hxxps://dropmefiles[.]com/YDT88

Analysis

max time kernel
458s
max time network
460s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19-05-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dropmefiles.com/YDT88

Score

8^/10

discovery execution exploit

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Run Powershell and hide display window.
execution

PowerShell
T1059.001

Processes:

PowerShell.exe

pid process

4424 PowerShell.exe
Possible privilege escalation attempt 2 IoCs
exploit

Processes:

takeown.exeicacls.exe

pid process

5664 takeown.exe
5724 icacls.exe
Modifies file permissions 1 TTPs 2 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exeicacls.exe

pid process

5664 takeown.exe
5724 icacls.exe

pid	process
4424	PowerShell.exe

pid	process
5664	takeown.exe
5724	icacls.exe

pid	process
5664	takeown.exe
5724	icacls.exe

Drops file in System32 directory 1 IoCs

Processes:

PowerShell.exe

description	ioc	process
File opened for modification	C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk	PowerShell.exe

Drops file in Windows directory 4 IoCs

Processes:

Taskmgr.exetaskmgr.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	Taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	Taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133605834576329449"	chrome.exe

Modifies registry class 53 IoCs

Processes:

regedit.exeregedit.exeregedit.exechrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\command	regedit.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\command	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\NoWorkingDirectory	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\HasLUAShield	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\NoWorkingDirectory	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\command	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas\command\ = "cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas\command\IsolatedCommand = "cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"	regedit.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\command\IsolatedCommand = "cmd.exe /c takeown /f \"%1\\\" /r /d y && icacls \"%1\\\" /grant *S-1-3-4:F /t /c"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas\ = "Take Ownership"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas\NoWorkingDirectory	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas\command	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\NoWorkingDirectory	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\Position = "middle"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\ = "Take Ownership"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\command\ = "cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\\shell\TakeOwnership\command\IsolatedCommand = "powershell -windowstyle hidden -command \"Start-Process cmd -ArgumentList '/c takeown /f \\\"%1\\\" && icacls \\\"%1\\\" /grant S-1-3-4:F /t /c /l' -Verb runAs\""	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\ = "Take Ownership"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas\NoWorkingDirectory	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas\command\IsolatedCommand = "cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\NeverDefault	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\command\IsolatedCommand = "powershell -windowstyle hidden -command \"$Y = ($null \| choice).Substring(1,1); Start-Process cmd -ArgumentList ('/c takeown /f \\\"%1\\\" /r /d ' + $Y + ' && icacls \\\"%1\\\" /grant *S-1-3-4:F /t /c /l /q') -Verb runAs\""	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\AppliesTo = "NOT (System.ItemPathDisplay:=\"C:\\\")"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\ = "Take Ownership"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\HasLUAShield	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\ = "Take Ownership"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas\command\ = "cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\NoWorkingDirectory	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\NoWorkingDirectory	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\command	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\command\ = "powershell -windowstyle hidden -command \"$Y = ($null \| choice).Substring(1,1); Start-Process cmd -ArgumentList ('/c takeown /f \\\"%1\\\" /r /d ' + $Y + ' && icacls \\\"%1\\\" /grant *S-1-3-4:F /t /c /l /q') -Verb runAs\""	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\\shell\TakeOwnership\command\ = "powershell -windowstyle hidden -command \"Start-Process cmd -ArgumentList '/c takeown /f \\\"%1\\\" && icacls \\\"%1\\\" /grant S-1-3-4:F /t /c /l' -Verb runAs\""	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\AppliesTo = "NOT (System.ItemPathDisplay:=\"C:\\Users\" OR System.ItemPathDisplay:=\"C:\\ProgramData\" OR System.ItemPathDisplay:=\"C:\\Windows\" OR System.ItemPathDisplay:=\"C:\\Windows\\System32\" OR System.ItemPathDisplay:=\"C:\\Program Files\" OR System.ItemPathDisplay:=\"C:\\Program Files (x86)\")"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\command\IsolatedCommand = "cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\ = "Take Ownership"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\HasLUAShield	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\command	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\command	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\command\IsolatedCommand = "cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas\command	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas\command\ = "cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\command\ = "cmd.exe /c takeown /f \"%1\\\" /r /d y && icacls \"%1\\\" /grant *S-1-3-4:F /t /c"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\runas	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\runas\ = "Take Ownership"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\Position = "middle"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas	regedit.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

