96387c47c6899036e15950802758908bba52aa1b7d011ead5149aabf524a7e6f

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/10/2024, 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

File Explorer.vbs
Size

752B
MD5

745fb3e950667a4cce01355701dbd5c3
SHA1

19b0596d303c2a03f210b24b8e1a40a5fb36bd93
SHA256

96387c47c6899036e15950802758908bba52aa1b7d011ead5149aabf524a7e6f
SHA512

dfc5398654c97e757d344c8bf81563df5915e04743ce2613a6e67950f80f9334f47a6a4ac93dcacce50428427480f1c5ed0b17628bb724e9c9a4c37e2f5b84e7

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723593121813723"	chrome.exe

Modifies registry class 58 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000004ba13ecbede4da01130cf560f0e4da01856df760f0e4da0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\Registry\User\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\NotificationData	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\download.jpg:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2800	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 2456	4140	chrome.exe	81
PID 4140 wrote to memory of 2456	4140	chrome.exe	81
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 5108	4140	chrome.exe	82
PID 4140 wrote to memory of 3000	4140	chrome.exe	83
PID 4140 wrote to memory of 3000	4140	chrome.exe	83
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84
PID 4140 wrote to memory of 2768	4140	chrome.exe	84

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\File Explorer.vbs"
1⤵
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc65e7cc40,0x7ffc65e7cc4c,0x7ffc65e7cc58
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3060,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3592,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3596 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4296,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4292,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4240,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1300,i,4133790372677789359,6306591682633158729,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1896

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1636

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3316

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:2528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
37d5f72e1336f15e7916a429f4ebaba1

SHA1
2d218fe6ec852b957aa5164a61360862f229afad

SHA256
dbac1c844225b6baed34a050a1cfe11b5904e710c2d5be2ee98b85f8a1db34f1

SHA512
fb009a1e61c53626aa295de852735d67e0ad0ba21fe37a155a4aad3492013a402cff3af072ebcb3bc7e119b98901e1fb6eef509607f165b56e56c7904019e204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
336B

MD5
04288e02c43163793417991f1df170f6

SHA1
edafa08467a984e0c3a05c16c9be8c580949ed61

SHA256
1637b110d91d4f5119ff7519d311eb7b7e6b3cfde36046cbbf3cf59bffc19dd6

SHA512
9226665fe88773b37fb62decffec7cdfef2d36cac769032ea0c5c94df18bbcf84e096facd201d55f1f72d2c3fef6979f6c9c5a5689446389b86dbb2a07a6f693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
24452db48678e32b31506d57dab6bf76

SHA1
80b07d8253dcfc8c40f3aabe2159b0c9bba5d26b

SHA256
e487efe2d971973d6e79df343d395b7ff58a0d3038081efa3b55cb82dcadbe6f

SHA512
8e06baef2369960c6d0efcc399ff8e1efe340ef33982065cab9c82d6b08a233ae5f0b649b4792a9baff72515a2edfa1064092c067db7e1961743fa5ee8e3f4f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a187e77276316e1960d502bd94b3ee57

SHA1
4c73420d6d1f2f4dec78ffa8591079878be39c42

SHA256
ea3df8ab635ae6fe784d230e7f46d598ece3d6f6e76ee6fcb962af3c8cd8796c

SHA512
e515297294b9be4d62f69586bf075e3c7e42cbdd1d30c6fccc2387191391354a452e2ed83d18b84413e562f69f029084fe26ebc334b97787da805e11bcbe888e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
ab12f4904007f0ec049d876566c0cd19

SHA1
4cec2ed8838838dbb1fda41b05a25610e203556a

SHA256
7853f59d844825f63d8b1cf00e2ffa75ff1c65f652f7a7b068aef35c7533166f

SHA512
5f725cfd59619594a2cb21d563bd0c49050cbbff63534093f98d6ad41d8215bd26bbfc3a347499b73ae19b1c6d0f189580ed39b9a6c9f3e58e917de68bdd8ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f9a6ea600e5bc7428c3ae9ad36d70630

