xenorat | hxxps://gofile[.]io/d/oOpyqm

Analysis

max time kernel
231s
max time network
233s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
25/11/2024, 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/oOpyqm

Score

10^/10

xenorat defense_evasion discovery persistence rat trojan

Malware Config

Extracted

Family

xenorat

162.33.179.3

Mutex

Lethal_cheats

Attributes

delay
5000
install_path
temp
port
4444
startup_name
nothingset

Signatures

Detect XenoRat Payload 3 IoCs

resource	yara_rule
behavioral1/files/0x002200000002aaa5-94.dat	family_xenorat
behavioral1/memory/3636-106-0x0000000000E80000-0x0000000000EFC000-memory.dmp	family_xenorat
behavioral1/memory/2744-159-0x0000000006300000-0x0000000006312000-memory.dmp	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Xenorat family
xenorat

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3636	client.exe
2744	client.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	explorer.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrmstp.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	chrmstp.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	chrmstp.exe
File opened for modification	C:\Windows\SystemTemp	chrmstp.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	chrmstp.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\client.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Checks SCSI registry key(s) 3 TTPs 22 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities	explorer.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\TypedURLs	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133769743954786228"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000100000002000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e8070a00420061007200510065007600690072000a00410062006700200066007600740061007200710020007600610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000088724671af18db0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{1BCA1FC4-DBA7-4061-9603-219B74BE966C}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000003007a318af18db016562d79eb618db015feaa3c3df3edb0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133727754330492280"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrmstp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\XenoManager\client.exe\:Zone.Identifier:$DATA	client.exe
File opened for modification	C:\Users\Admin\Downloads\client.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1524	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe
2744	client.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4032	chrome.exe
1524	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
1524	explorer.exe
1524	explorer.exe
4044	rundll32.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe

Suspicious use of SendNotifyMessage 43 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe
1524	explorer.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4032	chrome.exe
880	StartMenuExperienceHost.exe
1524	explorer.exe
1524	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 1976	4588	chrome.exe	79
PID 4588 wrote to memory of 1976	4588	chrome.exe	79
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3040	4588	chrome.exe	80
PID 4588 wrote to memory of 3912	4588	chrome.exe	81
PID 4588 wrote to memory of 3912	4588	chrome.exe	81
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82
PID 4588 wrote to memory of 4080	4588	chrome.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/oOpyqm
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4ed2cc40,0x7ffb4ed2cc4c,0x7ffb4ed2cc58
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3400,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3280,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4960,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4804,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4400,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4532,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3456
- C:\Users\Admin\Downloads\client.exe
  "C:\Users\Admin\Downloads\client.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:3636
- - C:\Users\Admin\AppData\Local\Temp\XenoManager\client.exe
    "C:\Users\Admin\AppData\Local\Temp\XenoManager\client.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2744
  - - C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Drops desktop.ini file(s)
      Enumerates connected drives
      Checks SCSI registry key(s)
      Modifies Internet Explorer settings
      Modifies registry class
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:1524
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\System32\rundll32.exe shell32.dll,#61
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      PID:4044
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\ChromeAutomationData
      4⤵
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      PID:5352
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\ChromeAutomationData /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ChromeAutomationData\Crashpad --metrics-dir=C:\ChromeAutomationData --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x130,0x134,0x138,0x10c,0x13c,0x7ffb4ed2cc40,0x7ffb4ed2cc4c,0x7ffb4ed2cc58
        5⤵
        
        PID:4736
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2236,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:2
        5⤵
        
        PID:4564
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=1796,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:3
        5⤵
        
        PID:5160
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=1784,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:8
        5⤵
        
        PID:5364
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2768,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=2828 /prefetch:1
        5⤵
        
        PID:3156
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2832,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=2856 /prefetch:1
        5⤵
        
        PID:4016
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --extension-process --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3376,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:2
        5⤵
        
        PID:5728
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --extension-process --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3520,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:2
        5⤵
        
        PID:5860
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4024,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4056 /prefetch:1
        5⤵
        
        PID:5936
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=4108,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=3700 /prefetch:8
        5⤵
        
        PID:5308
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=4332,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:8
        5⤵
        
        PID:6112
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4404,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:1
        5⤵
        
        PID:6120
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4424,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:1
        5⤵
        
        PID:5216
    - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
        5⤵
        Drops file in Windows directory
        
        PID:5840
      - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff762234698,0x7ff7622346a4,0x7ff7622346b0
        6⤵
        Drops file in Windows directory
        
        PID:5304
      - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\initial_preferences" --create-shortcuts=1 --install-level=0
        6⤵
        Drops file in Windows directory
        Modifies registry class
        
        PID:2308
        
        C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff762234698,0x7ff7622346a4,0x7ff7622346b0
        7⤵
        Drops file in Windows directory
        
        PID:4712
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4396,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:1
        5⤵
        
        PID:5240
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=4336,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:8
        5⤵
        
        PID:5420
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4492,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:1
        5⤵
        
        PID:5780
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4732,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4452 /prefetch:1
        5⤵
        
        PID:5216
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=4500,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4660 /prefetch:8
        5⤵
        
        PID:5236
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4720,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=3904 /prefetch:1
        5⤵
        
        PID:5328
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4408,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4452 /prefetch:1
        5⤵
        
        PID:1964
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=4536,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:8
        5⤵
        
        PID:5200
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=4488,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4656 /prefetch:8
        5⤵
        
        PID:6100
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --extension-process --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4360,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=4056 /prefetch:2
        5⤵
        
        PID:2116
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3532,i,7977599940074034637,18093432408623500793,262144 --variations-seed-version --mojo-platform-channel-handle=3208 /prefetch:1
        5⤵
        
