lumma | hxxps://youtube[.]com

Resubmissions

16/01/2025, 16:52

250116-vdsk9azkbz 4

10/01/2025, 23:03

03/01/2025, 12:00

31/12/2024, 13:41

31/12/2024, 13:34

31/12/2024, 12:13

30/12/2024, 19:05

Analysis

max time kernel
450s
max time network
450s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10/01/2025, 23:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://fraggielek.biz/api

https://grandiouseziu.biz/api

https://littlenotii.biz/api

https://marketlumpe.biz/api

https://nuttyshopr.biz/api

https://punishzement.biz/api

https://spookycappy.biz/api

https://truculengisau.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 2 IoCs

pid	Process
1612	Xsoft.exe
232	Xsoft.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1612 set thread context of 232	1612	Xsoft.exe	139

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3980	1612	WerFault.exe	135

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xsoft.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xsoft.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133810238052347411"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-114766061-2901990051-2372745435-1000\{1743D249-A547-4458-B7CB-DC83EDCE2CEF}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe
3744	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
464	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: 33	4876	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4876	AUDIODG.EXE
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
464	chrome.exe
464	chrome.exe
464	chrome.exe
1272	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
64	chrome.exe
1240	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
1904	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
5052	chrome.exe
4996	chrome.exe
4196	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 4424	3608	chrome.exe	81
PID 3608 wrote to memory of 4424	3608	chrome.exe	81
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 3304	3608	chrome.exe	82
PID 3608 wrote to memory of 1044	3608	chrome.exe	83
PID 3608 wrote to memory of 1044	3608	chrome.exe	83
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84
PID 3608 wrote to memory of 2340	3608	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffd6922cc40,0x7ffd6922cc4c,0x7ffd6922cc58
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2096,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1808,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4328,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4340 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5392,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5700,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5140,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5672,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3200,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5724,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4504,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5076,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5792,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5416,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5156,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5656,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6364,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6168,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4560,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5788,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6644,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6664,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6600 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6584,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6616,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6596,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5908,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4320,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6420,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=3692,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6564,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6152,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6588,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5012,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6736,i,10886272509214308173,2732532680803138953,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3984

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4156

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Xsoft\" -spe -an -ai#7zMap11673:72:7zEvent11140
1⤵
PID:3980

C:\Users\Admin\Downloads\Xsoft\Xsoft.exe
"C:\Users\Admin\Downloads\Xsoft\Xsoft.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1612
- C:\Users\Admin\Downloads\Xsoft\Xsoft.exe
  "C:\Users\Admin\Downloads\Xsoft\Xsoft.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:232
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 168
  2⤵
  - Program crash
  PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1612 -ip 1612
1⤵
PID:4212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
415cfb81d8fa127e812c163e73dbddfb

SHA1
860b843eb209068c51f044f48f91717850da1d2e

SHA256
10b8fc52c0c538f544105be43387b2adb764f3f11a485245cca9e43c158bcf29

SHA512
4f73a680c70d3177ded54138264a215a7a178ec1fe0609f9899250b22a3faa8ea48342dc032952c5285a467f7bcf57305ab6e9f5e0ca6699c14388d1c442d908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dcceffa0b3cbf72262608ab954fcbc86

SHA1
dde3e6e1e601a8575e92ed2581b0888d86a853ea

SHA256
b4a06bd3e56d9acde7867c524700f08eda38403d7bf818c5ced5fa7dadbdd214

SHA512
e3c38d780fadd77342527898410cc54017e5c33574209300dd1077d9180f323679e7ece8b46796f13781707b554b1ce37e9af9de028f9ecdeb9dda9da336028d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
82KB

MD5
36f5a723d8ea215105e234d221701697

SHA1
328136bb1f00b00bace5e4c6cf6a7e45425c17b2

SHA256
302c7ac0af04845c20b3bcd54d3a603c607b0d6afd10ebffe5eec7deb059e748

SHA512
5f44f06ff80459b52f7d56933862790b20dcb51dae97b0e26db4bf3fec83d1f01ad862ab26129f9061841730c257a8b9969325ec385f2be9f0e39734910c40b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
83KB

MD5
aa435543e291e2ec2b61b13fbba5b352

SHA1
08fb38eb937a346a26f19261b63d74e0f72eb922

SHA256
34089781ad5f4f2775dac1323db17688fc1fc316bc1f330b84b83cc39616722c

SHA512
d8b301b80e8ae80ef6a29f7f5f3295d6fc97f92db2c04678e357c20ec4600d41044b9612f92c13ef6c41e5b23c38af1198b6d9033f31ac59e6edacaa26e08110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
115KB

