hxxps://drive[.]google[.]com/drive/folders/1iIMytE-7ppBVmDPG_-u05F1GISysa9qm?usp=sharing

Resubmissions

02-09-2024 00:12

240902-ahjhxswhmd 6

Analysis

max time kernel
255s
max time network
253s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-09-2024 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1iIMytE-7ppBVmDPG_-u05F1GISysa9qm?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PresentationHost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 42 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "817120472"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000074472bebe7af3a46942426e1e277b42a00000000020000000000106600000001000020000000a7d24ce581a686aff9b399769fea7cedee8b6725580563705482bdc17cb1919b000000000e8000000002000020000000584e9ea3a6624aac5b88c348e36f91ad79cc9e1a77b28909e172599805bdfb6720000000f93ac899632fea994eae6350c0f8f455816b8f5a4bae2da59884e5894c14d38b40000000a0834f44b6d98b7d899fa43c1ad966ad9381608f1bc4994beeed8a30920f99ffb5121ee6d95b1055c979bdf64202b157e70e548a5b80bd20fe12bc419335e3d0	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432001060"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30cfc831cdfcda01	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000074472bebe7af3a46942426e1e277b42a00000000020000000000106600000001000020000000a807ff64d5416e603eb33dc1a3fab2d5488477bae127e56560f271dae6e7f5a8000000000e8000000002000020000000e3f3bbf535501d11976756faeed89e4888e0fd28860d30a7ad9e4033265e9f0920000000a6142dd0d151adce5989282e023b84190eeb175944b487b1ac32c6638f8c59bb400000005e21f462cfb86cb8d273f3350700cfda160dd16f7e10b58f31533dec68dad372b0f661a11d519ebee4244de75450b8d2f4eae6b49471e78faa4bbd17cb06fe34	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "812901626"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2019cb31cdfcda01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "812745663"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5C095553-68C0-11EF-9912-D20DFB866B4D} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31128781"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31128781"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31128781"	IEXPLORE.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697095852328005"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3952	chrome.exe
3952	chrome.exe
1756	msedge.exe
1756	msedge.exe
624	msedge.exe
624	msedge.exe
4064	identity_helper.exe
4064	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
1992	IEXPLORE.EXE
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1992	IEXPLORE.EXE
1992	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3952 wrote to memory of 2792	3952	chrome.exe	83
PID 3952 wrote to memory of 2792	3952	chrome.exe	83
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 1552	3952	chrome.exe	84
PID 3952 wrote to memory of 2144	3952	chrome.exe	85
PID 3952 wrote to memory of 2144	3952	chrome.exe	85
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86
PID 3952 wrote to memory of 4416	3952	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1iIMytE-7ppBVmDPG_-u05F1GISysa9qm?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7ffbf519cc40,0x7ffbf519cc4c,0x7ffbf519cc58
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,365909370578937855,7026334115856820248,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,365909370578937855,7026334115856820248,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,365909370578937855,7026334115856820248,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1216 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,365909370578937855,7026334115856820248,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,365909370578937855,7026334115856820248,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,365909370578937855,7026334115856820248,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,365909370578937855,7026334115856820248,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,365909370578937855,7026334115856820248,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:436

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1008

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3680

C:\Windows\System32\PresentationHost.exe
"C:\Windows\System32\PresentationHost.exe" "C:\Users\Admin\Desktop\Infinity V3-20240902T001344Z-001\Infinity V3\App.xaml"
1⤵
PID:4512
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Users\Admin\Desktop\Infinity V3-20240902T001344Z-001\Infinity V3\App.xaml
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1992
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:17410 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2820

C:\Windows\SysWOW64\PresentationHost.exe
C:\Windows\SysWOW64\PresentationHost.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:2352