        PID:2516
  - - C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      4⤵
      Modifies registry class
      PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4868,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5276,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=736,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5244,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5272,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5924,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=976,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5592,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6000,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5052,i,10031983020660800678,13143125327370212603,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3716

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2672

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1412

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:880

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3304

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ChromeAutomationData\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7667f20ba08c21d4a12285ea06fe8f8b

SHA1
82e79f92af3157d99b86b9d867a8e43e4140e619

SHA256
a81c161d431c81bd52b7ee3f436eec44ac638b2a051bf198b8c1b3eb336d8c83

SHA512
f136ecfebe629780b9d7f0241dc2d0d8c2267db27b944eeaeb08e71310dcbf22eae745716820271cbfe8dfecaab5687308a082af60861ea20134edf3dacdecf5

Download Submit
C:\ChromeAutomationData\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5ceb12a762bf51564b8fba4b2f3ceb22

SHA1
ce1a7f6c85fb08a00377eea0a38a1b0936c17306

SHA256
cf56ba577a83d696ed572e08c838b9702872d85761943eb9f0ce89878c5b0197

SHA512
769f38dc8b827d75617b5665d29a7853060e2495f58e18c03017c1d2b5c736e17ea6a331d6e2e30080ffbe103f3112c299a21a9fd6895c934982c47f5d386bc7

Download Submit
C:\ChromeAutomationData\Default\Code Cache\js\index-dir\the-real-index~RFe59b81b.TMP

Filesize
48B

MD5
a35f27959cdc009348b21b3d8fa2433d

SHA1
bb7b3b7035c62afffd4c57c7f5b0adf0594dd11d

SHA256
bfc82692041e41af93151997261dd8876227ff12a507aa50c00fbcb2c0561c6d

SHA512
cd2f6470fb654727a53a3e1a301f11d6fd5d1e9c03c54cb7b00d8efc10a24180bc71b04cb5e311114b245fd5ea6f4ec1822de74e147dc20959b6c67ed600353f

Download Submit
C:\ChromeAutomationData\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\ChromeAutomationData\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\ChromeAutomationData\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ChromeAutomationData\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ChromeAutomationData\Default\Network\Network Persistent State

Filesize
2KB

MD5
9289d577682edc04eab302d0c4e37ee0

SHA1
c4dc52d6d1a5f94a6e8f5f9615ee20ad1f878ef9

SHA256
a73dfd881768e2a32f41d0ac53e27ebf82e80b601c0cf0f3989b99e60e00622d

SHA512
30b32df8fa0121bdd5271253f36651321fa7df05cbcad421815b2847bd81931b16288c3f78640720f83996b9ad35d835426f6f5c3c534e0be3c51e5b6d5eafbf

Download Submit
C:\ChromeAutomationData\Default\Network\Network Persistent State~RFe5a800e.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ChromeAutomationData\Default\Network\TransportSecurity

Filesize
189B

MD5
85eacc11766ecb74b30997de4a306291

SHA1
ff9274849ff36caabcf24d71f516f27a654bf70b

SHA256
25a21b151ea08b65d4162e5117638476b35a92916fedc9716d5abb8bb3ae9295

SHA512
b55d21b6afda6350e01ddbe91aa613303bea471ea8dac78aba6a83b488d9ca7f4d6f1d24fc181b5b87f99d1b619f2df2b5a255ac12a570f9a26ff3547c240a1b

Download Submit
C:\ChromeAutomationData\Default\Network\TransportSecurity~RFe5a20a9.TMP

Filesize
189B

MD5
9218f5cd8f46fb4c79318974c24d9af1

SHA1
3d3735cf0aab4a0fd2158df614722b565d807b65

SHA256
0ac4e441daac3f8ca7133f8b5036e06f1a66c33aa0eb17a790faa07922d8ed79

SHA512
1c004f8452a60fcdc189a92a96966aa18be383f5dfded3f48c50f2046009f7a2c731d3928c961d9092ada58ac495899683dbb66f1825e620d61f378f82c32c4c

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
9KB

MD5
7d063b93b2b0d249d576c06ec60f6e81

SHA1
b46188ec76345ce607386cebb48f0424c96a9421

SHA256
ae251d9fdb35d978b53b57a0eee544fb525134da94cca94d62bc5a306b3c3aea

SHA512
718753687e9de87e9029a49689ee59ab7c7106a03581d9bac9c1f0e8318b476e290c798b2c9013240aecba3988b1218fa65c40af4c3154c92139e20f523dd19d

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
8KB

MD5
1b0f9a1abecd9bf5f0c46d5226d840f4

SHA1
6cb5e292505e11dc2d25ba2e33543ba10f5d2110

SHA256
df973e861cd52c33a93ce9d5b0abb2db62c09b785d5f75599acf4d8d1bfa68ac

SHA512
84c741ac794e074e7db6d97960eb9bc1d87498f8d6148bcc963fd3fb277b35280a70062a323d8d3873f6512b7f60e17f5f3cf2da28e08987eb6d07d9999d3461

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
8KB

MD5
6ec3d7aa9e4d1df123c982aa3129c1f0

SHA1
d97e2c68734075ba56b1e34fd761dad43c391ac0

SHA256
995cbcd090ca8c5105b26bca71335a7d630a20842431b0b9e0657921f3a103f8

SHA512
e354c4a280f6ed1f2562caf4bd846bd422b3c49078288907b050df5a0640730a2d3f51283e59b182f3c9fb59d7220880b668d724ac7da30eedfc786fd31585b5

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
9KB

MD5
e03c7453601998ab8a91845154498b17

SHA1
72a15438417b66cd0b702e4fdf784e9043fc4ddd

SHA256
4519fbe55473de1b1f8d516cb943707eead6e61f851915e47a5de5571e0b989e

SHA512
3cbb7fe64b9beb521c6094c7c22c1c52437a4915b396867fa738e8cda2a0d72e00a0e7dd23d9483e1218efe3ee4be880536bb8b0f54f2860831df4d123bb92e8