MD5
4c0b72f736c5800fdf26adf4e8cc99ce

SHA1
f935ac4c773108729c200ca90cbf199ee3ff76c6

SHA256
596d530896bc525d79623387c97e15609851b467f209f1ef7bf630bf58f64516

SHA512
b6380165f4b8556c79baf63512d6a7a5326e22a58a4b963065e48c1c884825537c9ce0bc4d81527e2aedd5c6d291b4e7caa98b5afdfe001ae34adc61dbf25314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
123KB

MD5
898349f8e2968cd8280f72f1ee0807a3

SHA1
32ba9cf4a1f3eb7f6523961f271fb5bd93f9ec73

SHA256
e867d29918428ed116b2225df5d92d5a20e2822645eb3ec5bedf13921047802f

SHA512
7f21169921426bcb5aa27cc52bf8d3c3e830851b4af11b314a21da666d7daa551fd7e6180ee68806f05c330909a3ec420282a974ca025376b63a79bcb063380c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
1.6MB

MD5
29755532e86a89bbe59606f281d9500d

SHA1
7e58ba485d8bfd003d53fa09b93ffb7ac2c4787d

SHA256
da80e12dc282652ac171996bcd2361a3034baf314480f919ebd04640083d7ebf

SHA512
2fd21b73a2c9b6c2424a733c5ace5887abcc2deb59bf4d16367a7a5c37239e5cb63ff61bff74eabe8eb12b60cc128de861fc362c3b54a4dd6ef544f97cc187f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
28KB

MD5
6708f54a8e187376b00dc15c26dd5e52

SHA1
21f4dacbfaef26585e9fb2f7679ba064ca6ee671

SHA256
f97cb599e0ff9332f94ab91bb086f2479208d07cdd6943b1e9a6f1db597ab53e

SHA512
4dea210fbbea29eaa2260722b22c8f6ef00c9c34415df2e9aa483a46bb24cfa934e09779dc83af97ca41c5917d74379b4d94942e8ee7f73fb45028df2290f69a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
125KB

MD5
6c757f2775f43b0b642173628afec094

SHA1
f916074c450a2085d2970c3ba37e18bbd79c333b

SHA256
6cdbf5b57abfdc0672dea0d6803aea8614ad2d35e3d66776c8ca05d7f86bd94e

SHA512
09132b1ecf9a43a6a6e5876d8c6ab0c1e40c9129b023532df6a7b272c2f49df0d760425523062209413f28d762e9349a552a16252268757af121925caced6634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
78KB

MD5
35a46116980c974751122a331d47fd84

SHA1
cd6e9014e38596c681641a27706124b5b69f86fc

SHA256
ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66

SHA512
aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
41KB

MD5
187d20d234e7ea31d798e49b15720544

SHA1
372dc17ab421c75b5780203ec5aae8e1a0ebbcda

SHA256
6e31009bfeae93365a4f95e1684e7edc828795e1919a6fc74f33c3f823a3900b

SHA512
1eae45a8bba3d14236fadee5700cf39642f99cb540f295ed2f6114e80dde34874e7d7d3c5358301c5f10fc15282f87875b4aa2949811e84af91d9b30f4b28711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
125KB

MD5
53436aca8627a49f4deaaa44dc9e3c05

SHA1
0bc0c675480d94ec7e8609dda6227f88c5d08d2c

SHA256
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

SHA512
6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
20KB

MD5
1435f3cfd01bf0f3c24b8983e6780db0

SHA1
439ab7ffa6f9d5b654710691d8736eedf2b6e892

SHA256
8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47

SHA512
dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
216KB

MD5
03c03aea8deff4f76c36c79390923584

SHA1
6b4528e8fa44db0b5c9491e46b3a9bb640fb90bc

SHA256
de15d90dc28cd725b544092491300cedfaaeb9a1f1eecbdd1dbb31111a2d6eda

SHA512
eee0995f9322a6f9d6951e3cde6e6fd61add157e86532048dfaa65289fcf89b772d71e9d4230f68e0b6ae08c33e4ad8f0a0b9ec464c2f97fa29754eee7fbbed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
36KB