4948 NOTEPAD.EXE
Runs .reg file with regedit 3 IoCs

Processes:

regedit.exeregedit.exeregedit.exe

pid process

5956 regedit.exe
1660 regedit.exe
2232 regedit.exe

pid	process
4948	NOTEPAD.EXE

pid	process
5956	regedit.exe
1660	regedit.exe
2232	regedit.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

chrome.exechrome.exeTaskmgr.exePowerShell.exetaskmgr.exe

pid	process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
1860	chrome.exe
1860	chrome.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
4424	PowerShell.exe
4424	PowerShell.exe
4424	PowerShell.exe
4424	PowerShell.exe
4504	taskmgr.exe
4504	taskmgr.exe
4504	taskmgr.exe
4504	taskmgr.exe
4504	taskmgr.exe
4504	taskmgr.exe
4504	taskmgr.exe
4504	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs

Processes:

chrome.exe

pid	process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeTaskmgr.exe

pid	process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exeTaskmgr.exetaskmgr.exe

pid	process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
3780	Taskmgr.exe
4504	taskmgr.exe
4504	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 204 wrote to memory of 856	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 856	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 1516	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2280	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2280	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe
PID 204 wrote to memory of 2108	204	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dropmefiles.com/YDT88
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x88,0xd8,0x7ffbd2139758,0x7ffbd2139768,0x7ffbd2139778
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:2
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4884 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5080 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3176 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4984 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3872 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5880 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5920 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5916 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5748 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:3636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1704 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5608 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6272 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4596 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7120 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5080 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7076 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6992 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6676 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6336 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7108 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:1128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6560 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7088 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6988 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5748 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4576 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6692 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:1908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5080 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5876 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7544 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7704 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6460 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7532 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7832 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6080 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7464 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:1124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6812 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:5620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8120 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:6028

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\Add_Take_Ownership_to_context_menu.reg"
2⤵
- Modifies registry class
- Runs .reg file with regedit
PID:5956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8376 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:8
2⤵
PID:5968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8304 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:6032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=2204 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8020 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:6080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8748 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8244 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8512 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8460 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8320 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:6012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7580 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6292 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8512 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9164 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9196 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8764 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8292 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8628 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7876 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9332 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9372 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:5164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9048 --field-trial-handle=1832,i,127895792974092733,8961426034333660712,131072 /prefetch:1
2⤵
PID:6140

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2508

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
1⤵
- Opens file in notepad (likely ransom note)
PID:4948

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e8
1⤵
PID:3792

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Take Full Ownership of Files - Folders Context Menu.zip\Add Take Ownership to Context menu.reg"
1⤵
- Modifies registry class
- Runs .reg file with regedit
PID:1660

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\SysWOW64\Taskmgr.exe"
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3780

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Desktop\Add Take Ownership to Context menu.reg"
1⤵
- Modifies registry class
- Runs .reg file with regedit
PID:2232

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe" "C:\Users\Admin\Desktop\Add Take Ownership to Context menu.reg"
1⤵
PID:4196

C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
"PowerShell.exe" -windowstyle hidden -command "Start-Process cmd -ArgumentList '/c takeown /f \"C:\Windows\SysWOW64\Taskmgr.exe\" && icacls \"C:\Windows\SysWOW64\Taskmgr.exe\" /grant *S-1-3-4:F /t /c /l' -Verb runAs"
1⤵
- Command and Scripting Interpreter: PowerShell
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:4424

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c takeown /f "C:\Windows\SysWOW64\Taskmgr.exe" && icacls "C:\Windows\SysWOW64\Taskmgr.exe" /grant *S-1-3-4:F /t /c /l
2⤵
PID:5740

C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\SysWOW64\Taskmgr.exe"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:5664

C:\Windows\system32\icacls.exe
icacls "C:\Windows\SysWOW64\Taskmgr.exe" /grant *S-1-3-4:F /t /c /l
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:5724

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\SysWOW64\Taskmgr.exe"
1⤵
PID:5592

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\SysWOW64\Taskmgr.exe"
1⤵
PID:592

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053
Filesize
105KB

MD5
bab28ce259e337dd887792ab3eb89b5a

SHA1
e2bd346f62fe4b429e27ac67493db825a507358e

SHA256
c2a4a30860913ecce4d4aab1da015413a0fcf6e9e69f57694a15bac4ade5c5b5

SHA512
3ad1da6c0f75beb3faa52d2bb9d9908b854f61e2108d819ef463ed342f0887564d8aa998ff78c10e868a041fdaa7cd745c15487c3712cf9bf549e25008d15f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059
Filesize
140KB