SHA1
b977ec915e0a3d29df9088b9ba333ad39284ff1e

SHA256
b5f869e08dd82a49e015b791007385bb578bb6a3ce1eb5e29a802df9bf07b380

SHA512
ee1123a6f904165287bf964aab20bdea5ad0774d1229147f4019e2b2f47fd5640a18bc7dfb35b59006c4b9ff166195897fc7046486ca82c8d4be74b971545aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1268f6df492733293c04ebc1b1d9a1e4

SHA1
da90972536d54b2350668f471811b8b2e53bc08b

SHA256
240c4bb62d1b104e9dc47fd879e212140e9458c02723a9a024744c0c82d97ea3

SHA512
321a823a22362d8c2b1c8d4ba448a27860f15233773f51d1e5506f24f4d29a3aaf246cf370c34b4d9b7b95c30dd14d2a29b8050bcd1c8fe1711cf329c75ed6c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
67db0544d64bb855a9f52112daf09078

SHA1
c7de324953b359cfab7ee253beb2c88d1dd4f510

SHA256
7906e7ec10b47992caa057f3ebe52a386ecc3aeb8bc4158319e8e560c0531bb8

SHA512
44f2879ad1824b9146b775ce4aeaecb0028b0e050b6f695ac16d1c923ba998c7969b14acede2781a275ead9c3b68c52b23ae0c3810a59ddaae697420c8164694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
b9ff8c09d0e8251991358dbda80a58ff

SHA1
c97eca7df085b5c866db7c0dc5dd80196756e041

SHA256
77476a77e2ee8866b889b29ba46c83d16e6f9d4fadc6dd2f021085529d383c61

SHA512
4241fae50269445333e9952bc7797e9e62a1cfc2961215f80134798db9ede7386dd903b47b0d731ae480509ca4b5b7b6a1b55d963e6b48631329897e880e7bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
9f35b668757fc05df6917a5d4def3c2e

SHA1
cd972353f33edca1361e5380fd33d4c318ae61e2

SHA256
895f86b342049ca44008c9aaad637a3f07517cd622237fd5b8ebbc22da179a58

SHA512
b1cb23242737b1eb6d927ece224ee49302acfb6cef37caac8fd398cf2163efeb277c6c751868a703ff17628fbd77edabc67d0987d287180359d1bd56732de321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3aacc49f993de05139b0d71adcc92651

SHA1
01147ea1fa5d8fec703fd8ec867da447cc54bf23

SHA256
ca0fd5fe6123cbedb878cdd248252aa72628094ec1460a16cf129fb04840f52a

SHA512
fe9778484ef90844f84b10c16e0f16366e1c5404912ba3735a67e7b2e533acab5ebfa9fb550824d837545e90559cc478ab454901aa96f150b27df699b2cad197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
657d5379f4ed8b04db46bf56cd321225

SHA1
dd557f816545a358a788544df49214dc46b29719

SHA256
92ba4a339d87834ebce925be90dc193dbfbc4f0a24222ed2950b6d0fc2e94f3b

SHA512
9f7d8b3bc3dd71bb2a66638677afa7a488ed861d30eced98766e8d1ba0465a8a167cb668f10efaba50e835b4f56f06ac4b59c4807f439535ec32e16142e4dbc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dbf741c10886b9e9188ac18330a77d10

SHA1
01848704e5622bb017d30c17f7b6bb4bf98c63cd

SHA256
5b64abc99e504495799e16c48516c76d45aaae1a5623de5c3d179839846dd2eb

SHA512
d2607dcf0f8443aa07e7efc5fa205ff44f930249437e0e51efaa9a9820766eac73beec326388550a86000f9caf2ae03ead401d890862f53c93b523026996fcff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36be8473c293aa8592852d1b77e04d0b

SHA1
6086d4cc0a4ba721d67be548a016ad0c1d7f2ca7

SHA256
f51d2ec6016e9af925cf129b919a0ceff401be7dbe93e98190db16a1b64feabb

SHA512
dd7adbe4b0efd1432233aaded149960670e4e1645b05ca518544af1468a010f3d9fb00a36d93b6be1509f7baaabed7fad6d97312b2cb2f5eeace41a56578dc10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2d042c2266d1e13832843db82d30c38

SHA1
14592c3be5bc73bfb4d84750b3c111884611d35c

SHA256
38bc9e5130e711e3ac353d625aed07046fab24371078272adea73327913c5539

SHA512
a06fe85fc04e82954add42471b051ef908c019066740e9953b058274446efdec65c7d80c7cb0fbcd5dc648ff7d684ebf7bb55d460c5ed046dab20df15398aa7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f31176e6a3388249c804ce41fd18e474