MD5
1a3268e97e77b116d84a784d6617f48e

SHA1
806847820feb0aa8c262344367b0a83b69004f36

SHA256
620263ae03be7336e27682a315dc7acc0efc97d4348edac52cbb6368915a6218

SHA512
944976abbff81c616889fdf04b1f5f62e008abc3ce9dc744434717bab5662f614397c0b0f518ea5c3d9556241940fe29d1f29920c52c0f06ec53a05be2ffe769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\076f1308a90c2a2c_0

Filesize
19KB

MD5
871bec33864a67500a3dc8c3b82d0e95

SHA1
d07bd395b5eb7e91a869be8ebcf6b48bcdbf462d

SHA256
c70e5a2ff385c96cb2d2345184c8bef977d5d3cc20b25a683d80d756abe1ea2b

SHA512
282da22dfcab705465639d5cae7c1de2deab35aaf716f3d9b3513d42395496b9c431b7515a19e6701d7e82c619a15414dc854766ed83babb14f644dcbaad0101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6239b1bb806f4df_0

Filesize
283B

MD5
8fb9752e6f952a1f097a1209833e0a57

SHA1
a4f39f93f9fdb88783bd617d3061ab6a0565287a

SHA256
8116b9adb9d130f4d0cbccef502eb9be7e010907509136c953a5ebed4e989119

SHA512
0b335bad1f6ef2c4e9d0009810570ec2682c32d684b70b3f20213b93520ce81c1878ed5b292dc0ff36976865e208d47c0db4855e78f1378d441e7bdecb9286ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
676e522f6b5fe360367ff7e06a7ee1ec

SHA1
b7e3bd129ec9844efb77894ed34ebb981fa7dfed

SHA256
f80588ff5b2c87b49ae3b392cfafcc44ee356735c8612742eadfd03f0a2832f7

SHA512
b782fea029b3bbfcb0f56f679ddcb72f935f0dae2b67b2db2cddbbebfc27db890aa6c0494071525cb9a0cf9fbf0028404b86ad49e5f69126ba86abee735b4a35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6cb77557e24db041db8e36b2551280d6

SHA1
3ace3bf3ebd758a8f517b6ef45a253874255327d

SHA256
ce29645de52f3735ebb7c294b03029b4b177aa6fbfada9503d60c7b77bcd7a17

SHA512
4abce07440e45a10c38be63d8d2401a99a8123f9517f13ea2aaa045384811137af76ee1d5ac8ce769b5c576b19e72d16e9993e29b6bdca1ebc50a5585b366aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2e371ad5eb60f7fc491bd401f95daabc

SHA1
db8efbd1d1fcf060470ebc072e9b1b9eaab4a454

SHA256
790b74e1f2119f8aead309cfb844794070b764333f0f29eeb298f37ecd0787bc

SHA512
85c24c0e337c4bb153ecc9814b1c9e70874da6432a0f643726d013d02aded1cc180c816c7e6a2bf6408402871ee750c425c539edeff8c2105e33caff74dd48e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f47b080d0bab769349074239414b0f9b

SHA1
e7bac0bd93aa5a8acefe5a56631d0f7be466889a

SHA256
6ce3046d9c333f6a2868f7dcd9952c8c09c269af1658bed5933177935334e048

SHA512
05644888cedddb576b69f62815bd05a96ac3166a89b03a790c00d6e8b0bf81bc80710d4ad9b02125df1eed5c9ead360c7b8dce90cc875e94ab819277b32acd8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e399d3a57c4861e64e77abdd6a858e8a

SHA1
0cb24f98344f6182800cb1d778e9d223928b5cde

SHA256
27cd61e1befdecd5e70ef8a15c4060b17d2d2eee4957911ff9daae5d5f87e7de

SHA512
f77761ed3b6c80b51e05fd13d36c991ef77c73318df7ccb91dec5356cbc744d7bfefce527b170efb23e11f9a7887b6bc2cd43129a147dd16e600281e06c15bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
83a9e7bb0aad657eb37deb418c4c3292

SHA1
d1fb04f1431b9b4b6a9a6a9332fd1ff64e13c1fd

SHA256
943bef9729275e439e8404228a584dd6fa2adead0f6d9d68817d30189deeee6b

SHA512
d08478837df4feb7d869bfc7ca963a779251e1fabc224c568c990904c72abfd51ee34bdf541211e17b3b5659be4832603fe83ca2382614a5f48e31e343d58966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4f8bc31bcdf8e6f09f670ef86a77163f