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
9KB

MD5
d6fb240b280ea9274eca91cfc708f6f7

SHA1
1b86c07aaf9818a356bab80f9a74ade1f77ed4f2

SHA256
7e9d6699cf7be55a007287f9f464ef306155866380faf8b03f7d12ad1e42dd14

SHA512
9af7081287e52710f671fa6ed3a95f59c2f20a0fbf091c30be0b4176d3043997214533846c44c529ed4de22e2696615c164e2ed5e1c4be1decdf42fe6aef5e48

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
9KB

MD5
0d2284017d4a16a6de96c78acba4e1f9

SHA1
8f5752e8840b408446da201256e9dd30bb603df2

SHA256
9f00d0ff98881f6692150f561676401dfb8b255ae51c7e37bf62cac0fc3d553a

SHA512
fec5c55b0d8293fa00c5498fb740225d52fc87a1bfa6f6b1169a4ebb40b033f3fd9bc25c80bb6e5059697063c8ee547164eb75f544209e2fee77b2babc5bc192

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
9KB

MD5
58d294f539eefe01bd157a629743adba

SHA1
fc8645f0465c5b065ffbf55c7ad9d79efe0a445c

SHA256
9d7f0c3cc1517ff7d608528ce5cfbc0d631d2f7b78e5de13c2869115056e449d

SHA512
45c57d997aae0c429cb84c74aaada4a973b25d10eae807f0bda0ef59b97f08e07f94c1de30b696adb7231e0112d0513ba225ec4e42b6cebc596b44f2a9ac698b

Download Submit
C:\ChromeAutomationData\Default\Preferences~RFe598d90.TMP

Filesize
1KB

MD5
69cb4b3abb3ec5eebb9003c2d123c412

SHA1
c7221e429126e148848dc07783579af5787b6614

SHA256
ebe05b2f6f1801238dc3a7f460817bb1466673612b8cc7c05de06f9cf88fc317

SHA512
76dfaea08e67c33fe385037a1a0c6e9e75b7ecedc7809f7549e0e43286fa63c62e0c4f6be5b4104d244dd1ad657d715ffa42b7b9cd7484e673f5c82c8ab67c91

Download Submit
C:\ChromeAutomationData\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0e3f499b8be4cec2d905663df0c42870

SHA1
efc11b881b2a12c7f42d4cffeed1af6c4a170e74

SHA256
3d6ee4449cb318ce7ac94b9e52a2149b7cb25d88d24c1fbaa0396bbbdbc1b584

SHA512
37fb568ec51a34a247662f6cb31221def9f65ee860f0e123a6232cef972503fbb202f066eb0580d335c298dc5672d83722330c9f95694550b18962c5484b65bf

Download Submit
C:\ChromeAutomationData\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59d46d.TMP

Filesize
72B

MD5
4670f96f1c364ce66d7b9162d6293bd3

SHA1
cff7ea87a8eefc67b30915f1a77f420c4dcc2132

SHA256
f4cd85d90315d3b89074480517468230df61be63f2f404b9e12f7082cc38e18b

SHA512
0adbca2599726580e4f9f32d20cb4631c8a49f9d9ad467daa78d66aef3633fc2c2f766dfd83e2289ef40671a8b1505c87aee392648cda949d71c484740ac518c

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png

Filesize
1KB

MD5
40c4ea664da063cccf37a00d0dea5f88

SHA1
f524c4c8544d5e8b7d5a29ba74fbe865c0fa303b

SHA256
91289705a496311822aa52d067f2a029025293f1c22779f3a8bc483e211ce1d8

SHA512
bbe182958560fa196423bc1b50575b078e4a3b2b170427074442a42a3f21ae7d91d3115e75f38335c778070142d2d1bc929bfa22bf0fb2ae644c0478f6d58d51

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png

Filesize
2KB

MD5
9e1a6c45e7a5b26e6dfcb060fe4ec411

SHA1
8895839baaf4a6ce1189fd8c5572c3c8298ddcc0

SHA256
102aeb88e02ce1cd5c91ce4ab3c5880be33b6a440ee7f24c9e38741e79b46273

SHA512
323180dbdb0ebed3f398d5e7233f681ec85bd0815ef463d8351e17e99ee6f9f47badc9bdd9ab197249fe85e2c0d2457760f7bb7550c9c55110f333d13bfbe8fb

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png

Filesize
3KB

MD5
65e00211feede352e87ff869cd3d1b1e

SHA1
2ede8e165651f24a165f31bd2b4591d124d5fdde

SHA256
dc78a4be5b92c40c32dbbd4bcc3c65057105db062c088fadcf835a5e161095a1

SHA512
1fec808d0591868de3e27863e095ded619cfb825239eb05aab61f9ddb09bca28534e5a1a6f0d39a47affb7a3371d07cca9701b8dabcd297ff2fd116c9123fe61

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

Filesize
1KB

MD5
44188def4e01c25516ca590c90499b2f

SHA1
0a9258ac71dbd02eb2e5a592365c9e8a3744d3c7

SHA256
be3a2fe70a27da2e9836e8b96a0dcfdd980702f69124f984f82de2b8699fe977

SHA512
f202686756dd603d4d98b36421e2613003279601328aae2214ffa3226a6a7c6102703808877818a989f2927677210dbb7bfa49ccd870771b399abdfa2431dca8

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png

Filesize
2KB

MD5
b87bfabaff9e7370835ea8790c87409b

SHA1
d9641aa79839fa5067ee9054cd61e0eecccfc7ec

SHA256
d67823095d8a91a0d4638ba75216c2f4b467f4fca5a56c4e45e88091b17dfdc5

SHA512
d8e3e59056076919afc7b5640d4f5964abbaac8537bb547da68f7a91c314a72615059024fa6e517134da81a38d4701138f50e37bf99a37ac3353ca5d92ed162e