SHA1
3c8df7896bab979ecf53ee2331c8e435b3842c90

SHA256
0c3e4695b2bcf7ac7bf482759d5b155dde04d17fd9443128c366bd9a3068989a

SHA512
8f8362ab3ad22f05ba4b2658f83347ad8caee1049df4751453326c220f61d5ee3f05109ec9e6cc07f0304f9aa647a5fe0db44cd10f4d8f1b8b48d7e22c0a6334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c3f76638a2d65df023ce10580cab8d4

SHA1
86b52090aa617ab1bd2ed45fb07eb599c305e290

SHA256
5784230b669d74a9e2076ca4b8f78ace8ff2f362b02b2d057025e486c096762b

SHA512
e1040155393d29a6e03e7ae58e31ebaa41a4ec5fd25cc336bf40af62ea4a6dbe4c06ddda150d624c492a17228e0cf7f56c948ffaeee0817fdbdb5b7d4692a437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b46e607ea26bbeed722b4381ceb63a39

SHA1
f017fb8720c594509f91ccb313730a64a0179f48

SHA256
d14f2846990ed9d0b77eebe955554a7b5d1e52f967288deb543abf7267e05720

SHA512
b052125dfe6acbb5dfe932bc98f14722f1079a7f5599667690cff4199fa727499567aa1dac313ece715b26e30188c904af1238217495f4df60a37f91e2304ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ae2b6f592c842a28ff77e57b6167fd7

SHA1
d8bedcd317a384ff218203d741d8d114bac542a7

SHA256
334862f06d44cc981b58ee26788130b6ee5c5421a2f4b0107c5e37eb570bd969

SHA512
98f401f373a559276538a844245e98153deffcf68b8be559230d1cac5776643890428ed8ad4220a19d3212e7caefbb6739ba2977adc7b981012c65f4ec4c54bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4f238bf4b338b73c98378aa8bdfa82d1

SHA1
cc8058de886239a7b819c5f279e1bb122bef0884

SHA256
3a0a67e30a83f19254aac2e89883feda9207875489ed5483bbb93626041cff67

SHA512
74f024f9017c911691e2ab9447ecdf982a478cd2ecfa0b63c9e0581ae0c29a78c5873b63ebd4d19f3d722db18515eaeab89662975f8c598e4999c6d2a5f0b8d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
7615dc89687bb98a1cc58fcf43a49873

SHA1
ec62fd5bcb9648559fd3c9f387913f8ad087a4e5

SHA256
e5ed13a17f591fbd11c59487b541436ee69772af8b409ea2c501d136dbb2a516

SHA512
a39f551bfcc66a2609354f1a16618e39853fb1f60c85fa43d28c874fb45f92ff6c6784ea72d6e8845e6e972d234d4eaf36327c41f3ef915f4e41d9c7507c1a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
d14ff34d2000d3d0cf8f6cf7d04a72b3

SHA1
00b0430499bf7b2c3a4f7a9aaaca6c7ef1840677

SHA256
5d82cadbde7746718ad06c92f3be86174fe1de42aad40d010a81091ae6377cbe

SHA512
03bcc2a145c7c06d084dc5a863607ada23cb5f1137e069967deb2c0a4fcc7ae38049d4cd714130252ebe1fb4d09a8a52b3dd264c396bb5ce1a2b5512bd3f17a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
48957f81fffc0a5e127068c524b4947d

SHA1
4c5dcdeb847fe4c12df53b74f1845dd455e3290c

SHA256
4cee4cdf6eb2ab20f79bcffb0eb7a6b25fb2bc00706db6ae8149686556ebc6a1

SHA512
7ff9db782db804321ea3922d6758011642e6497739864590e0ed5d4cde7344087bc997b7c7c212e791104f312d0c8d08f6d612d7506eb0e1a3c6d2fb54268abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db