SHA1
ef2d76448b6a03e5cd6b8e7489c5bd2705225df5

SHA256
2ca60c2145d0287a915f75a088a2262058042de5139a06784f8cb6e14868288d

SHA512
6a35b3a92830f049f2bb8f3310ee78e5c0d7b3e30b7876edeeafc9d31128c78852c4cde6d84b2ea4eb4f15ea81738f24a8cf7e1095d2116c74e7208337899081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fdc557ee5974848ce0aef9bb01fc35d6

SHA1
0a82a4b6c9cf1bddd15f7e0cf9bbfe41779b1bef

SHA256
090a723bbdbd06392a584a2dff077a490f6682025f6992a49691c443f41f55fe

SHA512
801ff3bf5394cea3d0d3e562bafe3ce467aee5cef392ce1cbba1bc74a18d8c67245ea72133e3a73ea2d740446735a3e1e186953ea29e39b99fcb29578c895dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ad2adacd8d6437c202e12a93beb68d32

SHA1
9ee6308aaa11af058acf8b4793034726ec00a3d4

SHA256
acdbdffa67b4e7842bb61839cace4585790fc3f870833b21d5627eb7711b2027

SHA512
84a7625c96f485f474a23bdbcfb565a63afb6dd25be32eaae5061b95ac462b568f9f86c5af0c16d45438a44cd06e0811b4970fe92ad61311cc6b261b43104861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\000003.log

Filesize
23KB

MD5
31eb757842016b4d734eb16c35a2155f

SHA1
a04d764ffa459d25757a9fa0ad92a01fe0501c0a

SHA256
5d0badba013e6f721881ddbec39744ed3f23a57cc811a1e420908c982b771734

SHA512
6849b5599da2499cc751685b655222dfe7a3830a3f1e44c58ee0daa8bec3abf42844d02beecd58266ef4927c80c7b1fc7442abeec4b4ff1cd4c7545bdfe4261a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\LOG

Filesize
357B

MD5
90f54d85ddac2259fe400bea223c02a3

SHA1
515639f9d6f34534e8c8281813eb18c79be0797d

SHA256
53a7c74d86d75e9d9a273ec254b1609984e2b9ec8b5fbb70de15ca0f13f52ca5

SHA512
f59d5db83fccb97cc767a51e98796b09bd75f5ce274ebff747e7ebd373ca2734cd80f5ca99d4c56683b5e1f681043503d1bdc2768b3e798585e72e58efa5a3bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
c5d4bd28eb7d0d3bb1d76fa1f8199b5c

SHA1
6aeec2746743cfb7636e1d40e963c8147dd89568

SHA256
f42bc4b1b13acc6639b9918170e3be4d3c4724efa4743bd0b02b4fb66834cc81

SHA512
a75d56b670c3ef28e6ca9627e19ad407831c359d3a073fe12b93e6fa4fddbfa5fdeda5507601bc0180ee3d09da72512706425ecfc680c81ad13ec9c2517aebbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
6c5a4716c28f65fd95e480282fa996f2

SHA1
225385c376f4bf5696b6972c8f9969e992589e96

SHA256
37489105b5f04034e5295d980078f39009d36f66147c54ff2172b2ffc5f8b8b5

SHA512
977d313384d7667504ff8eb2b8155ef5738928dcb908332de007579f9b7e036699d673cd1d1d9f507e43b4b17d0ff54c5e45f4c7ca594419609d330dbc505e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
6626f664c14a2a666e9a4a4a2f0ae6eb

SHA1
d6c7b1b67af91fe2848a525159247266cc58e03a

SHA256
d75ffdd1ac89d6688e6dd3c2c514e46f2df68b9d87ccd299539ebc8469b08037

SHA512
31191a9d8be44f93848aeaf8c05e1a9ff4c9646f2b7279287e538d4422949dfc7d77527a9449fc4ef993565d317b5efb1635ccfaf8e2d7bc589581312c1bd6aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
ce96a4afd54318364af5e10cba7e144d

SHA1
dd4dfa46ce54f57e88e86c18ff7a3b1f2d2c5a05

SHA256
3aabf169c3da54371315037a178e5ddbd2931d5c6049daf95042bb9bfa8806fd

SHA512
93d580ef8df5af4ab1939049c1894b0600fc54f38d696cf4c348a78122ed943bd04b5cf716fb9495a787454c2f2f869a7ac655d2f0354e2394dce43efed6286e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
72ad64f7d6b12501be7887b6a8cba55b

