA512
9b16612ccebfe9eb70fb18922465f93f31f119061b5a7ab9d7262c6d8b51370e039fa733373defb6bf4dc040283b6898b49d7f90a0ccad0b8af619d6c6d0742d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d67a934e5be07e577605f36a7cbbfdb9

SHA1
8d829eb1a02cdb00cf51f0a691305403e747c0a7

SHA256
2fbde962862d7cd60bbde7ac8b93e9933659a0290df3cbebd738ca5a44514665

SHA512
2f57fc8beb8d927bbb8e405813329a7a5f70efc0e67bf8949ac61a55eeacedcbfc8e44e6aa3646e3d92d7d584f28e116d5de10bb6b4d4ecb89e97bcf304d46ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c5a40121471a4f44e2174fc8faed80f8

SHA1
4f466577ceda6d3b05e4e6f026da449e1e87bfca

SHA256
bb6da6c7dacb79e71bd6984a7cbd50329c5c08ecda5f949527bcc62ead6ae63c

SHA512
fe0e56c382442b2b0c0798e2a43bcdd0047fc364d7fc48cbd37c639e7b11104bc45d3fd8e69e23292d6b61739b340e19e3530d64e507785df9d445a53941d338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5ea35f6e02e2aaf074d0664065b51cf9

SHA1
89d75e4ef6bc6b19736bbd134701bd5963db8a33

SHA256
5892cf6d706a58e8b82cebe806512b350ff20cec3681a0d9330874c029596b20

SHA512
511a1768b35a8bfc768ac201e44f2a4da3d7a763a8c1dd89129ac7e93b16fb01d70f67fca272e709eecf34e9c04938d3031d5a66ba3fb7bccdef6ec388e99493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
eb09cf616a8dcd79ee5544608c8f245c

SHA1
468b63250104fdc6fbdf456b2c834b2ef0e1f3cd

SHA256
e339368dca88fb091ffc9132b6b7bf742cd2632e63f37a4aa0a46de55361b61e

SHA512
67d501f37c85060bb3017a53ea908fb44fecd09e0c4ff0bf4923ca5adcb697d62ae85d61d2bc119d551de93bfc679302be4c6d263cf5894f1443a7ffbfed6fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
8b0094fcb594f0acf01083528d996d3f

SHA1
ee3d931d31a865b7d36ecf016aa2a45b2b8cc767

SHA256
b46b15b6b9e2d5a5760199e6fb940ba886a1bc73690bb317e815d9b23872aee1

SHA512
da905195c6946811b9a2da76891e340b9e8b3af3f7a3e380955d978d4461d0ed1afa97f90b4a367e9c63e6def1a84ca85c965ed4b4104e5ad962143fd65fd049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
0c0034520df3e9cea6b7ac81eab95803

SHA1
50e07258de895563a09cee0ff2698805208e44f6

SHA256
4b1d5f411d3db617a8936183f90a40cd61ecb2c4dd7060be19efe68ed8419615

SHA512
2814f2452267389054e93ceca324954ffe0cd1f84806a5cca118204233388bfebca44a690c6a5383d1e2af8f40bccf69dc06bd6b9de07cc53a4168f10afb4e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5601178f9a7e0d35efc46265df796898

SHA1
7180bd98e3b27df0d747724b1ae880db6a375aa8

SHA256
cb940f8d06333841275ac62e7a11ce66c589b67fb848bd3914899938b05c68f5

SHA512
5647f83db0d5af6addb0bdd167d38d054f2e19bf888eed09b0660ba0dc6631769737c4b6f1d75c275ddf98096c2b9aaa78f145fd734ea28bc8c448c16bf95d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
f7d083421742ae65409496dbb385baec

SHA1
5d37d369251d524b257a7f1b07aef8b1510278f1

SHA256
704027461cfdfce112eadd5a09a8f546703e160cd9309033d089eeced2902e9e

SHA512
76867558dd73aa7479935c6d81d3d0531d8ad56b66e7e7dce1c5f2e0cc952540106b321ce87f12b510b7542cc3b10a3b59dfbc8f304b91f793e373f7f988f535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
385f9b1d8972a10a85c7e07fd9d57c82