MD5
c1fee9b8f05836f486c72ce226a554c4

SHA1
19f0e8063795b8ad5c7c5a328b6e8331f07ae0e8

SHA256
2cf757d78c2bea6c5eac65eee22ec6067b4d685bd3a9e823c5a07afc5f2a9327

SHA512
575d7558e9263be604cb936412de6a73a6fb6ab07dd7d10af7ac7017334106188db18f32ef6db15a5cb40929b8ef8097b26bdf8a79487443a27b80772a4b8c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a
Filesize
64KB

MD5
0303bf17ab505ef511c499c69433cb70

SHA1
ef24d4276a7142dc8cb220e32c841bc2a592b11d

SHA256
96226743d42d49160cd5b450874a2d556c0f2aca866e9090b4f5605a515a4a1f

SHA512
e208862e2500e3a7bfc91533ca5bd48e62f0d5d1a4478cc6c23e4ff2ad6642443c6edf0a0ace839d2730cc418ff7db0dcdcfbde74785b4dcec750e3046002ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e
Filesize
19KB

MD5
23b27116b3c4831452570f751338a118

SHA1
7d554a38e31099d02daafad046e94fc1adccedfc

SHA256
c55c717441910dabc60477e7cc7c912c593b992a88fdb173fa8308735b07a69a

SHA512
ecd101f01cde501c64d961d050686245672426afb50ab00cb35e9462615477a267568cd3310fc7e5dbb39e345d0a30cb3b532ff2e0600b08a2851fcdbac13828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079
Filesize
20KB

MD5
37ae397ce6a552e78b137c0eeff45014

SHA1
159063b33b248a4f4bd6b289ad3dcddbaa70427e

SHA256
3934c934d83eab7421e65405da6cd20d5e7f075da91a0cca1bb4743ae06811a1

SHA512
1e2ae1dab8f7795bfdc3d291ad7ef510487a77a527fbfd7d15489497b8e54a9950e0a49cdda6e3684f643640e3971d8b1d75a61b5422c650fe9613f8ae687a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007f
Filesize
74KB

MD5
f7307680c7fe85959f3ecf122493ea7d

SHA1
fce0da592a3e536d6d5df5b50cb513398d8c5161

SHA256
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

SHA512
d115a6f0df1f766fc83a77adeff79da5b0a463c01c13532cf48f29ed53a0c4ef1d87db38b8e492fbc3f97a0d192a9a6f636b837e65fcbeac03bb6f36336ca69e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000088
Filesize
141KB

MD5
e37ff0d4416a8481f3aeb89420492e16

SHA1
06f80ba46de90e82bcf70554085c4a0fd3ae7e3f

SHA256
b1557195bd8756b03e934fd9c844925fab35abc621688ca41cdd9040d5cf1d1d

SHA512
bb5cb5261d2aebed208b70e192cfdd792159d483344e2cb6291d06888c6aee9a69e85ee89f1e77751df771fc5c02106e1cd4649252082d3c0def5fb55850c1dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000af
Filesize
1024KB

MD5
cd4af74982687d7a5e4eaecc6f437bad

SHA1
0aa4c5ba5f12ace377a8d4fb4bb6773973021e96

SHA256
b36c71e41bab9393d13ea77db7f2cb956ab619047f977d41de5c2bdfcf3d1778

SHA512
4aa8a89a55689569cc9fab81cd313aeb3246afc9f7359a79945d32951c0eba95a8920a80204c5d0556ff44bd0886dc67b5a838bb0887cfa37110b20f894c412a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ffa4a8335d9bba43_0
Filesize
242B

MD5
e186bac91c074bad7daea69a2b34d186

SHA1
87780af6ea53c614537873c5c32c81d8935b56ff

SHA256
e710b986c6c97da4632767d8cdead7a183b3c2278ee6b409660fcb05871a7121

SHA512
470cd14452c69165d61e48259281dcbb62391f095a82aa8f8d34afd35ba725be0f8f7710fed55c0e3868ef1f3064d1ca6d87aef565e3d1f860a6fdc40031f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
48ae2464dad83bbf62c4882ed139d1dd

SHA1
0436b91379bf2f2e52596db0d19648ddd86a1539

SHA256
4b1e289f4823b1dc5757dde11cacb1ad27786f2f65974350007947071b84f44c

SHA512
f93d1ce7b2d8c40d162afed7988649684cece36a5e78714bbc52aa7cc0df8dc4064b6c369316ac8590bdf509cac2b4a040ee61bd48c0ffa826de19d13ad1b99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
41c7ca85d3bc09f0ea1228d14a100fc6