SHA1
44074a0499ae6dbe39623d665f77c72102d79bc2

SHA256
bbb6d169a5488fee683b57a26c125e8308986d265948de75621e17c1bf4d50ce

SHA512
3dbd95772476e2cd94094cb0d032a33b32c94131ecb3117f1f6291910e5459e8ae42df796b62b7848dc369ce4520e74a4c802f54b5386c136c5a2877ae408a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
edcacf6729328c4449d553b3fb8972a9

SHA1
b2f2c9eddeb05fb490ad1d70705daf0652d4201b

SHA256
6b4e7e23e7601049ad950dba6aca6a9443ef6e3f73edcef02df8efece78a71f7

SHA512
9d4855d2003934aa0e02d07e4c307c40c9d72ceb559c75d01399311bb6d12a6be0e58558634272517e647dd997463a9e3725529cdb0bd61f3de7735cba911aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0e62af792ae58f43759fdcd698bb3a17

SHA1
136bab76cc19899ccf325cf37021821db3d1dd49

SHA256
6d801888ddffd68803f32bc3a1791605e8aeff90c09ee318add5cb97bfafeb4b

SHA512
ca1dd491fffa2cec57a52bbda9eaf971451b25128bd6bde9002c45121abbe2659e55a40ee6bc27d7a998f946038effd1f979ff9d75be55bc97a1e9308ee88a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a89ceb355ffe4b1a9f507898ffc55d36

SHA1
ddd57afe1fde358869e31109b0b6526ca28d607c

SHA256
1360e2f409935dddd5068a22a19ac0a6d1a9173b118ab39ab636b16867089398

SHA512
bdada4728bd6058106b07c041549ee8d7fa9516ec6a568965b2efb47e306e5b2ccffc1cecfd4a28dc46a4b325eebc68392e2bfd01ff65864d8df99cf2c55ae1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b5e625739c29f3783e472c3abe5f489a

SHA1
b893dbca8b2d49973b1e0879aca5224a9759069c

SHA256
c55e26d10d7401cbf5fb0330b501036460cff7269c33cc59d4f0f4afc0bc9b18

SHA512
b1804f48f5182d9db4d4c95b35734b1bbbf8c91238ad40273f54edb1a5dcdd30596ba3b3ad8b6c8f670f9391cf0c942498a7ae84f309b7861a0cce1ef2658639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
24d24590fe8da8466e7e6fd0bae44720

SHA1
7d7e2bbe2ae576e542eea76a8f997a986ca71b0e

SHA256
4612d36b7b8ef048ccb18ef1b0101e6f949b371508221f0c8041f9140a194f80

SHA512
c6257c724bb01586290fb5e1161670ec22fc2cd7889c6c5f57e0c5ab4a9cc4d893a00294df0f5d19990ef70a293c13fbf8d983a3e544576394775ddd8f13bec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
3f28d3f0f65ec1260dc6177aee46fa10

SHA1
85a8bba010442b68d66b9247e0bd66479286426c

SHA256
0470adb3ee53bfa83d0756de5f91b45fee480f17b4686dc867a2754358fe3016

SHA512
e5fefb3402fb1bc60618d5cd967970c09c083e51ca798560cd984b979975d54e7e385d441d15d266896a621bc8db9302e2cb243c34238840afe0117a673e7c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fd453433e5fc4d7e7fadecf516020d1f

SHA1
d87a76b5f5bf494f3cde1084d8fd30785847a2af

SHA256
511755d3c96b4e86b0ac18eef1840d4e1c94d4267614902b4cd6dadcd057c46b

SHA512
33636e2b42e86fce7f5f5440a794019316a9ed16780aa01fa56905764c744836032076621a4fe96d63cab01b04756f59af797e2c20b435e080f89fd2aff8e70e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
6f0ff63ae284cf97ec94780179e7a0fc

SHA1
ac86ff8760beebec13dd4d72fd86bd5e7a7c09d3

SHA256
06a68d87dc677f26215b5f8e718acb8a3dd7a689cd9491ac91de0849a010fba4

SHA512
057240712cdc5e01c7cc94b94fdfa1488b8817f88f07004e79b968b6bee5e895c24ade9e67cedeb6ab20792318aa39a99665de70e589ae36ec19e2218faee985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d734239164ff78448df7238c0f2adffc

