361cead7f8f13617de7ed6e66bd3a5cd0e6e89431e65e6665f43197d977d9de7

Analysis

max time kernel
270s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.js
Size

10KB
MD5

6db1d9c2088fc992e841de715a9a162e
SHA1

8dc7748b9d4d59dca2b8d61d34b78e2cb3fe3455
SHA256

7f083ad549cf5563a6c0d4cbd34e92a8727d42ab76da6ebff587e6367ce721f8
SHA512

aaff61cd929387c3c8c530073ed3ccdc31740dfdf4578c87ba1b57df1e9f1e51b937f60894e456af9c14cd004486e8cc6c06b2b202ecf97335dcd7cbf745cfff
SSDEEP

192:CG/JS7o805i3VVuKI1xRdk7khbq0ywL4sh9zt2mQSD9NFMNbxMd:f/JuoXpKsxRdk7+bvVfh6mDdM5xMd

Score

5^/10

discovery execution

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133665001789641597"	chrome.exe

Modifies registry class 61 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	Notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic"	Notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\0\MRUListEx = ffffffff	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Notepad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1 = 5600310000000000e958f873100057696e646f777300400009000400efbe874f7748fa5862a52e00000000060000000001000000000000000000000000000000a82e8400570069006e0064006f0077007300000016000000	Notepad.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1705699165-553239100-4129523827-1000\{2F2B99EE-806C-4850-B640-9C558B3FECF8}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "12"	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\0 = 5a00310000000000fa585aa5100053797374656d33320000420009000400efbe874f7748fa585aa52e000000b90c00000000010000000000000000000000000000008e150401530079007300740065006d0033003200000018000000	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\SniffedFolderType = "Downloads"	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 0100000000000000ffffffff	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\MRUListEx = 00000000ffffffff	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\0	Notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1\0\NodeSlot = "11"	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Notepad.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
5204	Notepad.exe
540	Notepad.exe
3520	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3744	chrome.exe
3744	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe
672	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
540	Notepad.exe
5236	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe
Token: SeShutdownPrivilege	3744	chrome.exe
Token: SeCreatePagefilePrivilege	3744	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
540	Notepad.exe
3744	chrome.exe
3744	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
540	Notepad.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe
5236	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3744 wrote to memory of 632	3744	chrome.exe	96
PID 3744 wrote to memory of 632	3744	chrome.exe	96
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4280	3744	chrome.exe	98
PID 3744 wrote to memory of 4112	3744	chrome.exe	99
PID 3744 wrote to memory of 4112	3744	chrome.exe	99
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100
PID 3744 wrote to memory of 1240	3744	chrome.exe	100

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\main.js
1⤵
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff0175cc40,0x7fff0175cc4c,0x7fff0175cc58
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4964,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4356 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4028
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x260,0x288,0x28c,0x284,0x290,0x7ff65e194698,0x7ff65e1946a4,0x7ff65e1946b0
    3⤵
    - Drops file in Program Files directory
    PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4428,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4028,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3380,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3476,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Modifies registry class
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4752,i,3003634831814928507,2823359094956656676,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:672

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5268

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\AppData\Local\Temp\main.js
1⤵
- Opens file in notepad (likely ransom note)
PID:5204

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\AppData\Local\Temp\main.js
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:540

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5236
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\main.pyc
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
331f41e54fac2b3e08282d8e08944126

SHA1
bbb952e22387b312bfc43e07407f4371d0fce507

SHA256
cb53250059770aaf08932a8cce17538b8b98944176df86232ebe03a6f560f6f4

SHA512
0fefa395f1f5034b30ef461fbc947e1725dc9cd133dab30e319bcc7cece08b72ce79f31b3df1b9ec4ade5e482907f14e4601dff3d7271ac2ab9ddfc46a4e7dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
91f26f5d1503d492edb590cfa07b9a6e

SHA1
e2b6b985d558182f5276bb46d84101204dca2b25

SHA256
395147e8ab9df1ff275064179ce8513789507d76fd4e66868ffe01031672f8f9

SHA512
ffc059e9c20deb2e52e2bad8be4da65942636c84091e55c1a0f777e9768ca8eb4d33a1902e63586a73a052ebfb819456733d70b0349a7cf29057403fec534ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2f7ae8e249624728a286f967e6cbe51b

