hxxps://youtube[.]com

Resubmissions

16-01-2025 16:52

250116-vdsk9azkbz 4

10-01-2025 23:03

03-01-2025 12:00

31-12-2024 13:41

31-12-2024 13:34

31-12-2024 12:13

30-12-2024 19:05

Analysis

max time kernel
139s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2025 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
111	sites.google.com
112	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133803792251898810"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 5c00310000000000235a35601000504153532d317e310000440009000400efbe235a3260235a35602e0000000f0700000000050000000000000000000000000000004db20c0150004100530053002d003100320033003400000018000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "5"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{CEB261B7-72DB-4441-B523-7440F07508E7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000092e6c6e09718db010641254ea518db015428d748d75ddb0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1368	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: 33	4448	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4448	AUDIODG.EXE
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2412	2320	chrome.exe	83
PID 2320 wrote to memory of 2412	2320	chrome.exe	83
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 864	2320	chrome.exe	84
PID 2320 wrote to memory of 4884	2320	chrome.exe	85
PID 2320 wrote to memory of 4884	2320	chrome.exe	85
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86
PID 2320 wrote to memory of 3480	2320	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd64e1cc40,0x7ffd64e1cc4c,0x7ffd64e1cc58
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4360,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5272,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5300,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5544,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5440,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5780,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5676,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5612,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5788,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6240,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4636,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6356,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5104,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3840 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=980,i,7232778023345049099,14053175774117939446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4744

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4448

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4500

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PASS-1234\" -spe -an -ai#7zMap25072:80:7zEvent30846
1⤵
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dc7f2a53d44b88c2f6e0c667c72d25b0

SHA1
d20b63bf07beecbb11fa26de1ae43882b076be22

SHA256
981a124ca766df6b82a92126579615e18080607134482f2869d18b4980ed7150

SHA512
c5e1abe1b284b6e6ea8b704e91dc8a17960f978500ac6331cc70400933f606e8bd72f1d4dab6d1758d4c386cb11f2b9c5705893e6c3345b8bf18e4a56fd36a4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f29ae7100cbb726e9b4de09ec60ab279

SHA1
8224c84f7de6712fc29f229e6a455d447434afa7

SHA256
47ea6496a89803f59aabbddfa744afb40c2b1fe503fd077cdfc7bbf321cb080c

SHA512
82f876a1dfdb0d5d7839dfbce06c6c5289c0e22759b781a84681e899d491312a98f5320438316e0e883eb7b6ee95695bd3de705c93c03eb88756efba5424e524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
6ce184544801e6c29823ccbc8ee2b18c

SHA1
d5c8cd9d13a4882657de5388a9c2926f7b05a8d2

SHA256
ec88731630c8bbbf7eb6ac5a0319db0cebd1e671ec1c9c645cbd848dceb7df7f

SHA512
2ec4dfcf8ac54bd9ea31b9380cbdac2301900e4077eb579b771996baf051bb2c57b051958863a4ebfffb81b62e475474d35d39f72f804f5198687a9dde69484f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
04ea5e129618d17f463ec8815b2e1705

SHA1
53d3ec833f7d583b1d6ae9f6eb00339ca7bf8e48

SHA256
655e545057a473fad562666f38f997205bdca1be376274b4a8079d3cfb4ebe87

SHA512
bf4246ec71ff7ea648dde64cb709473f9ab4100806cce3c8801189658445bd2afd85b0759c8d494fd66f6f42d0a3a2020d193b47199a51dd95887ed29ee65b19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
971d28ac5a6815cdd134a81a488336d6

SHA1
0d6ddf365c5a3c5188a84aa178c38b4e009577ef

SHA256
f8eeef38055717325ece0d05639fc76c3fa706190b1c9b8f7d15c7b250c64cc5

SHA512
02b0bfd361fb8f99646af6fc99e92c462f24e494c903c8f791042ff6c1713b5e5de8b2fbb584c445de8e8b6739e3602cf91e441652b5dc06ebeb85c8b2fe9866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
a554521f34111d5763e053cab529b203

SHA1
6ab508a31133241256fe81dcb687d29653574d8f

SHA256
a4ca6c81e25b4913483d2f9147345c48398c686e554d46b3716b114e04042d70

SHA512
e27a8100899a516b770d07b016e121120ea2699fc316b2b98fcdb39071ba9b680696b5a40aeafefd183a3ca8e01d61c91a35216113652982ed6054af214b69db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2004069cae85b830d1aeed626d32cdf7

SHA1
849a88905c8b5928efb4fe1713ca05f02c8cd39d

SHA256
38d7cfb8c6ce6b503cd482c359c9e77e1f8e37b58dc01c2b3c0178d8bc2f61f7

SHA512
d06490b7a069fda3199aa8975e00b6ac0f4c6d45efaf9579efc241aafd224c3e3e8ba924aa2d152bf24abb09db5b574c194fdc63e1fe2eac7c8b90244419045f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
eb04f5a99fbdc97e0aca8765d87a8982