SHA1
210546e88309e1f4b40cabbafef037b8a4480215

SHA256
fccb91e63afc418996b07b98b4ce77c2078d27d280c1084c5706668b52f8abab

SHA512
88b581ab1f72ab3086b243c9c5e6131d35db2f27b12f9a2b623e40c8b31bdf3cd801f9c5ae27f8fe3273adfa81cd41b67a4e12635248ca1e47382270ad6a4970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
952d8619d3f65f6ce02d2de279ef7d9a

SHA1
45ee480b939c63ae476ce198ea6c42d106b7230c

SHA256
5edc8b852b5ee085438b1a64b46ae2fea1cdc0cbe52f6931e476277d341507bf

SHA512
25b23c0100d223b9f0269d0e6949d8c24ee65837a03efe688b5769a2b462f6287e9ae7a4b40a21d98e13447af1813ee23df7dc28c72515742ac54985b12008ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d0b483848e935a2466e1db217b344a1f

SHA1
1c5bcf1f921cab9af3315e2a5cf54e924cd41750

SHA256
3690903d16aff064cffb4f2ffb65823cb9a607412ba2b57d6c2b6ca3e331c130

SHA512
e4c14627154e1943922254d6bd4086aab0bcddc050b0fb52c3d8dec1610671a90e4881277043b133c8aa8ee01ca8da5348773d524a7b67f1f7ccf6a590c02eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
28d1b9658c11fd14f72152daed74ff35

SHA1
52bba29be5a8fe64e14e26b6b41533286034a36c

SHA256
e84f818968ce4e805e536e62c7f3b120b84111623a4d13493ff4b532913d59fb

SHA512
c4cbf1d3518439950601840e7b40c69b52d488a4d2ac36ba5e64ab1626c01d52f0e11a37a64869ca3886693abc788234f710a171a04049d90840421fe9ac0431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
68d740ba7a0019e08e0cb7bb3c27c619

SHA1
a32c17acd96da6d2099957da1bc1e0a6bda9760b

SHA256
df0737c84e420c8b9e15d2055419e5201064eeab7a46546269ca3e9835837dd7

SHA512
28a20f646de6696e330452cdb14fa9d805192d5efce81f6c73ecbb01d42235aa86705548bd49bed5c9c2f0f01633eccfea0006ccd3891c6e5b0226c51081e488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33d5b2ee59f4bc50e3f227d433d22c22

SHA1
8b1e54a5b229be331395dcb3e2251a499457c2ff

SHA256
75daf9688562db41f065f38805b64efcf1d4709b88444c20e6294b1bfa191ff3

SHA512
4600d76af0c3f7f48fd8eeefc0530f2134290c3c806cc0a5017155a3d6ddcae5338a6e4edb83b7d18f9e622056bbb70c41c64c3922ad3d8201814d475c8fc491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f05fe1190a9d0d70c74801d841f1c74

SHA1
5f7d7f73e787fa5bf472ba5f822ae03465b1fafd

SHA256
c38fa7ad3def0e6cbbdee882af4b3502aa48c01311703b2ea918e618beae238d

SHA512
f4257c449c2803fc2f3f229ae1fbdcb5269db1b8b5a045aa0b4ccb5271c6f3be198aa292a93783ede7cde1a189b30a319ad2fe941fc869480c71a67cba693d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a1819e7828602d3ccdfc6956f2505813

SHA1
4945d50f50812b7bcc6295e8704ba041139c5bde

SHA256
1ad3ef70fc94db777c897de9b1b69326a22f0392c2d5c27459617a6ba9c11e92

SHA512
ceac30823ab60dfb95ae735a2140bc5b3d7fe0c069356e687eeddef1a01fc468393981f2b41b9faa1e25a654a21749ed3da0490e2fab662263199f61a53d93b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c2ba2f61515ebf8d883d4c33f0ac366e

SHA1
f2d12e23f5dee5793d85ba9a125afdbb036c831a

SHA256
c706614d5b4eb01af35c04593aaa5c96c3315ad36dc2d698d60cf4b52051ec7c

SHA512
5de2aea02273017a67e9102087e70606f60d4c79fbc5414e4510d4c13ac6d3dfae241479a5c2b87ff5e13c7b125d77f2baa87d30047d3436e04de5bcdf655522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7c8f9b7b37b1fc0e0354ddcc54146ad1