SHA1
c5d816b497411cd5f924c30deeea2cec798d0976

SHA256
4436a2e08787b181c65fee3f8474653ce28bb36100a10acdba9bbc40a68ca9e1

SHA512
0854789165d03f9c8854f47dc4e234a03021f694049adddd6025858815b6c9b97dab175bc4fabd542706e8a91036913902d01b7e7c32ad745e5d2e15b1b8a5c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
1aa3e34d4f368e209024197fc33f5d54

SHA1
3f0b7e892409e69fb10165051ae50054ca940cdc

SHA256
694da28d6e906ba2f18fa1e14f23fb3ae5dd7b5642f1495b4fdb0eab4386db7c

SHA512
04575faa2b8ac215fd6d618b9089d20c6d4ebb61a651d6eb0f1b7febf477a512e4f95e1e1fdf8fb199691cb89f1aec33d8e19aabe66db8039fb243b38a99e633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
816c60725917fa74ddf3b002cfc786b4

SHA1
314826b7edc8191512fc543ee1581d35b837620b

SHA256
0827e1f3cabd47aa6c123187ab1bde189a28666b0e94be3bc0e400f586bec259

SHA512
f9ff271b57aef84f3246a65fd7688037d47a970c662b92e4d99aa6dcb7d42f897cd7be283b21520a828ffa4b587ee9e6fe47efbfb484d2139d0820ea46eeed43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
b5926e7d520d093aec2cd0d9379908b4

SHA1
892e25df0bc4018ff185100bef1f380d16eb6357

SHA256
b0a406aaa5006375f30179041f1cade78a0a579902e912010e740ae1643b599e

SHA512
d3ea70281beef788aba41ea957948039205d8fc1dc854db8724c3babec3dafb2d67cd5fa1c27b80ccb81365cdc91a4737da7e185313136811ad0a61fdf3bda2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
9b0d5845337ac5cd1c494ac9257fbb31

SHA1
29c1f7fc9eb67806ff1f8d5eab7b528543811c40

SHA256
e632025864b18871b7b77ff0d2dfae7d67a4aa0d58869910f034c9059dc887a0

SHA512
5665a1307e21562ca09ec5cc61eb06acd1ad41f821296873879d238931cdf34ada9299e9059a0bf6477f78d674e3b554dbfa696f0a907d87053cade3437f1808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
835207766c4a4034313c55c7ccadd8c9

SHA1
33124f8aea4498309b1373f0570507a693052f29

SHA256
165fe102071fc3604f2243069dff0627409157e04d881ae367c795005d70183a

SHA512
ac594e9944eda8adf3baf4df2be3dffa46b9e9fc6604bb8b6d137734cf15bfaf99369b6c09c7c1a746b40e36125679928afe94af3512f9a72e71aecf91beb53c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
6298605a17a32f9b4b8e95330e5b01ca

SHA1
5843cb5c5f5b72f8b1afc16254fe086c091f805d

SHA256
e71d56b650b2eed8c174e3c6399a3b794bafad5d51413504f3c66f6baffcf3a9

SHA512
063ac4289d108c973848ea9922ddd91c9272414036133e247fa011e5f8accdb6142d789fda37d22cb91bb930dadef74bebffa74fc33a5a11630f8d5afb0a8a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
bad60a0e7a93b8302eeceafdd78a6d2e

SHA1
0e363e466355f5d89189e32275c6a3f759dd7a44

SHA256
2ed9affaffd0b9f6da10349da13af8afb91540bff6e1822d3d1bedfe97fc49ac

SHA512
af55ad79de2774284f1fbc4f9a4960927458f3867d0c926e73ea4c190fc8723b654e0136f4521aa9f4451a76053068f87cdb50792be3965b948b6647967f3db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
11KB

MD5
cd8175b30293175b2d296ec7f4e86557

SHA1
88e363a5e4da3ebca89e52632281e03d6e7278f8

SHA256
a0ea6ef337bdb8bdb1e72be91bb63d697d1268f16b7a099ebe234768d10e0882

SHA512
cddd4fd1a640db3380e0e36bd52b1e0a872218455aebc5ba87cd3e279397569bccc3efce774149ed1c7f9547e5c908b7757705b86fb29fa64bf368c03b240443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
357ae26340a928a51fa4bd0e7777d655