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png

Filesize
3KB

MD5
72af0c1352184e984612088a6df54e53

SHA1
12faf6f7b28cc2d4be9d639a770e54d895d6fe58

SHA256
e036bcb9f333d3d7e12492247e02fc6d599e12c42cc008fcbbac37def93ca0da

SHA512
8dfed220c6391592aa1bc06000548f1f18ce1e6b47b6e3b47f11185cb0d0c48f961c82c6abb598ee1dcde7ed87c59026cd282ee56f5e0dd1f48ec89a207f4623

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\32.png

Filesize
1024B

MD5
ca6289a7d8f9ecc17f8de717faf1af27

SHA1
4ccf3c6a9291f0a8a3090c22aca6f1872c860073

SHA256
3d7283090cf1a87baae4032266e4d144f7ec2ea465e7b2bf02728aa394c678f0

SHA512
100fb108d3eb74eea016af82a5a6758f22173b3d9a60c5237e9a570aa14549397b224d9d4234661855ffec47930a33536d05c0eb56ac61c551184fa89b18697c

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\48.png

Filesize
1KB

MD5
06c47df56a44e6ec6ed68a0c1b13fcf1

SHA1
d081069ab4c69925e2c5a8e7bb9a683f620dadb2

SHA256
6e21221baad8ccd2b71542f9d3194dc5868c0f424fea640cd4915fbdb32f4804

SHA512
e23731119c43850604eaa83c7fc17cff43681890ba3e144cc0b97cc8b33dc3f90a5370c7ae599c5469e33fcffed6492308451a0f3699bca51df665a70329a569

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\64.png

Filesize
1KB

MD5
fa9b6bd6c167dc772018d4105b7f3afd

SHA1
5a8b1a8bec14f864d559667c79683735508a8036

SHA256
2a8f1a1cfac4fbe96a6cb69e9e621201875cc45b2e60bc75b08ea193c759e346

SHA512
db8b36ed049e357346a6c249dacf54a78bf7395ab8a3c8f8d2aa8d575193f59959cddfc7e1ec18b32a029aa1cfd42ffe30149d74de56d88baa0583a6c00d9a9f

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png

Filesize
1KB

MD5
cfd1c4fa219ea739c219d4fb8c9ccf8d

SHA1
1bd9c4a0c08a594966efe48802af8cdd46aa724c

SHA256
36670568a87c7b3cd1a4448ffe5bde9b6fd3d65b58e6dca38cc4ea2e9e8c11b3

SHA512
59918179057447aa18668abbdaacd11ee3f5e83c25a93f916a050a559ea1457d6ab61abd3db9def22b5214a1767911e9cf9fa8e638852032cca3696424c6a903

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png

Filesize
2KB

MD5
f484337ddad3b425b5788e5ce7082bc8

SHA1
79c7e4c0202a06ef3a287cc76ea498fcf26009c2

SHA256
fa58e3209e408e4f0d60a7ed330d6f62884ccf9b593e37cde03e7916c116dd1f

SHA512
518a8e3d53fe86dc714a59cc70f8f0c44396d7569d25837c1cfe6212a10204080e0c4d19c43729f1815093af9f075693decbb9496700a2f00bd57dd3ed0b0a3c

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png

Filesize
2KB

MD5
9ca95e4d4941acee74cd1bef23eaba35

SHA1
1717e5136bf97a89b5dca5178f4d4d320b21fb48

SHA256
80c1e2f4d89d5266f82dc0295f232eda894812820c5c625a036adf980536e5a8

SHA512
9fb11e36e626b0d9eb43548ba0e90cda27e70d027361c52437f01287e94f07d07da01a385ee2466963e305516f56e37020644ce03d1132322d7e796440c633b5

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\32.png

Filesize
890B

MD5
e21251a768b30062a5cd8e0b01e512bc

SHA1
3fc0c1af7c6783f743021a145016023ee73a69bf

SHA256
280a7fc31d9ba2169f4d0801c7c52bb970061c17c7b4a7959a07e8313c055df0

SHA512
f6104bcce1f2613b5f6baacd354fa6dfe448273b79e5579c7c93ab703e953e49711459bd6ef3d10ee449d9d69c4bf6bca62ac9d6e864670f4503a618425f389a

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\48.png

Filesize
1KB

MD5
67e185e7131868c3af81ee10251a3205

SHA1
3f52bcd8f6dd96a2613d4e0023a6ca87f54d2bde

SHA256
fe6cef43018dd0cf284366ab4c5bc75039274374a3654b58197bfe5ebb3dcc46

SHA512
d155a9e9ad4c0e85c97bc3ec8432213b3637cece3dafa8338662055c0c593e3ce10405b5adccfc92ee6da96d01f7cbf29623bff6204653f7960a84bc782aecb2

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\64.png

Filesize
1KB

MD5
ffd2836b1dfc3a7f5c24dcc4845f3b3a

SHA1
16b4d188780f05e0845014fb45ad6ebaa6b4d2b8

SHA256
f5eb403a4afbb48114e67cb9eb55ae136b86a2c8644167d53006848c8efba562

SHA512
810acdc6d1462416572b79b6e16cca23988a4bccb886db303b1dc1487d4a1abf36f94dbcf7fea7a22ae9892a3f9ebf98516ff2dfbbe424d82c735382f34adbde

Download Submit
C:\ChromeAutomationData\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ChromeAutomationData\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\ChromeAutomationData\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ChromeAutomationData\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ChromeAutomationData\Local State