C:\Users\Admin\Desktop\Infinity V3-20240902T001344Z-001\Infinity V3\bin\Debug\net8.0-windows\Infinity V3.exe
"C:\Users\Admin\Desktop\Infinity V3-20240902T001344Z-001\Infinity V3\bin\Debug\net8.0-windows\Infinity V3.exe"
1⤵
PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://infinityv3webkey.netlify.app/?key=bFz2SXYDw0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbe21146f8,0x7ffbe2114708,0x7ffbe2114718
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
    3⤵
    PID:4308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
    3⤵
    PID:3056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:2984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
    3⤵
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
    3⤵
    PID:1948
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
    3⤵
    PID:3480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
    3⤵
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
    3⤵
    PID:3292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,18035808868412190290,11722135626503473290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
    3⤵
    PID:848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
1c7226fea3dc2059287a4a2ae7519102

SHA1
ddf68a29afc928251f9743341d5fe0be207479ad

SHA256
ccaab5444ee41ed3c94268a55693fe4157f72e980d2dc3687ac98bab1a265396

SHA512
b646d2a7d9d8fbc5846f8ecc8a69e7913c603cbad1a488f24b75a0e371e3e367c596dc3fbae2ebbfb486e17b5f248ee4c47d34c6b5e7cdd7cc387d184e8366e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
aeaf99a7059654167f51ce555f443130

SHA1
869ee2fcf05e935df6bec45eb67373a5b69d862e

SHA256
1eba0c48be6bf90c0cb8418e759306597dbb845fb64fe7bc31b985bc5ce77dd7

SHA512
f5ca61091d5a2c4b64ece69da9c56c49fda099632710f591b3dfb75cacbf3ba9c0f63dfbf953f93f681b0b95396329b913877ce9cbaaf3293278f0447c61850a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
eabab3d4ccfd45e0751aec05770b44be

SHA1
1d8f0a79220b39ac1c19ac6932ca1ad30c00c284

SHA256
dbd77835a3220094445bf36c3f3b72efcc6acb7147e21c47bd8fd43bbe72d624

SHA512
ec3ab28303bf83c02b185523c4cf9551351c3f59f224add6bd97fab8c4968bf245f48db50daae38a5b9bc142216ef7840217aa60e89f065ff9d6678ea04593f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
6dcb016ba06e63714a0a12151bb16eb2

SHA1
9bb13d7fd87ed5b7fa8a2e6e4c3f6487cc693bf8

SHA256
a989447322d05d01d93f2ce665f00c3df2c77880e260f2562ceadfe1543050bc

SHA512
e6a0f4f3e1283cd65efcde3bff17638d151c6d51f46faf048ba5fb028e350b6b3a8a9664eddd35a5f3cfff026cb06c23dcb87e666ba978ba322b2386ddac5347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
08d3f0e15eca9b28a2a819d9bb8c5f75

SHA1
d5a8984dff9634ba40efd607366af4213cf54b72

SHA256
fdb4d5353e166f369753065e82ff61c82e479b980b52b1ed9b2aef0212d88c4f

SHA512
15dd31b3f23d88bd5420410ecda114ebe3243ad325f9ab4c2ab87bc14a32a077f99f3fc79da71ac9a1ae6207eb18b974e4b7ed45221d62decc1dff523e6fb0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
0bcd8e9ff3c06247be2fe5ed6a96b44e

SHA1
91b8cf62bd22ba65d227867963151e4e6177e8a9

SHA256
d975afdb06b24d0c3ef8334ebdc81cab027e63ef751a707908ce3397fdebd089

SHA512
b662d80ddafb14b30cf31ee203594f73f5ca2b9c681cdbce1660d77dace7d406a86a05bb39991d5921373590ef759ef8de1192dde6551fdc654dbf9286c008c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
d2bec72c0888a371e24fec628adf366d

SHA1
284bc4ebbf48257f762146445113154cbace208a

SHA256
e78b2e6bd5335c924fb225cd42261ed3b86289c26d2427637dc4f07e702a25af

SHA512
f16478c22b5ac6cc0cba006a41bfc3b6c22a4c907b86c35407c0d78cadfad57890fdc1eea142b5d33e087ae1e5eb43b5c902ac5b2a725816424fdc3d822ab276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6232c83562ad143e0622b553938a765f