SHA1
cd617120af5d091be236440335f62052fd618fd0

SHA256
fd8cf149fcf20dc05df81bb8a05a62f24361c1b5214c167e6fdd0909b29bf567

SHA512
f5159d72a3e4701b03773d18d6af5f7acd8f9394ce7c1abd2d096aef792b0e183935877f94a360d8d2c4583ea8c1ff7feabfaaf8c18c4e14cd8acaadd70ab2fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
14KB

MD5
e6f8f697e5fe704209b8828ea50638c2

SHA1
19b0cd651934f832bcc0924f5512a37a4a446e0f

SHA256
f534a4f956374b83035f8ef644ea7de9385e557e1a336f39c3f361b1186bca65

SHA512
de7526a3abd776e7d6edb32d3a742287ee9028a18015f9127ab7fb1adc641319d0a3933b95a73d40a040f720d149dec5b8a5531b98231b5016718dbe25fe0c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
22KB

MD5
b04f86e942567ca72289ac2b347ada90

SHA1
1259e77412f21593f17a48179c1505f16dbbeb85

SHA256
0cd4ea03e43902cb6aac9572ceea71f0f13c58c1d6c02e8d34a276a030addfff

SHA512
7d347b0da9773f1936e31765fa8e5e08595e4ddae3933a6a46ca100543f56eff16783c594ba316d1d93983441960d3cce340420348c52412aefd64bbca7da69e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
be9bcccccb8d18e117f72127263d0630

SHA1
ad5552a44cf9e14ae2904c31138bfa341fd4cb1a

SHA256
624dcb6b7c17832053ff10c58b7c60f09b9b9bc9296ba6315fc5b2f7412ced79

SHA512
fdfd5c8592eebd0a8906e0d2f5767fe3c9ee71d2147b8044684ff25950f4f45c5abff56103da107a2a562b9167d2cf1da96eac2bf8bd9b48d2839097cb349794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1035638b9d77601f724d8fd36bb0d8dc

SHA1
e61844b992283041043f1b31786ea7386da587ea

SHA256
d436583b76bd22690adeee669b43eb9a8a870b7dae8e8c0c0b2e2f8f53ca1d2b

SHA512
c39c9ee079c9b91418ff72c5cebf32d3533531fc8d322bbe2d19cc7afe22930b484596047122385adc653c930fbc24e50ceb8d9bd4a1d687751d6e054e379a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d0d27abdccf9888dc5cbb3a20b0d9a40

SHA1
2495c25f69f747e073cab68f5a5ec000cf573af0

SHA256
dcf9659fcac19489ef7d4270173b60139f620f5f84f0a380c157b01d9334ceee

SHA512
0a12ae39cad56b6ddd9f62d4527da381d4cbd04b6bafe30d26f8ff5e385911a060d3ace99654f2115c7691abd44ad694fcbddddb35d497505df479c6122b54b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
eca9d18dbd40f89587e7d2cbfe97e9aa

SHA1
ab96436bff7d172035fe29888fb621aa558a2479

SHA256
46b66642453165d2bb38fc81b17b1c7a006f2578d780784679619bb3bc238423

SHA512
c65ab49981173221128ec7133bc3b78aa0a0f13c72f1c84a2cea94c6174af941d38a4fe4d2c536339badba01033f2a84e6e9944f477bdbfa054ccd52dd0deb20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
43059688d25497072ea2b3f2d0d3953d

SHA1
c802666bd2dac87dffd2d35720758bebac22f968

SHA256
94d3cff48ba34c6636fb5a6a7ef16de38cec8669d38d7184a632cac889afaf3d

SHA512
c1d85b439878945da044a34870ccd23bf33baba2339a9f18ecb42e8b2eeb936f15f67351607703909b9226bf61a099260058db88a4ae4c52f3faf89eb75501b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
78a1ca8ae34560ed9009003899fdab05

SHA1
c0f94838994f9c82dd249ea70557c90ee55e0173

SHA256
4d623a77cd768aacd454fd72d688b69ed8adf2c1e5d5913f1e5a8b6b7f5f93ba

SHA512
258a18064368839679408942d7940ed1a779b74803159c9ad5569cf5db19d72bec83533e5758f0e4aef34cd7ad977ef4daa4624ddbc0baf2786f715eaf652d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
80ffbd067c4308d00d6b8f4281597e2d