Filesize
121KB

MD5
4804d7e7b1092ca44d54469838c34a4d

SHA1
3b3655556ccbf4114ebd0281a8d6777a43ca96c3

SHA256
84fed2aaf26eb23d7b700f5e3602f5e24486411ada2b2091ead441222e3329bc

SHA512
dc4bca38b41dd2d73b404456becee8822de61c95212bbcee51f0a80d2e730478aae7e8e893e43c831ee350e5239b8ca95cee78c4a375cd60906b8f538111c0ec

Download Submit
C:\ChromeAutomationData\Local State

Filesize
121KB

MD5
232ad9dcb2752e4eb08341741ac8f01e

SHA1
faffabfcc4510383d4abca42acd77f081c4cf11e

SHA256
62b47a09e7d5d23f8bb5eb1b8430ddb4d68f6102e9d4f85c8a1a2abdc297018c

SHA512
8db05d8c345db55d351ec39c51e68cbebeeb3422ca48729c498f184f617808f6e25d43227732b4b8a8e1e7b3b118701fd062155af26a0e7788bfcbd6378d6633

Download Submit
C:\ChromeAutomationData\Local State~RFe598d61.TMP

Filesize
932B

MD5
790031257e771c7cd60f4235f0f45825

SHA1
c50bfb1a7d5bc65d4b3b13d3cf5689e1ce2dae57

SHA256
01c8ed45937f885e01ce8de67935980dd1f45cfb421c924a308ee8b8d9cb9f2d

SHA512
028ae0e99374dbc2837f34314de5de2a00fac99a6a8a969ae28a84e4e5e0bb85e97bb26a82fb0b5f1538a104a8d6e99d3e1f2b39b125435011f47fad7ea453f6

Download Submit
C:\Program Files\Google\Chrome\Application\SetupMetrics\dba01cde-b879-4ac5-aa7c-afe8078d1444.tmp

Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b9060999d40ffaad7cd1bbdebf77f831

SHA1
bd1e544dba87fcc072c4d0f5c7d8bc0ffcd64587

SHA256
a4db518bc4798d2c90ac7efc2bf007ebaee0befa7b101d52f0039bf7123d935c

SHA512
ce442e25f841fb4dd78a068e57f1642b162d44853e15c8bbd513ac48ee0177bcd4925edd7229f497af03de36b8841debf73ff54e49a12adc885c67c97dfeb008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
51d6c34906d0a80aab4a49fe083243e2

SHA1
cf5c1f75467de02dfad2a2e6e6a792590a5e8ea6

SHA256
a6a46342a88fc747055285971be12dc7ca74f39456de9b4548e38af8105a969d

SHA512
ad1cc1f845296207ef7ccd93499781819ced7708e5617a1163ff492d3d2e3ac5b9f7a95bf66b66b48f035737a3791cd404955fc495a9034cf9cfda055d3bc006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f6f68769ac33791a9cac8b87556450df

SHA1
efa784cd0530c898e59ee5d6a805c793780e312b

SHA256
e4117f3e3eacfea230ffd8ce2f3b51ea243b7f6ceabac78de14fb47860d3e287

SHA512
c8ecf3883e8b4bf63f9d837555a62b426de9591c5386c374b73ad6b7e23d3b8cb945b23b305b8220eedf7e4c93b812db346b0db2232a45c4091343ec5a5bff9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
00cb901b132c21cc65738ebace8042a0

SHA1
d7961a4bac7bb037846b61a32992cbe5df125fa0

SHA256
dee7583542054208279710b96be639ee5cf2c9aedd5ab0c193fa5155997cfa78

SHA512
7d90b65811d0f0ec29c96fae70f3b395914de3593650d89f3a660d2b322a339c7526fb29a908b6238a2d4cb21eec0e14e9164d8dc2d8191c0216e758724606ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
c15d41fea6ac312c863abc3e1ad3f1d2

SHA1
79c83294b0a9945ae40c87ff7d60dee75bf88b4d

SHA256
ed8aadb95b300832e9aa86a3ee2e0f0e56069c3889b0126ca7c52a48ea7fc9e8

SHA512
38429b1e5c45a067d1d883dc57cd28f8f3ae87de2d8260dd1f2757722ee8006b18594c2b2776233f88fec982a6bbf4384e84c1d6795f4d29dac2240cc8f288a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
17b857ff2cdb97b48d86478f3f6d2d2b

SHA1
68aef710917e833810a69dcaa9b2b7a9898e5e70

SHA256
00bb93a13c61c03206517d5f61edda14c6bf7ec846ce4d97e85d35318eef275d

SHA512
5965eb5bec52f275fe869c5a88fde989ce2f8c55a8801c7f43738764c2f81d6dd7249e2aa9a7a37e9d5ca635d43e60f9090334b97d1915b521afbf746e6ba3b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
aed385bf9671aa955b26138a150ce4cd

SHA1
66aff5b4e9fd02139bc556dc5016b75c42eac0ba

SHA256
b6162b792647c21f2e5d5ea7d09af73e72bd0a1382acf38b50f2aad698d9b362

SHA512
93ac8c855e391a0c976bb83c3fc2a1d1455c83048608a6d6a15406e4afe8f4cd8375c203d16fc9fa5516f8cc830090622424cb82136b0d50add2adc508bef789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5db768fd378a6c677d466990a3498116

SHA1
0f760a01ea01ab6b9c41b8b55b979dfe5cb4a0e3

SHA256
fd6050361c71a41a764fe4992ffa1eebc2f666f39e3f47eed7d4c762c1fba713

SHA512
f3c2b4249f0f63a6e4a5f6dc6419404131fe91054a515fff871b683292ceff2eb2723fd34b8b5212d5d9e043516a8c82242b9d50508f4971e54f712e1421aced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
c082d73e8e3ad557dd08b928b7ff11dd