SHA1
2affe091e3228e75d60d0e012c47ef4369e056f6

SHA256
e6b2f8b943fffffc0c7057d0d8238cddaed9df25ae1478926500521e9fd17ad1

SHA512
c1aeb04577e9363322a3fcc11a243b67de61e0a464ef794011af1cffc7af5e13811fe4032449216c0110311b0bde1e06c3f4849cfe5637640c0b7dc550a96cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d79bea63ca1177c6a87834b832aa0427

SHA1
33980c4b4c6a64b95ec414bbbe80c0111c6f1b64

SHA256
7e25bb63001c6c001345ce48f6345203f52c2859ef634ac49ed755747e07809a

SHA512
3042d820a10a164428df7122ccd44220c276a8b09302b328f932d65faafe157879587589356025fa05466e1a4d1c8c155cc3f8087057bb8c440871ef5cf81592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
8caff274fa207ce4468bbaae7edcf160

SHA1
e54f6253a5059c595bf62ad1a4a7a4d25f6f6737

SHA256
7ceebbf52cf73852a45572c477158b9d1c8e4a60a678a799855fa64f6a68fb83

SHA512
529c2b2cca27189433bc77e64a1311c04a011e8e91fca41ba2f7c6ec41046f0b02a3845c1aca393403e211a6ce81ddee0a6eca0e984c667947ef9af37170596a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02ddf2d54d435074cd35d48b4a611ad9

SHA1
9856d8c72af3319bd0ef51788b8f93899ee9e132

SHA256
17d1852a818eade9719be845e71e589544ab078066417b7f68e2ba27bf27f6ee

SHA512
f443d39526278bee1af641e69239136551de0122e338db6e1e40afd01dc362f041224f1ae93f96e67c7c79bae26fb7ef652e6fcf5034ac8dceb16c2d38afc670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4421a81e2cf22a19bb73a18411de1442

SHA1
9a6c59667961ef9f9d0c10b1c3436473c22d753a

SHA256
329d3b0ccd171c1872ba860293a6e68e714007e74ad00d66d6d6ebaa76e9f487

SHA512
4590ff6ddfbd6290306ba70dfa29c1aa166ea724af888335e8c3211e605e2aab84001ad8244d1cd6c7b35938ef9027e8bea16ee7c5cf50e07ab42dacb837b8a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55a1d0f492ca638df5b979f0e1f4a329

SHA1
8b924b0561cf65b095df98344fe24c78f6ea590c

SHA256
bd3bb9527993f3812f47ef5bb07de6cc988d7743c9b742d1371867109c5f1520

SHA512
8647ca1989612f2fb9c49e47783e5663ed326acf387596e0af7112ff9699a66deaf0e3bde354359fc383e3e6cd34f0de32295f5c82d31ba6cbd8286da7ddc243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f29d885d8e4295feac572988229116c

SHA1
81b3b223f451c0d01810ec6b4d1a8ecddff6fa3b

SHA256
ed971660f2313a1c34ec156485304ab3178043a4ee9680be2964e7bd60774e90

SHA512
fa8b747723ab90877f9ededd028b3b03f8b6c065241da24036836b31844efedb0a77c92ed54cd68ffca4f97c4a6f3d0ce0fbe6a43fec9e2d5e4f01a4d2d90f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06d5b29e119271e4c3f52367ca6cff03

SHA1
461193db2dd35d183c54b74b5a7223072d3a978d

SHA256
56443823771986475eca91a3eee6f8388bc82d0e30a6912b3baa5dd2e425776f

SHA512
db42abbfbfaae955811ec821a792747b72cdc5ec2b803eda9800b10f52c0b3f23d63c920bd7beeccd7a566a1f22642b88385b480dcba8b0ec649d6e8d95ec2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c7bc16f26cbce9576927907807aee5c

SHA1
b61ad922f9a378434604a474618d50bf0ff04f14

SHA256
dc01594789b74160617146eba063bf90ea1b8a8751a548023fd469ab7bf83204

SHA512
d8aaf2e3b2972ad50ea528432cd422c80f3889e61eebe8d4ff8cb7fe31e98240995ff28b1b4982774541ad280d0ca4ce0547750eb1893e6db6bdd2651b3e3103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46bb86ee8568003c46e965e2563736d0