SHA1
772ed6f2d176868c0b61e91b51449d0930b562a4

SHA256
1af5347db72cc32901b82dabbc7f93c97e9d84729cc15c664cb8e2371dd04d4b

SHA512
98348f5fe02faddab9c48a1337e71b6a0bc9aada6c028246c816d81af7c33722f178515f9f2cce71830447a54477ee5f372b29e6195193131aa69f40d06d25d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e3c1ff357a77ec696d02d044a0334010

SHA1
acf412913391e707e81792e822d1a459d59d5d33

SHA256
e8c119a5fa23a3e9dc5c20d4c2e471cfe9b8c4235a76e90940bcfcd68aa52939

SHA512
bd2ba55725ac74a36ce9454009fa55ac4565b9a133e5cb32a0793b2da78a7bca4a1189a4a40099377b2e8bbfdd976d6f7cdcafa47eeb91134421762026671d0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
012e75f35494f86be4b73b1f39b4184e

SHA1
0a77cb501cfd72bfad127beb3234d131e06e1ad0

SHA256
4c4ffb5df870306c297b239ca972f658483cd127f963a36d02b360a794f2c1d5

SHA512
e9d5f0dfaa02865ce445cfe98486b499319603f55d4d38338b5370276fa65f205518b443d173e69e176fcd69583f8552fd72f2b2f50c53d93b4c54b1482cfe77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c7268af1e433f3fcf7543943f74168c6

SHA1
a952f0bd25544370c41ea8dc9ed932eb4c657649

SHA256
5d1605d8336efb6923204ce09cdb9a66475d3f150dda0c0d95e4d27dbe24545e

SHA512
94e6f4baeed413bd3add0e90a818ff8d010d24a5f38366dfbbad80f297af44bbaa6eccc5c32f1a89cb4abcc496609b8e46ab1046033ea9ad251b65ad12be9d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
64aab90aabebaef356d795430b7a0dc2

SHA1
44f16cf42f9eac05ef7e7a85d8cf5a9181ebdd38

SHA256
e425900bdd53c817033cad4be05fbd432a158541dc70452ef030077664595ac1

SHA512
e7dac133f8051d021bcf8d600ef6191b9c7c0268f41b7aa237b85f1d13d4948b3198c2e69de354820766793fdf71833c70e3e31d8d0032014dec8f61f9a128b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
343d42f03e5b11f77bd689e3b1185e17

SHA1
036201cc053121359e29c3745a494cd0fc34418f

SHA256
18392191f4ffd0028cce8fa65634e02720e811423bc930ac547dd3f8a1b1037d

SHA512
84682531cf6593676bf402a98420c832e5d5763e0c4d127b2c3a4c1c78e8f8e6eba39f8fb90a36c50c959982964ace87ccb730df21890746ad7abbcc38900499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
82b25d96dba09c1f76db2ec5cabf7026

SHA1
da6b6aa0c6693adfd52d8c5089cf7464ab7f845b

SHA256
5b4636ad29f1d977d939a9c5e15bfadb2405cb82f69c29a63fe14d5b15a3783e

SHA512
aa7aaa22ff6a24ba40b15d7e0e068fec8d475b6e22ff582a674ce082e97aec0a1bad7ce21a76832ee55774a0676b29a4d9a2ed5b221f8ee793d05d5702e654ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ce306529a66569d2f9acd52cd4a635b3

SHA1
97f7f1c7697308e16018c4e2cd0a97f40d0a9d6f

SHA256
dd334b651e945c5901b03523e28b385ba7bb0d3a00a12fce20546a95b27a110a

SHA512
a220d3f40555ba2ad2d8e4dfd243f1846af6a214c05121702bc597dc392950b1d038e531bacf553c2c9cb622ef3b25d5ddccb7a466603089fde36e361e7a41b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8dcd908ebb50143f927f46288278481c

SHA1
9e8b619e9c1dc0ca68bef80baa2e5d9a36b2427d

SHA256
b976879cfb639e4ac80ac3cfe3c6c8590ea713747df787330437cb946dc70f9b

SHA512
339873d623737ab6974a29a2296b6f811f79bb4e12e05a583a5f04f056a269b7122e74ee1ad57585f0056d6038fedbbabd9790d4f79480758df3773112cdd044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7048bc8403c89536dceafbbbda6c8c8e