SHA1
0a72bd966cf0a73576474f461ebb3ef71ebc3a67

SHA256
33a08d7bf8bd0abb40237c017c991bf62e59b50bae1becadfebc2cd937265b5f

SHA512
78d4f8e5ad45e2ad81fd48697c7e06fe4edccb11d955f2df2ed8bf69fc74289bb1699a872f1faf08f3dd34542c0d6be77db845732ed8271338d0616f76892d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
d237b84c1b46983bc206d87fd1845b5a

SHA1
df181b5700ba10f680a197b70ccd27439cabb7d6

SHA256
230f5769f3accf2fc5d0a93ff6283840c0b64f9e3e0fbc441d45ff9f1cd0e7ef

SHA512
7272d0a836016a1c004bd04f4ee2b210c4631e2f2a03225e35e0ce55e0f569ea7ee201f0a67d5d21c8deec16f1fcf1f43e7484132026f442ede0dfb4e18a9136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
404d11069f2366dadfab4a3ad807c502

SHA1
11882d246f7ab47b6ae43d091937827b35838d73

SHA256
a342b15bdfdd02fa774c9c46373dff3d6218e1722f7625f51c020f88c1f7d5db

SHA512
91aea07e0983363d395670c6e0694832706f7a57f1472e443f2b0c7f9fd6ab7c6a8c68c34a6099960ab114b7f51edfdb08a558dc0a92e40647d75c1649fbb1c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd01628971c8c5104c115da89bec1713

SHA1
bc89ef33d143a1f050109391bd2c74459c5e9ec3

SHA256
1f63ce9c5a52b162b5719af43838acf0dfbaa0af806a6a46ce5c6d3e39618cdb

SHA512
99e88e0586c331248f3ea8f3e4d74a6c32aa0942c20ad4b9d712ea320b1413dfacab916b8af690aa785b6af251d7794d611d4719c466979f0550fce1f4b0dceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f06630d016e9fabfef4499e133523997

SHA1
d78ac7c95ecadd4188370f2924bf5583a78d3860

SHA256
fc4f3d4ec01fe887497136d5626acd9ca0da5527d6bc897f949f622fee84cdde

SHA512
9c712f1482b7790294682f63b625dba01690d240b0545eebe098faf9ade5a246c4de9c5e90378a8aa01d36efb704fc84fe673941c3357e23692b474e33b99848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d6ac79fc4d3528db16cc1cb85e16e306

SHA1
0d267af363c34f6bdfb8732911f5e1211db43827

SHA256
e08f4c7f5118fe7fb2519c4c49de24a08141a08959e384833406fa788a469bc2

SHA512
4c267a4b93b9574ad9d90363efe1869e807ec5e96c38748fd06e92ecbd52776eb3b2d238226746273ed6811ca888f13208bb116088c165f67dd2b30e0f03222f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
240a151d568d01dd9c7bfd0258b91c1b

SHA1
d82db66a47921136c8dea30134bbd06d2cc2a755

SHA256
47d0e4d78ff1bb96f8da29c550402cc410ecc56c056511226557cc8e7d97a53c

SHA512
624d32a6a522eadb59fc00fbc5e635e780a5d76ee246acc0f891b9c15ed03e54e22e0ec9896e7980b00630152cc957b50f2a1cd588d7c8447d7410f1b454a140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b51d6d6d7190af18e71f67bc35a4a401

SHA1
36e7e91107e87619a186315e221bc5b2739c3739

SHA256
c5fbced72ebc6482ba267bd5163106607a553a66b613b13c23c6fd4df27d01ae

SHA512
cae8f9d9724417665aba032baa0c72e029b908e10bd8f2b53319e199c8420daf854b617b62355a14a40d20dccbcb36685c6d2cc03623188002fc5222441994fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e4eb09f0c011d1e611383d5e887ff90

SHA1
af94a80e11c6ab20aef13851afbdc02f5ad43e70

SHA256
132bf0c441173005b13bc98f9acb5de29ea36cf9114c0523671d8e67b2a61e2b

SHA512
1d002a403c3711153a3ad6279c3752652187237df1886a98178e7a8a682739b9f6d36e194927df93162d7620d4793e31449946ec30fe97914c6020b126ee1e20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
162ee9d07b1321f84d304664b76750d2

SHA1
937f4b17ab2ed6dda098e1ae679efbcdfbf175c6

SHA256
ac3b7a3d5b263b7a83e361022e847e7bb7e49c755621af2c4eb8c68e3ccd38d1

SHA512
ce4280ec0a21a83ecef5d5de6ffcdbfcb698153c71b81cc6cdacba7a12908166e88bac0a48599fb85a4d88f68a8479c51f5574eef63c272439de3b4ef2af2b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e4b6009b7326fd2b9ee795366301510a

SHA1
a53a5c1b757194c20f8819bfea2287d3d732dc2a

SHA256
74cda5e3158cc2163b3982aff607fd32ecf522262057356db41297cd9bf6efb4

SHA512
ae6d679befde6013c1a69b2da12f9ed1244f0edbb78ba0e538dacc88f8cf5fb7e8e07dd2435a30eae93cba90022d72835559ac11836d461f93983e1deed483f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f09c9c418f0eb8fd4d86f3ca7905ac25

SHA1
acbc9dcb59a0115799a25c410de7e43c605ae523

SHA256
9a224ee5f3cbe9bae6aac309bbf2191564119c222892f88ce3b1eeb1496aa0c0

SHA512
357dc35d83b2d458d6128c1e3cd95e57f6959567397aae96fcdbd8745b82fc2978ed41ec68ef03d56f02d87b9435af378944d7faaf8a26d5f29a52104ad41854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4c4134d069b6a51f2e2c2561fd0880e