SHA1
3191f4aab37b8f01325e9d24a87adfd6671674bc

SHA256
866f1f4396c64b9e369228d0d0aa61c326b8623d507b3cab3d2a23378f9261d3

SHA512
09df92a5c07acf9e68692a2fb31eb9cec40721ecf546581f7f30dbcc787c2af0417bedbdd43a8fe4a3ee484c1675eebf4194222b6d3f733df3ecceccff32393e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
47e8b791fa085816f0ed48712d9cf9b3

SHA1
4e211480ae527187d3d1aac99b8fd40b0a8a6673

SHA256
8bfff8e1f0ad5a484642f63f4a58f6a7d822565a65baad1c2e0afd1a5e83a1e0

SHA512
36b83b7d6b75e2787400622aee7a06e40d2fd82602f6b813f4da821317172c4f447ffe1343cfb48091c18678ab376acba8df6b93e07c84914ca420bb3bf41ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
534928985f517e544682c28d52f281c8

SHA1
94502c428199ac3b760e24f377e5323eed29f172

SHA256
de613c6eb42c9ad9a11c644fc9e6ee96056a727b415c6c94c950f30a90fd135b

SHA512
cc69beb2663fad981ce048dcd4f02cea8aacc6503cf7ed5d762bb912b38021b64f9c577d34475dea86319a254ef8488e3c4dda4f6b2bccb6223a53b7dcf4806d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
81680b65453cfc245513b6bcd4ac1067

SHA1
14ccbeba44ed5bcb4a869e58876332474b5a57f9

SHA256
12d6f8c942f98d4273ca84b3879d68fc8d67c24c48a1aeaf194739708cfbe1c6

SHA512
edfd640839bf923d8071d2828c204503f32c5aac1549434c6b904e4808642c3508d48601a472b12daf265285e5009fdd8b2b5227a21b93a708ba1503c7af8ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
caa558c12dcb44d93b175644ef7e7a1d

SHA1
8e3d22f2f8fe44f49635345deb5b787e5b0e1ab2

SHA256
9e1bc300dd9443b2ca6e4f70eb6ba6bdc2cdbe427dfa5d4880a9bcf508c1042d

SHA512
d48363e4ab256bb0328cfcb656794888d228b6e7d85387a28ae02751391d6acef7b4b749c24352cd3b9a1df1a5b65868abdb42866f2a88664d4fbd992407f925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2bf034f7413802093c1c23de3c188daa

SHA1
fa78212231362ca1b3343b5eac7e6d1bdec3fdc5

SHA256
6c1c9aa2972f08543734a9e7caa2a45edc5f01bb6b96d152e76c5d771e3c84ed

SHA512
3b354526fb488702395179b571bc165891cd63aeac1d346f81bda4c72932cd4cd98872127351e81855ac6c08a9ff1903a66ca3cf68652b6bfdda4acfa40837e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ba9d82f1939bca11022084f789489b3f

SHA1
1d5a29362e7265fc81c08c16679be7b8ce9dfd17

SHA256
7a82742bd6f57cd1d414798ebc7534e63cfbce83407b42dffc4f3e078f0bc14a

SHA512
43d905a3b05b1a02799344b3cdbfbecfa5ba985ce5419c72a2fbaa421f2cb30295ded069b097ce6cbc6eb0077d3e5e1c777481ea889c71aa102abea381f5a2ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
69d684805eac4bf3ec9ead1f3748eade

SHA1
0b35b9aa738902608223973cf07e015ffbf8f35c

SHA256
f42ab3503f9043957b53d484a391e5b5fc957d75df018ea341f212ee27270e57

SHA512
a3e9c7abeefcdfdf74494b46b1e63c7baf87ddd8c97d28b882b7033be7ec3bae3b88d2bb39bbfe2539e81927e431abc579bbc913fd64ed8a144038610d375446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
c3c151b28d45a048ac356d404173416e

SHA1
8337f40a2e3cf974fc2c113e2e09f2d5a3437cf8

SHA256
abca6905cc2c1d01c05353eadad730f1ecae5ad31533e7b64756eedf798bd9d0

SHA512
ed23a222856b62a8e4875b62bdd79f9f4dec620e677dbbf5985fbec75f059997f731bbbec77d1d702c65cbed158246b553b2d938905bc75682248312ad2fd823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
95086019420885d532d2e27843bbd4ee

SHA1
5730ab7e74cb0f396b17d307ddf1015fad7ca9f7

SHA256
e5178ff26e4b05634112aa9629ea00e313767268129b83267f34219ac4c4f3fe

SHA512
f6cfa01807bf85ee013ee6d2396d8dafa907aa68727220b77a322fd7b083c3fde350519461bde90ff1794fc93214293815ea44f2b2aea8d77a59234e0220a8fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
52f3f4339de4350effda1c9ac8974d2b