SHA1
be9e837b8d8393f215f55a18213bcd1a43528511

SHA256
8d47e68eff85c2ca674da1e782c640def8c49908575d89b25f9fceafe46d0dc6

SHA512
90c18ab0002d4cf1d1c8640600d788dac07843b6e72ae52fa0b2e04cd4d76d04f24b8e2dd149889ae080b67cbc1a26233731ceaa710063456c907e9c1f71ac06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4bcf9bce9c5e08087caf3a1e40d96635

SHA1
d031cbedc1c4789fe1f7befe5e1f02ca1e1c3a30

SHA256
3d9310c9a1341e96aaf7dd27fca0155182e52b3d6efa4ebaeb213f19a4f02bda

SHA512
676326490007519dbb01577fb8e14a348834d5543d63a1f8f23de62adeed1ab6f4740fadf50fd42378869a16ec2fe8d15a8e055f09c5ac92af7dbaf31579e49b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dab315c526076efb0041865d466f599e

SHA1
925bff62e3ba91530251b518092ea5593a335b18

SHA256
338b70df910474fe506ec35fb4b8f87e9e3a47a65af6d5014af15df2078e565a

SHA512
deae6aa07e9dae9b8f6efa1615a1e4b5ab0070ed033e8052c79fefbbff7be3c47f309e361c76d695c9b8fb141adc8cac4753243f8d79e5f54cacd0e31a26b51d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae8256aa1d0e39c15f2453170ffb8b43

SHA1
06eb44171f5c79b62a842e1ffb3f1ca86208c5b2

SHA256
ead129b3c7bf62422afb21779f6778cf301ccdada29e80ed0c5492fa35c2b790

SHA512
f07d957eec4fc7c65cbc1f484a06c943d352bb56d45ace81073be4afa828903ac292c9a961c90884e9e67dd5db167eab578ec745861822215c48463759e7a089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9275317ad8a3ebb484f2168fa92a606b

SHA1
237d0f50ec4071f1aefe11f9b6e9061b3bc314d5

SHA256
4ae75dcc4f1741635af913a22e461ceb174962c522197900138a51026ec123a9

SHA512
e4cbbca44da5edbc5908a293333d740c6efb0b56d135e00713a95c052d946f8dd65272b5daea1ef7b85c40cb9d43f426b62645face7aa3d71e6c27f84d75cbb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d118fab4f94d198d899a46ee337f0175

SHA1
a955c01240409ec2be14c06283d5dc65928b36f6

SHA256
e8dce546875d4a17fd683cbb99e7d31b8c6d8fc559a6e5a2978c6de5565c045c

SHA512
9dd3c355da9ee9b6905a57ba2887c55be145407f14c3696c134dc8d60a978f9a33a86e113f7ae49ba6271af0087bc3051a4163d272388c6dcb409c441eb45a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc156a561136a34f71c475d4952045e9

SHA1
6f7c548e3ae87099e30927e6bfaf027f3caae1d5

SHA256
75d0bd433be7d2e0e774f66069630bd689a6cb663b7fa8b6af43e4833e5656ef

SHA512
36899536a364316bb3e53e761123a9dfb58308681d454be27e04d020d0783344d03c792a6d8c2b99aa0c158264a9c13b1652040dd958f72698fe5f71ca5793be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1362900d95b5a7902266ab8a78c94463

SHA1
7a018db6314fddbcc6843fcf83a1bc77d426b349

SHA256
19df5dfdd7a54fdb68492d019d5ae134391b0c97d54f0643ee8ee4690aa50a5a

SHA512
8fb20cf2977883a49f36e713087bf3ddad9fb7bedcd697b4bd483f1c602deef4ded28d8aa4b919a9ae75b8554d0212b8779e8268c284a01fd5b080f5bbfbfa34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c784d2b5a5f374ed37152433ac81148