SHA1
7ac845205520265a9c81e96f854ec43ac3ac3e75

SHA256
36d567238bada1e67f713f7016f1a8171d431ee7ae39ba5b7b1bfe7e008bdd49

SHA512
007a4f93691e7bf69cc6e8286131d828cbe588083c57d9f9422cc712d92e96e5ce5fa087142f7f6335161c017db17c5faa04d12fe516518a4a834f3cf41da423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d5b837cc2a2a785542706477683cd4f

SHA1
b65ef260a038b2931550a7d58f4ac2d1749037ad

SHA256
8d16963c560efac943521e3ab6cad9e0b75d4b99d8d2b2e4294325d8be64f961

SHA512
e7463761a4262c28f3ac11e1a3f2f02f53807be5c0c07596bfa29fda904a4cd1cc77eabb2bc24cb6c0facf835e31195db18e0b0764ee5961acf0c03b6be42dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d8b87872db07b6ec1a97b98f3248b52d

SHA1
ca128b44a5d2f92a182e4b14ac11b88b128674f1

SHA256
a767d34ffad6521221d3790c720b5c04a1833881165597d5239e678bd0602465

SHA512
cf64f981ec488b944afac0830d9e360ef1750347d33e0492494184c043f98a4394286c702d458a19ac10f593c676394ec795e85b3f65630eae047afb0f55be16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aeb380a0a3dc08472070f3d5ac7faab3

SHA1
f5ac247d9bec56484345996573084182e6b6404e

SHA256
760b1770bdc46698a8ae263c7fa955edd498b071e34db81e732104d631e49839

SHA512
91d634e8e4ad67e2f65eb0a90d3ebac972c97a04c2d62246f072f22f5f384ea674fffd60f943d755b037edcb93118c30275fd2a5e50b88c8769691f0021464b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
20f4f13ed6eca771808e7202dfac934c

SHA1
130ee0011a7a5b1e1a58776519077e7e292d4550

SHA256
b25d233bbdc2f8f93b2d174594c14386fa6b1564a50c8cbb5fdc511f286e313b

SHA512
1eac819a821f828605a0bbf210ac06a2cc60cf15ef8e4ba76fe815e1d88ff4dbdabd7138df6ec3d080a921ee8c75f636201a8e44ef37bd97ab94173343001ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3ab38324578b2ab57ec9aa86f6faa324

SHA1
a72c8fc12008481a39368a135b168a7ea27aa6d8

SHA256
7a4f9688793fc243260240c63665fad8e56063c1a7f031993b59d480cd3edbcf

SHA512
2d0967e44f430a54bcb73ffa225eaba057c24e9db26f94f657bcf7abe48bb4aa37b3ee6c88b5a5d17221e9624c0845f26d447b3c2f3f6cd7815ee4dd225b3ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cee3dbf6c33e7273931fb34b987dd789

SHA1
c41daf947a199fa2a1a0f8781ce43f0d89ff1043

SHA256
1e6e73fab66f9808159d5cf74dcfd63dfea45cd8226ab3d1eebbd801f9b4126b

SHA512
465debe94d5e952b24a57aaf102f8cff2d9307d3a7781b4ca468699e9c757981c8bcc47992a65611e60eabba0738eb94552a423365c6eb2ccac1616c41265059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3637664cd0245717800845b41d893d11

SHA1
81f0c9cd79a81d80dd1699cbb7e8a459cdeb8ea1

SHA256
24cf273080b58950c464c7aee7010e4704a9fec02b73188480b4b60b32d37fe8

SHA512
00c2ab6af3ba9037fff9fc1fb2ab2b83a12566e959a83f1f6e10aea3217fdd8a748f9f8dacfd0b2242855f224b614f7c249e4e9db297c9f571d6ea2d919709ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
90285a970019841d269483057fa4bfd2

SHA1
0d5d5e125b16e151e0583ec34b12961f54192289

SHA256
daff16000f6b7ca0c00045e42f8b481387ebefc2899051c108d17a5c1da541ad

SHA512
dbbd730e1d15c1449a4fcf68e887e12aae2a484a88586278a3c5042994141ac1975cfb37b1c6aa3e2b17a73f3bbdb38475616d7cfd0c3911094b25bb31c9241c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
02ac8e2178cd6949756808adbcdd28d7

SHA1
58d482b771be47b380cc431c8138a0291dc46cea

SHA256
b462fbdefbf804096d8b694028981991494ac2a459dff570da5c1d040370b39c

SHA512
324fa3051e6b37840cd1c5347c523d6d18f3e00ff8c3f24795a5548542dc1288a9cad6c1082c4fe133bd480b33087f357b3939a5b581a1e6961af01c0dedd5aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e7bc13167feea43683aae1e53d279389

SHA1
910e403f500ffa8b2b50b19fac2f630013baecfd

SHA256
1829c8057d91fd7829c0d06112ae3bb9daaf0001e5bad6caf6bf26926bb41152

SHA512
86a91b4c5a7791c93df4c753edb843c6c9f59442dc1371cad63ce86c9ba42b7a11b0e0b747c0ee2e10b8c26a14e187746a2c41ca466b9748da1ea77ac076f17f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
32b326885f127730ed8da27df87c690e

SHA1
1ea8ea173f66c48817287d3b98ce8f79cfbe768a

SHA256
13b32f11d4d320bbbce62a3eecd5fe9f34c3c1b785d401e725102de0abfd6e6c

SHA512
3fbb7d417bc958e2e1befd9f1a42f8e4f043f642271786f1cf9c0c5f6b727ab48e187216f936ca87892b904afd09f482f1f2c9da7bbaa648d2484755d4b9622a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
9a627adb9ee3556090d1ededcbd3afb6