SHA1
fb3cd806de379e59043d5136f369e8fee5e5e224

SHA256
8693f90a0a986bf78e039cc63c63290a268831b3d22f870aed5fa229f86844d7

SHA512
7ce91a617cb9fefc66a5aa552566579d557911c0ba45bf37b47d3f257cd891d11ead3af3c68f0ac45af4ef231218e88c92eb6767053c6b88a80e9b1aa9e7d7d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
29bb5c2a48c05f9fd95c1ea891da8241

SHA1
13b098aa543e5b5f233b9c63ac0fae24a5f67ac3

SHA256
2b2d45cacba7540b7960979a396e77ace9c84629267446daffa177e87765a4d7

SHA512
d0be51a20afdd7d624e6664dd1e06473d7f98d8fdf73a9f3067a251ae81c523a85bc4099de9c5179067ab4bfa1ddd39f72267b87bb9048e6f769250aa9a23a77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
59bbbeb936a8513d6e22a23606cb6179

SHA1
77b015d077545ce03975204ffa78645968bcecf9

SHA256
7dc6517cfb2788a8a8eb463a482d9b49b956b63bd6da763079e901109572081e

SHA512
921100117b962de1fd5fb28a2f6551beef39dd232cd02922a4ccba4dc704dde4349d749dd69d0556653d257007c636e99fdc82113f28246ce739858e63b046af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0e5763979551c29d7f68740b20c9b4e6

SHA1
93def25c8fa29d2c0386ff61491ab1626431c121

SHA256
8557976cab485a12d2a4ede9004bb50c9bf57797074a26d5c8daa54b6e0389f5

SHA512
d9b6b521ca9233527072910121b02d6c108c361762ee10942018222789f7f1d72f91ea14e7906c96582d1df0e9fde1dbb46b07c8be9be03955d70d338d18aac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
070379a7898bfda871296b26948c9788

SHA1
6e9e7085a1a8badd3e99188eac4a18f7ca326642

SHA256
dc54c3cf0c584cae5c4bc54b16dc0032bfdf254084c15ba18c4956547544eca4

SHA512
fa78d42b84f4d1154de74829716c69179bb91ec8281e714c37266114226ee56ed1a61159101bfed2ce40a0a68c731e79fa2e36539f809ac1140427aafdeaab85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d1e516f8-716c-4a3e-b567-5440a473aa12.tmp

Filesize
1KB

MD5
de1d272000ce58f5cddab5b5adb4acfd

SHA1
f9f451f942456bfefdee69fd8f3bf215dec74d6b

SHA256
217a8e0ee998563f26ad90715d7862fb85eb5f4244efbfeed5494f116ce0de30

SHA512
a4b8c3a8032f079b54224a15ad8dac299e127242ca4f0f0d1017482dc70a2ee11b5075c9f85362779d2ff844837c77972a3e4e5f73416817b5b9d1e13dd2043a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
703a3d5c5eb79f0aeda4e24d4229c001

SHA1
9b5a1d32c00f8e0bdc73a45525379a31ac98fa06

SHA256
3ca40c56503e91816fcb3fb401347f49cba327113940c2f25e12585ae619cf23

SHA512
36514af03df87634528bc1890c3abdf5805411da27b7a9ae58c30458d28f2e879cef7cd792ba57e0049b6762668c842c061ac89bd06022eb28ca72cdacc6686c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
03cd1114359e6bca7d887883b1d63cba

SHA1
0524ad99424f251097740f79c8e7b2af100985d7

SHA256
a0e6195dc764b9b90ad2f6ed88931865d67d557cb294d31cce904f91f0d173f5

SHA512
097099eafbbd5e2963019b20d06513b41100a4f75781a5d0f79d74c5e9e0dfe96f88ca23b1aabc5bad7ad0e13f95ab62e8a0d65d52d4038f4c0759cbf708931f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f3eaca024c5e23f7cb32f521bcfe3645

SHA1
f87d941cfd089829696288434d88e7be1dbf4a0b

SHA256
3a8fb852169a54b9ddb1e1307f379302c558f6672bae02cd52452a1e4b5eeb22

SHA512
25636a4d09543d5360e3e0f3c059e872b3e4c3a86741efe534dc7e3be3537a538f2921d95001f5af69863da377995811b2e1d3f4131758d9351f0d81ead9091e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a3a2c5a3df7b77e0089a33dbf5e12a1

