systembc | deb1116c4183fb13e12441140167656729cf3a6b32b6488f2b6b72d578536e01

Analysis

max time kernel
227s
max time network
215s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

880E.exe
Size

4.3MB
MD5

d4bed9420bd66fbf3c483e1dacabb726
SHA1

5e07a0b068b73b2c98b8aa44d96f2ad3b1b3b5a5
SHA256

deb1116c4183fb13e12441140167656729cf3a6b32b6488f2b6b72d578536e01
SHA512

2cc92afdc2fad8b2897e392461fa4ec1026b1ec22ed8e2c587330b107dc5298418ff9eb5f3ffabbd0c06cb1c869bf9bdc8a388e4e2382656b60a1637f44156b3
SSDEEP

98304:0nq/d8kCBelMyQjujDW9tBcg2jGqwwAXSY+139YOtYsnYT50kB3tiX9b:rcN5ujyp8jGqwwCq3t/2Ntm9b

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

204.137.14.135:443

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620103726306751"	chrome.exe

Modifies registry class 51 IoCs

Processes:

chrome.exetaskmgr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "2"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000b453dc33d697da01e0cbb8bbc6b6da01e0cbb8bbc6b6da0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exechrome.exe

pid	process
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
2656	chrome.exe
2656	chrome.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

4268 taskmgr.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2656 chrome.exe
2656 chrome.exe
2656 chrome.exe
2656 chrome.exe
2656 chrome.exe

pid	process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskmgr.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4268	taskmgr.exe
Token: SeSystemProfilePrivilege	4268	taskmgr.exe
Token: SeCreateGlobalPrivilege	4268	taskmgr.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exechrome.exe

pid	process
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exechrome.exe

pid	process
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
4268	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

chrome.exe

pid process

412 chrome.exe

pid	process
412	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2656 wrote to memory of 3840	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 3840	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 1676	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 348	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 348	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe
PID 2656 wrote to memory of 940	2656	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\880E.exe
"C:\Users\Admin\AppData\Local\Temp\880E.exe"
1⤵
PID:1696

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8824aab58,0x7ff8824aab68,0x7ff8824aab78
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4296 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3900 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4488 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3568 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3100 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 --field-trial-handle=1948,i,18343521226543377264,1869609383917273148,131072 /prefetch:2
  2⤵
  PID:3736

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
207KB

MD5
e955953b801c04327c1e96c67dd3c618

SHA1
f9061d3780f153e863478106bf1afd85132bccb0

SHA256
e8965a2d52ef25918ebee58ab6971745d396177a7943acf1ed53a65bb4dddd45

SHA512
6318ff1eb838954dd73dab5ed891d47f4f39089fa5e899d30183c32269c5620bd09d169af4cf8303e3d5c2ebab23cfe9ae5d9fa5c3281023abb009f66a25782a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1768eb6bb87eed32470522405ac01609

SHA1
7a477bdeaf74117eb300f9057e0f8586fef51442

SHA256
937e3add10d493517355f2ac1aaecaad6a80ddf8060cd1c4a7e8f17860f7ecf2

SHA512
fe0987c924d387bdef396884ef622c9c0e818e78c7ad82d920a991b0488eebf34ab6f198c31f7e200e81aae6eaa54deb4c603dad6109cb18577f6d1e2d0f5d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fd969234201ffe3c2455043abcd3c4b5

SHA1
fd12aac7a05b0fa4baacec36e2b1e93089f38de2

SHA256
127f939bf56a8fddcf8b63775311efdf24750c48f83ad98c91d3bbfd5196326b

SHA512
dfd2080c71d515b1c5956681538c5e7c422fedacb1eec553f1c2711ad1fbe44f5a74b1bf80ff6ae3607057e3e436d47f697f0739f48d101a8d6337091e22780e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ede55f7107fc9ce9f260797bdbb7be8f

SHA1
766c583caf922c32fd0a2d6ba38dbda063666b4e

SHA256
e3105aa7d2667db2543d3164e31e6b9048b0d3cacc36c015845caac05a97dd10

SHA512
2c83e43a326f7442c4f2d9e5d95b4829ac07b9c9c84a7050b979ac7a5e863bcd190603dda86eefab15f96c033168cc52d069bf2563ab8876ee70e89e0b7aed4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fa586839d6cdb66159669079e7e0290c

SHA1
78e19883b67019d70911a9f13b40932eb34aaea0

SHA256
798e1790d27bc4d4535c9ffbe7dca99c5ef6c60a152781431b0392f9c8507957

SHA512
85d6c39ff08cc6cf01a582678ab9acba7cc77d3fb95cce9e2a49c5d36e0b508c72eb887e1aba1e55418103176d74d592e54f2cdc665bde16950d574fb325e1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
02b632d5e43e924e75ca73a4f68f5497