SHA1
f979597f56a9ac40ee47036bb22f971c04f6961f

SHA256
0d7447e81f8a79f046ea45e8a14f1781ca803cc0621a978ea399f47d9d071da4

SHA512
acb3cfae38f3b8d816ff6152a6e74ff5188e204d13b64fe0c0317caa69c3ccc50e198a15fee014200937494328d120b7b9cc63c0926ce6a952024fb9c5a01a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19fb0432de7255cb1638ad14a969881d

SHA1
51803d7832bee026b508a47e3d002376e19c21ac

SHA256
fcbe482a6492c6c16aa1c70cecc3e8547f4fae50a23c05c719c38f80b06b55ba

SHA512
4e48e7617caa76278798a0afef230ef7a66bcf6a8079943effd7ae819bbc289f1801c7faee1fd20df50adbece9682d00277faa79cbc071e52ac4d72507114aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d863955590fe0baf5324390b540d1dde

SHA1
de2d3d69df5dd06b95d43dd26d0617a708c898d8

SHA256
db7d6ee435a9e80ebb0889ee0dfc9a466433ff82e02fffa1c9c5969b370bed90

SHA512
4f3815bf32c562c8694baaf2345a3366a825462aa5955196b4639768f17acd93e7c65ef56ad45d2ea48d0809ea9529b5543fcad8d53b6288da1d125f09d508bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7c5ed8ac9681f7bc2937b24d781ba373

SHA1
e95b024b07bc8e1e0998cf71cfdf9801952fda8b

SHA256
851d80df0d6fdd13e8c2d9c10d8ae91d5bee94fb63b4498c4ba7d345d6146ca1

SHA512
1cfe669abd2750dce61211b7a507a700c49c4f8e268b0a9c3e1985860e732615547a47351d60b14ce411be54b61d122b702af2c5474aba6b75168b998dce158b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
96B

MD5
d180645218059b17c46eba6680ba7d8b

SHA1
b61d4eba54783cf4fd691ce848abd07c65e46630

SHA256
8d19594251bdc97cca8998d6e2dcefb95611fb2a916c67af2ba4d3a752f94bfc

SHA512
b67c9e4b903b5d5021776fd01e36b4b1ee764ad34aab98a0187e124c3742b36f325301e173555a00c08eb0a06ad09d71b304174d8a0ce45efc21de735ec2ba9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57e7ef.TMP

Filesize
160B

MD5
0235d97b2909a628efe93d5e85f03d7e

SHA1
9772decf6064a86aa6f738151de1e39acffbf1cf

SHA256
524726d8f89aefcaa40e890e9fb299d1175119e7390f3733104b536a0b9d440d

SHA512
5f96a72d07809c5807772351a7363268ee5edfab45ffb689c18d0ac75451fc6aa4e1e59a8d301171e1234cbaca7593e7fc64784311c4f391926ab37752e5b685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
2bf2423f256489428108ebd15f264e4f

SHA1
d7ab406b609dd4be876cc79f21ce3a55ef002d6a

SHA256
81e5960026b3a1c7a4422e44b64a5ec4f9161ecf904bcda8652bf462951b16aa

SHA512
99223bce45050026fd32cf5707e1da0862a8f10f98b5f5afc17e8052deda0b121b720b2b1f25e9ab564dd9049905fb57d025659f9a2d38b9624097ed59f8da93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
47b1af383f8f4104b014af35191d8527

SHA1
70969a010d6b69d5bf8dd97556d46abd3d7f2471

SHA256
436eae7b1a508e21217117c26ad0ad2c8ed1585f51f46faa73d51d91def9daf2

SHA512
02ac4948da283cac3de2613df162188f5f5f14bf6073d54ebbde6f04cceaffa29a9b1f4ff9ba24322b10773398497a54bbbbf017bf1ad83c0ed4ce2d349bbd3c

Download Submit
C:\Users\Admin\Downloads\main.pyc

Filesize
10KB

MD5
54778181ff0e8ca15b8418c2f87911be

SHA1
6d2ffdd350ffb7d02db28658d2b821a0aa403b43

SHA256
d5cf7eed51920674a31c4d982073bb191be9bdd39d9a8b8c0ce9e9667feb06b0

SHA512
d8fb205bcd32f38f3472cbcba795a6ae1956fa9148ec6726b6dc0f5582a13cb6f4b847e648a163d1b23237be997050f6784fe928c253f8573da09055493f2bb2

Download Submit