Filesize
24B

MD5
2dd3f3c33e7100ec0d4dbbca9774b044

SHA1
b254d47f2b9769f13b033cae2b0571d68d42e5eb

SHA256
5a00cc998e0d0285b729964afd20618cbaecfa7791fecdb843b535491a83ae21

SHA512
c719d8c54a3a749a41b8fc430405db7fcde829c150f27c89015793ca06018ad9d6833f20ab7e0cfda99e16322b52a19c080e8c618f996fc8923488819e6e14bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
a2d47b482c95a1eb077b65cc0ec90d62

SHA1
4d2bb52332b1f9b0d1ea7143f983f75f6ce2d382

SHA256
48774124009c5ae565bce8709411baadd9bbb378c14205e6662b1217a4fbea6f

SHA512
827c4242977f983a622e68ff8f78346c11b007827041bea52dbd9f27a587977517221ff8d48c717352d47f7e92b179f72fdfd8ca90d47c798312beca668c6a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db

Filesize
24B

MD5
635e15cb045ff4cf0e6a31c827225767

SHA1
f1eaaa628678441481309261fabc9d155c0dd6cb

SHA256
67219e5ad98a31e8fa8593323cd2024c1ca54d65985d895e8830ae356c7bdf1d

SHA512
81172ae72153b24391c19556982a316e16e638f5322b11569d76b28e154250d0d2f31e83e9e832180e34add0d63b24d36dd8a0cee80e8b46d96639bff811fa58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db

Filesize
24B

MD5
f6b463be7b50f3cc5d911b76002a6b36

SHA1
c94920d1e0207b0f53d623a96f48d635314924d2

SHA256
16e4d1b41517b48ce562349e3895013c6d6a0df4fcffc2da752498e33c4d9078

SHA512
4d155dfedd3d44edfbbe7ac84d3e81141d4bb665399c2a5cf01605c24bd12e6faf87bb5b666ea392e1b246005dfabde2208ed515cd612d34bac7f965fd6cc57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db

Filesize
24B

MD5
2d84ad5cfdf57bd4e3656bcfd9a864ea

SHA1
b7b82e72891e16d837a54f94960f9b3c83dc5552

SHA256
d241584a3fd4a91976fafd5ec427e88f6e60998954dec39e388af88316af3552

SHA512
0d9bc1ee51a4fb91b24e37f85afbf88376c88345483d686c6cff84066544287c98534aa701d7d4d52e53f10a3bea73ee8bc38d18425fde6d66352f8b76c0cbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

Filesize
1024KB

MD5
0a91dc24b284b6d4410f56d095c349fb

SHA1
8dc8f5d0e210dd583bfee1d2c674df25edafb54b

SHA256
9932f0b41e016e55b0bcf159de0144f8747851e3c11ef472cb23c0afaf9b2c94

SHA512
f413d367c7b6c1299fb2ed628c46abedc28b56ee3a5666ac9a863e958061860678a0b056f3e34941dd48d60ecbd102d2412adf864928f236c7be7ffd65713149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db

Filesize
24B

MD5
ae6fbded57f9f7d048b95468ddee47ca

SHA1
c4473ea845be2fb5d28a61efd72f19d74d5fc82e

SHA256
d3c9d1ff7b54b653c6a1125cac49f52070338a2dd271817bba8853e99c0f33a9

SHA512
f119d5ad9162f0f5d376e03a9ea15e30658780e18dd86e81812dda8ddf59addd1daa0706b2f5486df8f17429c2c60aa05d4f041a2082fd2ec6ea8cc9469fade3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db

Filesize
24B

MD5
d192f7c343602d02e3e020807707006e

SHA1
82259c6cb5b1f31cc2079a083bc93c726bfc4fbf

SHA256
bb4d233c90bdbee6ef83e40bff1149ea884efa790b3bef496164df6f90297c48

SHA512
aec90cf52646b5b0ef00ceb2a8d739befe456d08551c031e8dec6e1f549a6535c1870adb62eec0a292787ae6a7876388dd1b2c884cba8cc6e2d7993790102f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db

Filesize
24B

MD5
2a8875d2af46255db8324aad9687d0b7

SHA1
7a066fa7b69fb5450c26a1718b79ad27a9021ca9

SHA256
54097cccae0cfce5608466ba5a5ca2a3dfeac536964eec532540f3b837f5a7c7

SHA512
2c39f05a4dffd30800bb7fbb3ff2018cf4cc96398460b7492f05ce6afd59079fd6e3eb7c4f8384a35a954a22b4934c162a38534ad76cfb2fd772bcf10e211f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db