SHA1
65e1f56cc2371f028ff6ab518c88231942586ddf

SHA256
fd84a30d716bc6518a24997d6c7eaf0bef89dd075a43e2ad280cbf9348cc1ff6

SHA512
0e42cfcf1930df8a31a34859ebcd84254c754e05425a4007d4f809635b2e6781deecc0d0a62b1df75d793a3c68d86d981cec9d20034aa1ce6c60b6ffb19c7bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c42b.TMP

Filesize
88KB

MD5
e7f20e54e308b9e4c078f494c9a74ddc

SHA1
1f87cff5e844b916bd0755a07f8746312ce5f642

SHA256
20cec062051e76f85d290f1a3fa9c0a65d12bc3b3f5316ea766a7e6a9322685b

SHA512
89c4c03204676e97d68cfc08b15af2a66fbae8d55b7329a13aeaac99fb504a9ddb948256ca0685f12a809995e73926b9bb0bfcb3d0359f740a6b44c11c354e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Desktop.zip\jar\backups\backup2.1715444606212.zip

Filesize
387KB

MD5
7c8c739aee9200867111cd8f581e5440

SHA1
295a31cd52a4d3006a75e20a1306729afff83ade

SHA256
adab82ddc0bcae776d8c5f57c94a55baa48bfa4d4f845c2fe2547f25409add04

SHA512
78668e066f0861354b050cfab7e59ba182cfef1c1ef1b25efdae626e91627e3f14cb3b60abc741684359c4eb7eeea53e08b9b0ce96eeb852aa7eb534ffe86bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4807828849400.dll

Filesize
21KB

MD5
9aced0a8f3429bd782ab051712ba4d04

SHA1
45d6b9039bb32b172c438113590062dde4a8aeb4

SHA256
1e1ac9bdc3c1542332b7804db35f742c58cd66fbee2d9fdb8ec83eaf87f580e4

SHA512
3609e6c7176b688882ecae1b6541945b5cff4b51209259cd4f89cac20880e55284d51b4be2f230291bcee54f8efb8e96967bf5730fecf622e9bfb01547267518

Download Submit
C:\Users\Admin\Desktop\save\st_76561198399003310\mf_save2.hg

Filesize
360B

MD5
63fa0dc3db9ccc6a450af0bd84281be0

SHA1
590e9e9d0210a26fb4e9d2a7d4b6aa26aace02c7

SHA256
8840e9cdb9c19d6f05c5ace27fe24ffc66c035df0ffa1e70db7eb6847a13f4e0

SHA512
272f507d867c83513a158374a2c7b24467bd3338abaf9290051952a978477330f337862105585811907466069f78a5712e264c9da0eb459c47611a2db20a0ce2

Download Submit
C:\Users\Admin\Downloads\Desktop.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1280-162-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-357-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-413-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-417-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-423-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-434-0x00007FFC7B6F0000-0x00007FFC7B802000-memory.dmp

Filesize
1.1MB

Download
memory/1280-432-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-439-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-438-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-446-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-447-0x000001BE3DD10000-0x000001BE3DEC3000-memory.dmp

Filesize
1.7MB

Download
memory/1280-448-0x00007FFC7B6F0000-0x00007FFC7B802000-memory.dmp

Filesize
1.1MB

Download
memory/1280-462-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-796-0x00007FFC7B6F0000-0x00007FFC7B802000-memory.dmp

Filesize
1.1MB

Download
memory/1280-397-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-408-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-364-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-1035-0x00007FFC7B6F0000-0x00007FFC7B802000-memory.dmp

Filesize
1.1MB

Download
memory/1280-373-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-362-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-346-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-326-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-312-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-302-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-180-0x00007FFC7B6F0000-0x00007FFC7B802000-memory.dmp

Filesize
1.1MB

Download
memory/1280-178-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-167-0x00007FFC7B6F0000-0x00007FFC7B802000-memory.dmp

Filesize
1.1MB

Download
memory/1280-143-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-127-0x00007FFC7B6F0000-0x00007FFC7B802000-memory.dmp

Filesize
1.1MB

Download
memory/1280-121-0x000001BE22090000-0x000001BE22091000-memory.dmp

Filesize
4KB

Download
memory/1280-108-0x00007FFC7B6F0000-0x00007FFC7B802000-memory.dmp

Filesize
1.1MB

Download