SHA1
58a9af9d970a6e66409c187930c49ea4cccfcd17

SHA256
56eb0754b058433ae65c53a9b6d650d6455e8e6b234c3a643571a0e9b8aad172

SHA512
ae6342e5f46b540dd5680fec05641c5f72e9f718434850003f043d905fb16d710fee9a6cd9d4485a72ed2a694aca7c11265802a1695a8ba9fb7a249e314e512d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f5a012cf02b78b2e1d370abe5e514874

SHA1
0049ae304fb3321f70bab48657db618d937cec54

SHA256
5518c81f0259c338e7492872135916faaf74432b643390fc4825b4f3112cc2e6

SHA512
7c3be684df9b9a8b0bfe331da5f6e39901a90b18ae2e242a135851a064724df9e5aa665a3fdaa3c2a49296a9e53b72b424a224446add956b89a0a16383f2b612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e903ef7d73e35e42f7050c6c276aa9d7

SHA1
5c07b9e7ab6a9f102efd32eeffd8b68c947715f6

SHA256
0cabcb0c408775cece233989bc87ef0ae76f8402c7fc6db27dac9581e813fca6

SHA512
94831ff57305e58fcb2893c8e25ed3bb2b926bbcceb3589fb989dba29c18f77e68b82e6795e397ac9305b229e798c647d21d16fbaa327f483be92bf73f34de1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\479cd2dd-f8a7-4393-bbda-59b62626eac1\index-dir\the-real-index

Filesize
2KB

MD5
85d6a0e8393131d74c51da092f69c8de

SHA1
59299284edcf10df7d5079b3ffeb3e5db969ddf0

SHA256
34d4021981a16410f24303a0c0c63c769b86cf1b4c8992e38e7e22552f06b353

SHA512
44c7e9bbbd515f606556d5f78eb0e693749f137ce440166e2ee2a3720665519d4e17113df11008eaca39105443aa51d4463669e4dd064f9cc225a12b8b23ebe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\479cd2dd-f8a7-4393-bbda-59b62626eac1\index-dir\the-real-index~RFe5837a5.TMP

Filesize
48B

MD5
ec7d8fb3e3455af848b25358a550069f

SHA1
c30e3a47902264be432dd92a3c6782ac1b592811

SHA256
8920d9d6832d9b79965e4a32b96fee0d1ef5c7529b1de05085d500a27859df5d

SHA512
06aa1ce298527a56d12029f75ecd41d3f8b900b6f030825ff431a67db621deccce71e5cd0cddb4cdbb46c98e5a18f83984a079dacc839de641b776a77b6c1cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
dfc87691622ccc25f028634991ef6e20

SHA1
7b2eeb3da914f4ea2589739ed9cdbbff03fcea64

SHA256
e519f5e31f572f32be48179009d517004d618b470022d8ff1e1a670ea2dd303d

SHA512
fbf804c5656e4d7648fdb5e6c46ba2a140da05a796913004a49372d7de0d5224c064793a46fb1ad0356e86706d79cbdf8f2f6e3d945c4324d2fc8acb8f5bb299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
3352de0d25eac2b7818997ded1d6a755

SHA1
fe19017653c9c1e38076e1442607cd083214490a

SHA256
092df22e9c95d9558d31c9d025ce36f7eec5cc65f9d482bf11ce4c7e01ed776b

SHA512
4bef31f449127d157987873611f202a775a60fd4b7412537d58e29fa82e20df9cf435564b9dc70cb785cd3a1dd5bbd5ce16113428049911f931fced27e06187a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
7cb0ca528d0b6aa90f0b383721d4a61c

SHA1
b3fb41f29fb4244101ac2b2a3cc4b5fdc19087b9

SHA256
452fc040836136a2f29a358a08cef16a2aaea2b3bbfd1a80b5865041347b108b

SHA512
e2e9330301473e085718271b3cbfa20c7b72fa8109186406d0047a93580409d0b7fe658db2ecc734cba4c5db83155381719e4539cfee48ef3d622a27f71dc488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5787ae.TMP

Filesize
119B

MD5
c3baa422f39c34adf06466f3ca5c6b8c

SHA1
426a81a5c99cd6eb8c173fa4e7529e6caf244511

SHA256
e2cfa21ffc51fbfa00b65ff1a811902b32861fb16fe8caf89f1582f9c4bd49de

SHA512
baf5ef41443d9c92559038e64ae973fa36357a2b90a2a2693c43de404b416ebe117c633d7247a03b8c58c5d0195cbda6dafaba3dc3efa085a680d54ec10e2505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
d4275d47d3ae9368428d924f0530928f

SHA1
336dc6c9ea1eacd9970425cb61fbb577b54551b9

SHA256
842aa980e8843b1f9de686bacbdba1aa7f930f5e1eb80b71e29544ac26ed6038

SHA512
e52bde6237e01e7ee0ee52080d3a5549ad2b6f68ea8d5419f89937635a56617fab3f2f629288d1a86063a3eff51bd7b2c2ee0a311a99ba46f9c4efaea57239fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
52bdda524fa3f1929a94fc1f40bcc711