SHA1
4daad9459f256fe0b1a9cdbce5d2f5f125929deb

SHA256
c719757aecbc77b62de41f1303707643c779a980d0c972b9f7deb2df2cefbbab

SHA512
7d4e2fecf7e7e9e4b022a1fe220aead50d41c395453d07a168f4af81f952867f75617168dac6d663d5acef59c03220c9bd2ae621838d357c1edd979ab63e805c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
74bf59b6e1ef2af9ae0d89efeddd2432

SHA1
846781a48d5657c9e1529911f76ba2adb9dd8dfd

SHA256
bd6f01902c09f9062e7c1983458ee64e4149fcd298c7fbfcbb6f8007a0127bdc

SHA512
31d659641e72f57c6f664370958c7f66fa60767bbbe231eb0e1f1a54584ae9be02648d0843aea650e652c01567a65d1ca7aba206b2fb62c47590ec4fde780931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e42287a29d658a8c832584c6026ee973

SHA1
24c4ee8c005fd0510adc5fd006bb542b3c6a69f6

SHA256
c5e385d8513a82f87569047f113c0f0a5a05b692d31eabeea345d47aa6b21123

SHA512
54f9aa6a7836b475f41cd2d6e7ccffa9785fdf3cac7fbdc3c28f77a9acda7ff9ef8b7e3248e173442c08e1a46437018fdb3daeafa2161d126f45ad97b9c4e6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\client.exe.log

Filesize
226B

MD5
1294de804ea5400409324a82fdc7ec59

SHA1
9a39506bc6cadf99c1f2129265b610c69d1518f7

SHA256
494398ec6108c68573c366c96aae23d35e7f9bdbb440a4aab96e86fcad5871d0

SHA512
033905cc5b4d0c0ffab2138da47e3223765146fa751c9f84b199284b653a04874c32a23aae577d2e06ce6c6b34fec62331b5fc928e3baf68dc53263ecdfa10c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\5747225b-92f6-46ba-82c1-8123d1020f27.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\8a6209f4-9ec2-4571-a879-d23c53087484.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
8KB

MD5
57bbbaa8fe8ded5281269a86d784159a

SHA1
50569c27c3edf640b713800f8a4b2cfc820b6a9f

SHA256
4113e159bb9dcd2593032da24f8fbe0140086f499d47a3f0bb57738ac293baf3

SHA512
72f0e12f4b6627907a33b4c9ed41f07383b0b2471890b9e810601e8be3686585679d237b2189e19902c1fdefa6e38229b46cbf35a14908fb27cb915c63e1077c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5352_543412123\4c9ce05f-5e28-4e6f-b854-9bbb95bad3dc.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5352_543412123\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk

Filesize
2KB

MD5
1dc2f3926296b35e21c8aa1ef7a364c8

SHA1
c0efcb1c22cdf9314d9417667534c27f494d0328

SHA256
1f315941efd4c749e20e64fa3965902988cbb4359bdcf7b5f3a67898f009d75a

SHA512
63dd36d6fe9d7e468194c50655893d8bc6d02cbbf6abd62132417c52707fee5eca46450247d02ce08305b2870551f3613731574f6e93bb47ccb634bdf46fc960

Download Submit
C:\Users\Admin\Downloads\client.exe

Filesize
468KB

MD5
a6efab91f87192c47ea1b6f2fdf2ef0b

SHA1
b6a4d6f63a4f1e9cc58cb6b810579b497ad83593

SHA256
f03ec00fce64678b9a57153740172d32e2c126ff06b5af68f111a75d92a2d238

SHA512
f99b6fa8c709cff61d05d61726291eeb655a00873988333ffe1e1db42946bfa3037a0d16f4917b2b9c88f1a32bdaebb366b190dd02f979ef537cc3fd09788b4d

Download Submit
C:\Users\Admin\Downloads\client.exe:Zone.Identifier

Filesize
153B

MD5
ed5e3c99f86b13e9939b89d872d4c6b8

SHA1
10773866ab1bf68586c16bf17083790ff6d47c58

SHA256
df7c72298c0463b2ee58c9c689aec176964cd0863dc5582be45d1c9d60e787dd

SHA512
1e091c235eadc6d8ba8e882239a83799aee65a14c7e7437014209e9910d95f96720c339a05ff033db66b52fabf44575d099edc47ea3567831f57e9ee6de3d1ef

Download Submit
C:\Windows\SystemTemp\Crashpad\settings.dat

Filesize
40B

MD5
becbcf80344b2ca3fd0fe08504574559

SHA1
ee4c188c48437a671ca89cf5420137e3889be7fb

SHA256
c31737bb0642650b9496a5e306e40816a5b1e474812b9b6ab1240550450b8d36

SHA512
19eb5683db59a24731969680e7cbcefa509ed5c1a0c93f7fcaf9bd39f3e66e70de18115c032a24a105736c34dd97d4627a35b8aa3591d006bda2094cc05114fb

Download Submit
memory/1524-1292-0x0000000005C50000-0x0000000005D20000-memory.dmp

Filesize
832KB

Download
memory/2744-178-0x0000000006A00000-0x0000000006A92000-memory.dmp

Filesize
584KB

Download
memory/2744-149-0x0000000074DE0000-0x0000000075591000-memory.dmp

Filesize
7.7MB

Download
memory/2744-159-0x0000000006300000-0x0000000006312000-memory.dmp

Filesize
72KB

Download
memory/2744-139-0x0000000006370000-0x00000000063D6000-memory.dmp

Filesize
408KB

Download
memory/2744-129-0x0000000074DE0000-0x0000000075591000-memory.dmp

Filesize
7.7MB

Download
memory/3636-96-0x0000000074DEE000-0x0000000074DEF000-memory.dmp

Filesize
4KB

Download
memory/3636-106-0x0000000000E80000-0x0000000000EFC000-memory.dmp

Filesize
496KB

Download