Filesize
24B

MD5
f732bf1006b6529cffba2b9f50c4b07f

SHA1
d3e8d4af812bbc4f4013c53c4ffab992d1d714e3

SHA256
77739084a27cb320f208ac1927d3d9c3cac42748dbdf6229684ef18352d95067

SHA512
064d56217aeb2980a3bfaa1e252404613624d600c3a08b5cf0adcb259596a1c60ee903fdc2650972785e5ae9b7b51890ded01ec4da7b4de94ebda08aeaf662df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db

Filesize
24B

MD5
fc94fe7bd3975e75cefad79f5908f7b3

SHA1
78e7da8d08e8898e956521d3b1babbf6524e1dca

SHA256
ee1ed3b49720b22d5fda63d3c46d62a96ca8838c76ab2d2f580b1e7745521aa5

SHA512
4ceaf9021b30734f4ce8b4d4a057539472e68c0add199cf9c3d1c1c95320da3884caf46943fc9f7281607ab7fa6476027860ebed8bbaa9c44b3f4056b5e074d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
62aaa63ac5a9bcee87955d17b4e1ef94

SHA1
8210eba09d74122437b977a489b689e35eb3abe3

SHA256
8a9c04b3a92be99a0ac5bb45fc85d0506530b821ee46403f11e59c0fde2aad9f

SHA512
ed22d30021aed0737fbe75db20f52b4bc33db5630855276022cd9e5f4465f388aa91a500425190f41280896f062f4bbe2e6f8af7e40d54029b6181251d46da2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
905f5db07c89453603f817ad8d0ed963

SHA1
d7865bc99b06962bcf0047d39091f3656c9ff454

SHA256
677f522e3bfd9bea7582e49a2f89264d3208e70b4d54788d6576e6f0f55cf35f

SHA512
3d618a5b2bc4f586ad010f67145ed0126dc140ab5294774b9ef05873b6817bba0ba34119fa908fb83759db65e578656187f2a63cd6875c489d80d3dbf83d8d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db

Filesize
24B

MD5
379523b9f5d5b954e719b664846dbf8f

SHA1
930823ec80b85edd22baf555cad21cdf48f066aa

SHA256
3c9002caedf0c007134a7e632c72588945a4892b6d7ad3977224a6a5a7457bf4

SHA512
eca44de86bbc3309fa6eab400154d123dcd97dc1db79554ce58ce2426854197e2365f5eee42bac6e6e9455561b206f592e159ef82faf229212864894e6021e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db

Filesize
24B

MD5
5f243bf7cc0a348b6d31460a91173e71

SHA1
5696b34625f027ec01765fc2be49efcfd882bf8e

SHA256
1b1aed169f2acfae4cf230701bda91229cb582ff2ce29a413c5b8fe3b890d289

SHA512
9e08dfbbf20668b86df696a0d5969e04e6ee4a67e997ff392099bc7ff184b1b8965502215744be7fe423668b69099242bba54df3f0bfe4e70acdc7cad8195b02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db

Filesize
24B

MD5
db7c049e5e4e336d76d5a744c28c54c8

SHA1
a4db9c8586b9e4fa24416eb0d00f06a9ebd16b02

SHA256
e8830e7ac4088cf3dd464caec33a0035d966a7de5ae4efc3580d59a41916ff7b

SHA512
b614037fb1c7d19d704bf15f355672114d25080223e7ee4424ad2cb7b89782219e7877b373bbc7fa44f3ad8df8a27eef4e8ccc765d44ec02a61e3b7fae88ae69

Download Submit
C:\Users\Admin\Desktop\download.jpg:Zone.Identifier

Filesize
63B

MD5
3f55ad397f5ba51793e4524732599f8f

SHA1
26802f09509a766776339fca1c46138efde86e62

SHA256
ee74ec74ed2c3496f083d74aabe9ac2907ed3a1e51b694f725c1e643092076e0

SHA512
eb2fcbf31e9683accc0e7305f1e809058bc88b4f40e14d3eb0c06bd002eca2e04466356f19228a5a5a770b7b4419b945684ad913d3fa34af3ff02986bd0eaea6

Download Submit