SHA1
9650c7edc51f836f5e3551267040c68745d4d5cf

SHA256
3d07f10262bab8743da1c0e862edab840d1d9a0ef101de16b70df6e3628c4a82

SHA512
901abf96e29191a1848c520b2d66b6b28ec795e55b522329f54ed4a68688dd6a1f99b1d15266e07871d9cc706882201cbf37c49c307105ce8150de50e8159a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b813b6cbb5b46a2aa602181f1e45cf96

SHA1
5c5865a84cdd0ceb945423e564a373f98d2891ae

SHA256
ca302483d13cf4cbb0bf9799e947fc28d23b1610928e190016fb47941735aee3

SHA512
7f831f60b6e500ceafcdcd15c85e7c2cfd46a96ada337b096c541d8d1ecd57872e9fc933470a9e1fa3edccb6332b0d6bb529e15b689b229bffa91945a4281e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5ab863d1fbd1984d062088e8aae585e6

SHA1
b99422f7bd5395e7c2b42cf90f85b9685dc68391

SHA256
664636c60de5182648d7b5bf911fce2fc0b9a730279345f106c6034c21eaf9f6

SHA512
043b4ba5daf7504eab4ff698c418a7e8dde10d270338db35993f1127ac18f299cf56a717f27189b6939f36435918ff644ccfdb340b8517cc56925f5c96a23c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
ed3a2f9231451dae4fdba3f5076c1190

SHA1
496c6a92c78a661510ba4784cfdba3840e0f3e0d

SHA256
9fc8260378a1eb0c789ef507a452f33ce09b9a26d19283187c6f1a1c41e5fc81

SHA512
14c021d4aeafef780b5c411949fa9acba8b90dc507d8f827ff02e224c95cda71343a36a61480fcc0f37883427d776dd32aa6269e0036428e11a6e256fdab6957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e3ef03b528c25a1e26bf1a33bf511e61

SHA1
d28f4ce41de5d446b9dabe679048fcced21d0af6

SHA256
2dceda7eba608f41f0d46d516f36bbceca3fb42586166c695a0e50b748d83b8b

SHA512
a8730f2774ac3334f8bba3b7dba12f621b89295b109e3abb793e73e7d110401ad25c4948e1c9bbee07da34d6f133d3846c66d7dfaa01bae20820ff5466d513e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
67108c688d36cc9d9c17107d6741f0d6

SHA1
4edc12cca09e0e409fc465da3dd1d5713fcd6e33

SHA256
11eeb00be00b7afa762f3415c59edd51fcb04b08a83f4d3748c4f1f46fb01859

SHA512
db2f7a078eb59d788264fe8c6f2880b6505d0d9c2373e2c2888f9ad6729a152fc034d0371c32cbe70c32d121206a4add591e6d1270e9df4fa5f8386270b37381

Download Submit
\??\pipe\crashpad_2656_NNFCRSSDEJRDVLRB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1696-2-0x0000000077690000-0x00000000776A0000-memory.dmp

Filesize
64KB

Download
memory/1696-10-0x0000000000020000-0x0000000000033000-memory.dmp

Filesize
76KB

Download
memory/1696-9-0x0000000077542000-0x0000000077543000-memory.dmp

Filesize
4KB

Download
memory/1696-7-0x00000000001F0000-0x00000000001F6000-memory.dmp

Filesize
24KB

Download
memory/1696-4-0x00000000001E0000-0x00000000001E8000-memory.dmp

Filesize
32KB

Download
memory/1696-3-0x0000000077542000-0x0000000077543000-memory.dmp

Filesize
4KB

Download
memory/1696-1-0x0000000077690000-0x00000000776A0000-memory.dmp

Filesize
64KB

Download
memory/1696-0-0x0000000077690000-0x00000000776A0000-memory.dmp

Filesize
64KB

Download
memory/1696-62-0x0000000000400000-0x000000000084A000-memory.dmp

Filesize
4.3MB

Download
memory/4268-15-0x000001C0B4110000-0x000001C0B4111000-memory.dmp

Filesize
4KB

Download
memory/4268-19-0x000001C0B4110000-0x000001C0B4111000-memory.dmp

Filesize
4KB

Download
memory/4268-21-0x000001C0B4110000-0x000001C0B4111000-memory.dmp

Filesize
4KB

Download
memory/4268-22-0x000001C0B4110000-0x000001C0B4111000-memory.dmp

Filesize
4KB

Download
memory/4268-23-0x000001C0B4110000-0x000001C0B4111000-memory.dmp

Filesize
4KB

Download
memory/4268-25-0x000001C0B4110000-0x000001C0B4111000-memory.dmp

Filesize
4KB

Download
memory/4268-24-0x000001C0B4110000-0x000001C0B4111000-memory.dmp

Filesize
4KB

Download
memory/4268-20-0x000001C0B4110000-0x000001C0B4111000-memory.dmp

Filesize
4KB

Download
memory/4268-13-0x000001C0B4110000-0x000001C0B4111000-memory.dmp

Filesize
4KB

Download
memory/4268-14-0x000001C0B4110000-0x000001C0B4111000-memory.dmp

Filesize
4KB

Download