SHA1
146b8c8123cb016b87f821b88e10959b594fbab3

SHA256
0b57ae6d151709aba503be5923cd443b14d6fb346a095a5cb2bc6a4cbbd971b8

SHA512
b6e638cf129479beb15f85efb8a3e7acfc17a142912c94b84fc7091426d7acc0f7972f182579b132f699c13499de6e28062b29461c4205a43a95fd99a9a28195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\16.png

Filesize
566B

MD5
b3b099003f605d552145790cf1b71e00

SHA1
6dc54b1268536935e9ac96a27c34c03aa1a1eccb

SHA256
1d1113f78a60a4702db32f106598883cb864cd273a708ee292dd6003e3cc8d4b

SHA512
d078de028160ea917c24ccbda0b74a8374a2153c7bd1f5a108710b102d64f0ffdc57caefe2979153a8d42d2e8d7a85089680bfae9f4facaaf048d8d93494d5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3952_69460305\Icons\128.png

Filesize
7KB

MD5
8eec20e27dd654525e8f611ffcab2802

SHA1
557ba23b84213121f7746d013b91fe6c1fc0d52a

SHA256
dc4598a0e6de95fae32161fd8d4794d8ee3233ab31ba5818dfbe57f4f2253103

SHA512
b19d628a7d92a6ec026e972f690bf60f45cbab18fc3e6ab54a379d8f338da95e2964ecdc5e2bb76713f5d3ab2ced96766921e3b517036e832148d1fe5fe8aa6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1c2a578f6a4822ffb653f5d544a96515

SHA1
b47937550617db84fbf615667e6cdc925a138aed

SHA256
f31e1f21b4d70b5e51aafa83c74eeb6703dbc112248f347bbb0c0b1d337a49da

SHA512
78a3adf9b6f41c8b70bb7fba06ffc503a776605e9026edafd0c88df2e693a635c9838a1ec333955d9b67ab2ff8c9bedc86061ffa8e377fe1d926cffd89572e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6e68ffa2eaff8d950214ec49ea4fa1af

SHA1
838eba0845c96ba30adc45bcf1870b18532227d6

SHA256
b897907b38b433b5d2399c24a5c68989eb3b478a92842d6075e3cb2fe5406c5c

SHA512
06d88675858e18b910d928a4fa74a7202a4537fcc6d5c0ba9f1a2893d149027dcab891eb88d1059f276d584b817f46fb53c3312e1a4ffe9e563352698051990a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
091902da3b495acf17735fcd43904b32

SHA1
546678184b689a4b60c997f220ed3084f2c6d4b2

SHA256
8ccda5694d06570f2ee54a676e60fcc7a7ce5eb5460dde35780130c0666ecb8b

SHA512
65fb5a0e6e77f106a24c2bbf016cf1d15185ba2e666973f5f64ba8a88a3cc8626b756e97bb81f13f7d2359230fd34a4cd39ee7067f81ccf327b64bfeb65e2005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
196B

MD5
26cf90df45bad646739532ce404beb18

SHA1
57c1903547d8e30ef655bfbb02b0449042380684

SHA256
581ba26cf3e48e939f1a7aa89a75b580662ce732d8916d04eab9d2aec50e89ff

SHA512
45fa96b7b8833a2a37540604969b68be867c6923fb68d5331a5cbde8392bbd75a6c63b2dde427588afe0ae18dda5dbe856809636952ba91f75ba78d93b404518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5417721e21c036b9a54045ff5a0cbf1e

SHA1
6fbb20e7f8d8dea3ba27d5153e3ca8266b6bc91a

SHA256
db4face380c8b7e89d27368c53d4701df503967c6f61920798f67d0ce2756a54

SHA512
9845caca9f07e6c82fae49b195ed329a7d9d0344edea3171d3e215be4837d67b7dac734b7da5a588994f0befa80161c5ad8669a92f370c048edd1dab166c6bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce48a8158b46a7c96c4982393f3faa5a