SHA1
34691e1d02a4862381c781a096f3f707fbda017f

SHA256
8dbd8da02892bc0682cceef3426052739063cf51e35cb91cc9d80bbd6e19241e

SHA512
f6c6d4b3eee629678844ce24a2182aea15dc6639dc585fe4df1fd72f537e399886371f12cfc260b1b8b380dad838db585fbec59af9124b7bf650dc745a2033f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
d1d5f61ca2ff8db4eb8ed42c822a9f5c

SHA1
4b786b24b97067b0684748411e1abadae86e87fa

SHA256
0798fd47df814ced4a025627307b29989532e09e86d2e594e50c218467df0d2b

SHA512
2e8fa62a292b7a4b33b3c82a715c3c2d773c38b65dca5f0517b9d20872e6218fcd1b352b069cc4092c7e0e45f0b20d990ead375d355ca32e5fc332f01bf263a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3523662a918b2997c0dd39d5af65b8c0

SHA1
63ed1d8d494e7b4c3babfa4a00ae198a6496c2ad

SHA256
8e4c1e286cc6860feb49d16e7862d5d51c274887e87f380759505d6c4d876a70

SHA512
df9a3b38acc38aff49ba42801afade1b0aa36bcf3b64cb815b77607dbf1537f4143a4b24c6e39926fc5b4c0adae10a325e3e3f88539b502938b1d704d4e023aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
bafb82b2cee54c5ceb476c110b3eaacb

SHA1
3ab91d87624300e74b7c053452c00de8d0cecd84

SHA256
82c2db0061e8b62cb9758a8246dc503f4ff33d5460c5a2864ebecb2001ff3df6

SHA512
ed333ef4acbea4bb78f5db6af428ef99a77633dbfd8251074123d2c6e1c81bbaa611bd4481fa29cc55d691325a8711b17d90d92d48851a9f42d4b883e938f123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
77d8b6b55dc36b98e16c973f20e2ae5b

SHA1
af1eb30093e679ec6efe77dc7ee04f8598794049

SHA256
d6ce3092d56daf6462eb4425015a538556375444d6d902f3dd5054a587a9ce65

SHA512
380012497870832ca21528f42853d210aff7f1ae6083f26503768af83ef24399882b7e931c9ade841f15f6ac2648de0cea6d4a78fb7c05af730667b5a23c22d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
af2c317d82c17bae6985bfcfe85812f7

SHA1
a9d86110cc87610e1f8c7d37e6399cf7e1504c6f

SHA256
07500f2344c582731f0b48e444f653c71d78682fa70eea949428863159138a29

SHA512
336c656290a0a138bd1737909ba08d78d31d7b703b8ae78a5b23ea70e63a15ee79907ecfb6091687aa02ae843904f6b6d47f9196e3f99bf50659c305f4c5f884

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\PASS-1234.zip

Filesize
37.0MB

MD5
65760834f3a039f72057f2debd91dd64

SHA1
11027039cec72c0cdabb0a9ca8271f4bb2e7f3b2

SHA256
a9f9d70ac11bceafc5b850cf44b959c2796a6b1c728f7a4e42fa09c0a87ef693

SHA512
3295e82acd101b622301eecfbfe23b61f6137e6ce86190ded172afcbe3c0143205dd2849f208c5fc3692ec59485e4eca095101a7d7826ccecc2573eaf51cd638

Download Submit
C:\Users\Admin\Downloads\PASS-1234\PASS-1234.exe

Filesize
526KB

MD5
e2567466f88e3da8bd430a7fd6bbf229

SHA1
3269a6517fa157a962051024d8e46e6655740035

SHA256
aa4f774f707fcec31895672d4c6845761d57006adf73342ae9739c37b4c9c597

SHA512
92d1cace941d468d65cf7dda4a906697e82fefe2e03770a90f473c8a4e6f325f554fcc006c784fdb5b7e663f26d90de53e843cf12a1a90e6f7013a22fdec8313

Download Submit
C:\Users\Admin\Downloads\PASS-1234\libbry\libb3.dll

Filesize
21.2MB

MD5
d048a16cf471fca67d6805385a2488b1

SHA1
3385cd047d14909ccfc0f28d552c2301272e0af7

SHA256
f00a35a9725ab3ba68cf340c547e88e8916adc5c2e8c9220d0a76f0f83ff14e5

SHA512
1249f917a600a7abaeb88e2efba9583f840bb39c769aa481b991eea40567a286c831749f7950ead4f83d4b6407209a517303a5e8ce7c3830882ff6627a189ddc

Download Submit