SHA1
5f827d1dfd2d90a7dac058d854b00070cab2ddff

SHA256
7cb46d7eb8702316189968f21206481d2ca2206e6c89ff9345edb5b806f94dfe

SHA512
f63ef078963745d45abbdcf4681e4eb5e9a50a241f1d0da61bc9e16f0aafd2635788d81fb82ee56439a2a62efb21cc14a8d6e60626d5eeaf6adbd20c30bcd1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e9ad6c72ff69083d29db4fceb54f4022

SHA1
c504934cd54100a17b6d1d56743e9744f76520a0

SHA256
bef68a668c1959f91c3ed6012acb7bd83b7a68c912cb53bb05b9cf6a6b8cd9a3

SHA512
858d0b96ea6045d8469945ee5d13bd02f059aa9acd52ddaea4e6d46fcfd38d7b84aabfe5dcf1ef37faf16e9d1d3259835a143842e22ce30e66a044e310ce2048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5bdae32d90999ed8e152da9b2965aa08

SHA1
15531d952499e4a1200efc47ad0ac23ce1f098c0

SHA256
4792f7650635fa331dc95b8fa8c69a9cc3f878a60bc63c1b7d0eb30735bd4ad6

SHA512
8a6e4df82f66bd34f1a8f250a4756f55850bbc4ec6b3dc145c8f097c31ea19ceccaf7fdfe36b77a3d82ee01e7c782ba1d4ec26fd0826d09adbc225da5baef579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
daed818289a7bf688d0a3ef9b0bb3968

SHA1
f180d1f98ba29bca33bcd6d0c3c6a12419d90edf

SHA256
59747016948ee8a0c827f4197c0a20498074fa782d13b3b4800c261d974b66a2

SHA512
ed574287e8f37722ef9e77428c4b1e97de84cb2a3353ee596ad18b3e1f185aab8dd8122647dee81904f6dcc0ec5b0623583724fad67c7c243d7529cd7fbe93d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
157KB

MD5
5534496dc10e21480a679de2bcef3cb7

SHA1
b31196daa85a5a53a5318639021662949eb776d9

SHA256
1bf495d46d94336881e03b0871a84f69a2bf553665fc004e9ba5087067172305

SHA512
caa4e7ff046f4f7ef914dbf8b0dc072fef7824cf71d9d3500fe0f50175152e93256586ede9a9e5649b94a8e8c3fb4d5384fea9ee98fd9acd9d56bc905585ee2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
48b398dbe6ee88f374be59a696d8e350

SHA1
c6a2977d42edbf6fc031ae4c85365cd467748954

SHA256
045dd682c7f07c4aabce75750e73950c41efb16baee5e2f37290759053c74709

SHA512
69e8a8c4d50dbcae596f4b7f9077067cda345ea93563f30a38421048010ac695b757a7011de91d206920eac116674b87e9ffe7a6c725f4bd2dc2b7c552b09d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
60c06d40e51db4d2edabcbd950fceb1b

SHA1
298b52b2d9059e0dd2f8173eb5d13d913580cccf

SHA256
129efdfd1d79ebe399dd1c13c20822094a1121773d6e56be8453d487db745f3d

SHA512
2152e39e471d50533a6c3098c9241003cf02261f9c54fd227355e8ce692c8b618cd8b95cec13a7e4964f058424336f55f285a46f197776be48472c60aed8f9a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
137KB

MD5
e9ea2b2b73770ad80fab78afe6c868af

SHA1
db01b0c0525818537ce3d79ae0225deaedeecfdf

SHA256
b986dcb010ac5ac9730156647f09a530d037c3ea5523adab1df38662b1c6c52f

SHA512
92b60c8765b3f7c2575ca0cd04272638ffee0a0bd5e3a86fea7d6ed258c8e243c2835709f437e7f6ceae8e72040e40848af7fc3c2d3dfac05680eb7646896fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
f345c9c29b2fcc55991e9aceb6befaaa

SHA1
6caf05a6850a345502e59bf83d7cd3001c2d0bf4

SHA256
267adb756582165fdb674b8d128af38068d46f8d0bb78f246b7ecf1e80d55fe9

SHA512
5a75b41e1b5c16e218085e970d7c3edc1e7ecd45f0626093d575385612dda91c49fbc20171b248e15e0e68caf90e46c8cdf051e553695ba3cb0986d885be06c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
115KB