SHA1
b0a734cccc191e8008246dd40574e4f7ae6f8dfe

SHA256
ae2f959ffc2746cc756b6dd76667de90658a6c63a06d1b22956be87ff3168d0d

SHA512
7e4b77919b86fd50b0678649e086bc019a3867d144cd66f6e745c4d5a8753f360955c4d7a8b77748d0ef54bc7d332b7e06aea8243a7f59aed840ba04ae35e79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82127f97e56896b96a549a798bb8b3a5

SHA1
7a1dad9a60f094b6ff218e52f1eb8f95d530c766

SHA256
4633356bf273c22d080cf1793a8306d48e26a52d0b4b3c816d58a99ab5cc4969

SHA512
e33152128f18f63e28b34e3ca32b5a2389a510c83e7a97a477a335bc5bc12f16fb82ad0245ad5ebc4b39b402b2973333fe5bee96736635e7e94cdf5d9731538d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9605e48f42f71355f7e5d4f9042f560b

SHA1
f7b6a1d04b022753d7c12e86f73b6d9d7faa7245

SHA256
283d248a2f5798fed86b627e9777fb99bab198895148edb22567a93b8b96fbb6

SHA512
cd50355ce900183e4194834616efa09059a782dab396d2d7d4bbca7a37cfdf9edb4be3161e69c05cdbfe173f1a03a03a0b27fe1097c214607efe2a90002d4fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a2a18e56d6c48d8a1c02785729411684

SHA1
f604cf8bef5a5aa84db78b9e6ff85572b1b09868

SHA256
a4ca07d537a98e8d2239eac66c81fd50fd1695acd9b609cef648da8de2f24b07

SHA512
f117a08b0b2384b7282363db0c295d34a103051977eb1461f180af8805c0ff5ab9bbb79426208f6cb101962b0050e43af564118d93c941f2b4a550ef9b3dc563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2c18bc929bcc7c307ee2602fa574de9a

SHA1
a9aabbe96da6dc7fe3e8b56defe64d7f974a0d65

SHA256
8aa4036d9b934ccf3b164582f4dff15401c5a85f4cdf7eeffc2ff07a205d638e

SHA512
e886cf30558f0881f584c9ce876db3168b53999e7e76a6e6493bfad76d61688331b8831eeab84169f7ffd0614fa53b9aee35ed3816a45a945851e3018b158739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4329235D\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\Downloads\Infinity V3-20240902T001344Z-001.zip.crdownload

Filesize
2.7MB

MD5
2972de8b1e5dd27a8987e0624a5c1e1a

SHA1
d99189233a3c0062ef922b2fd21827912916c8ef

SHA256
9a7fdabc29c33d98a6dd608f62415973ffca57e84adc005edd1aa6335ff9c5ec

SHA512
e376e05edf9441b26e3707609c733b68ea9e1141fa97f4f578ba7347ea35c3b59fc1aba67a817418736b72f23415fe743b5984052d41c53957448c75edf7b7f4

Download Submit
memory/2352-389-0x0000000037A90000-0x0000000037AA0000-memory.dmp

Filesize
64KB

Download
memory/2352-395-0x0000000007B50000-0x0000000007B5E000-memory.dmp

Filesize
56KB

Download
memory/2352-394-0x0000000007B70000-0x0000000007BA8000-memory.dmp

Filesize
224KB

Download
memory/2352-393-0x0000000002C20000-0x0000000002C28000-memory.dmp

Filesize
32KB

Download
memory/2352-392-0x0000000005140000-0x00000000051D2000-memory.dmp

Filesize
584KB

Download
memory/2352-391-0x0000000005060000-0x0000000005068000-memory.dmp

Filesize
32KB

Download
memory/2352-390-0x0000000037A90000-0x0000000037AA0000-memory.dmp

Filesize
64KB

Download
memory/4512-388-0x00007FFBBFCA0000-0x00007FFBBFCB0000-memory.dmp

Filesize
64KB

Download