MD5
fc7672b56401848edad508cd2c1c5d1a

SHA1
d7601d6e1b6ea3416a1a46a8f55fb9d90be52b4d

SHA256
fa9dc77070ec58d27226c971e96255d22de0ae110ed9433d21ef2b9cd7a987eb

SHA512
61f8e7faec0afc8652ce6ffc0140e4519ce2e7d23e6fb4d18ee60042a91784b2fbddda68084f3246a5d23bf0478e91526a9ccf427f5ff8323aaf3ee55fd16f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
c7193396a3c7b931317cb87237c04644

SHA1
3a5cdeabfa2c51af1b0d800a5beba987eac1b2d4

SHA256
78281dd61e2168b79f9e1cf33b18e25b540df4e0d1ea7235078ba3aa5808e1ba

SHA512
ea3abd09c9cb94ba0dc120a6534bf4b41a26735bed1efacca63bc9ef32e8717d9d72f86289de901b7c1fca1993dbac66bfd11cfd4fb2d78a4dd54dd9f3c9aba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59e545.TMP
Filesize
105KB

MD5
d377357f0902155062843e19e67e24f6

SHA1
438bf06acfdf5dd62cc0fac3d35651dd6479cfdb

SHA256
d039f52a5074ff01861c05be3d51807e08b0ea66031c483f23a110f17f698b4d

SHA512
da4f46d1b9f25dea58fca78b3216d6ecfefd7dd5e06f4152b94fbafce52c1f09a563d57768ae5bfd60bbaa4f0b716cabea35c7b45172a50e1dc9753fee31ffd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uam3eyie.v5l.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\Downloads\Add_Take_Ownership_to_context_menu.reg
Filesize
4KB

MD5
3302720c5b21bea53bf09b45a449db08

SHA1
a84e92d2ee19ce48dc1cf17ae8324f847f04c802

SHA256
9499237ab06517aa94acc007e3bce30e4c2f64bd02d88b54faf2f9ec01fd2128

SHA512
7295c60bebb15b7627e174e956dae804c9f5bac92b6c6978a6179576367ef365d01f06b2f59516fa6402451c47b578a5806827b17e24c6e7d67c11e137d81ab1

Download Submit
C:\Users\Admin\Downloads\Take Full Ownership of Files - Folders Context Menu.zip
Filesize
1KB

MD5
b424e72dccf140ff5fab6ab4d57d87df

SHA1
3d8de41f404a47ef872c1c95a0ea4139fd63ef94

SHA256
918fc9d10d959b10d77067131355efe41a32c1f03f3aa6bbdb33502820e2bdc1

SHA512
567badc12a3ff58da99f515381df2c158993fa7dbe7b61a08c0e6e6166bde078832eb65b57f7e312afb32520afa028977717bd5f90c1edb1d6475a248767462a

Download Submit
C:\Users\Admin\Downloads\Taskmgr.exe_pass_123.zip.crdownload
Filesize
1.1MB

MD5
d507bbb5b9959a57fde4011d17acbd9e

SHA1
2d0661983f4b89249d2b97aa3aad940cd54ce4cb

SHA256
c0f5ee90410dd245029c51dde69aac9fde4a4f0db6077b35a04ba888d7beeaab

SHA512
599cd190b115e382900aeace04641772820fcd7c484f6bdcc70e95c6c25bfc014700c02fce656357f8ac20e7272093b50b38058291dbd5e01dd0b2b51c8cdbb7

Download Submit
C:\Windows\SysWOW64\Taskmgr.exe
Filesize
1.1MB

MD5
bec812da8d8d176ae7fc130c102969d4

SHA1
8515e0cba9ae4e42a7a365a9a5b82dd596f3fa4f

SHA256
35f08369c237d6955536ae588ee1dd0be09fce55d015ec9e5159b9bb3893a320

SHA512
c1775234c63e8566bc10b78a1b5ea9d794f2a3d52daf1bace80eb9e422ef426ebca570b3cc289110f3b252a08812fbc573d81bc57502f40ec627a3bbddb41d2b

Download Submit
\??\pipe\crashpad_204_QRHDTNRBNSOMDZKI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4424-1308-0x0000019BAE4A0000-0x0000019BAE516000-memory.dmp

Filesize
472KB

Download
memory/4424-1303-0x0000019BADF30000-0x0000019BADF52000-memory.dmp

Filesize
136KB

Download