SHA1
ba64eb8140c041c087e2402b5701c430426f2560

SHA256
c3d489733d8dc2b95ccdf4a586047d9a8d4f289b3277f17af12d371a0d485693

SHA512
efe846ded607c93ccce0ea72e83c20fe3856103378d3063ff4a85d3dd9e6f10535c57ad2938e387371c91dd894e6115a10f5c8558074d9058ddf3a9bae72b89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1a1e9aa67e71898b800dfd2e0e405966

SHA1
8c0eb7ad60e3f3f1d7799e19ab64220765d82019

SHA256
a2b410deacef6c16cfffd524016afd53535d6e5f625efe4b8a7bcf0011930874

SHA512
a60a92185c06cc8130d8b44eefc73ea3e098e083d2c99d9fc84c0be14521bd1fe3259bfb4bebbef84fffa902a8df016531527e973e672733acc2052d6a25454e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
11af40418f4ad954bd79cdb85b225076

SHA1
18b0e65d1e85cf6d99d36d0b9567835d836628ff

SHA256
2cdd1fd8ebbf22f61e459609e95275e544c8757162c8ddd8ba4586f73c454875

SHA512
ce104d64347f390080536bedbf346d4e984b5f6db865fe4450b7b66d81c365699f883ec5c38682876c31b5b089923f8d96e63955fcf42a2b124947b042153554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
fa7cf0cb333d8d557f08ef4f69ba0aa3

SHA1
98fe687be2fd34bab9547615bdf94f0082bf55b6

SHA256
c030f342a752d7843d19bb0952f150d923f554a5bb71c198257a824641880e5c

SHA512
58827746ae04a1ec322ec94c67637ccdccaa53627818c7411f32e61c481335e6a08bfc1d6d80450550ee657ae40a0b952cafddc0972be35413ad5b46a1c7a493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
873d12fe5f61a55e290dd80fe1ade20b

SHA1
340a1dedadfab3778077f41096faded81e483a36

SHA256
66e645a48cccbdfacf41dca014573f541a5c2b6d18f67ed709c2cff526dcb997

SHA512
718748b4ad74eced9df33ede465d0806768b02ebd9fdfe722064b532039ffd1d9b517d7d63d11bd54925b5f922586d49606c10e90b7ecdab396871b1b6021aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c9ad2a44a40f871f6ca34f8ac0b9a951

SHA1
d13efc24262da54b2b40a8dfef8656a21217bcc7

SHA256
a460d0be73833c31b0be05cb76744a9832f95128ca8b6a7af03e56f2ef498202

SHA512
62b5169fea58ff01aeb7875ea4da9a31dda88eb0dc9d02ba6899151b8c9fcc3f29282bd8e74006bb17982e5633b9e23a71c5879e5939a542e062744b7e7cd03d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
57a2441dbf551b1a3c1182e05cc07599

SHA1
cba7a867c832053851212aac1c828c98f198646e

SHA256
1ee39834351fec062697a014f233b844202a2a9638c508b49dfd08097acacd33

SHA512
c46afd6669bf238ae6f493a8a1f7b3d5932cdf81945f6e293d349eec628da098354a5ea7dae86c4083dcfe4034f626b1f6389ba6ca7cbfce2ea9946fca18c4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
779f4bcddb702fb8692eea2b43cabaf9

SHA1
f20d70d40189184695205f38230ebd95512842bf

SHA256
5d83e195647ea4d8c8a1f68713e1f3fb8789b23cc2808ac2058013659febf18b

SHA512
553f0816ceae438858e995e9c661c17ecf9d41e81298f8443d6c4f5cda4b59b308bd868845649df12353182964d781eca92abf4ad2c513cc6baff3b63979e125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
22bb89ca3c5a5d69b9bb5bf3c8c4bf6a

SHA1
38d05db5f4369981c47762b2277f07825df44c38

SHA256
e4b35e7a628b39bb81c358fcacf1498672de026d430d9a3a51d5ae9dc6a6fc85

SHA512
477f1bb44c5380378265d699ebccfce747a184547e390928a6c3219d86c045131c4c21b50ad7e095125d92e84d43ceeef9fe02f5b77cdb1bcee630773c38d89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e8e9bd3f56a5bc4acd0cdac6b7e47381

SHA1
6df7c59653bcdd829d4d1e2924f194a117e16412

SHA256
5abc2813e2bbcff1b6573067fe216ac07c1a6c9154a0c903ba5dacc08172f818

SHA512
823a66e50bf2a24e6a0e0f3936dbd8a47bf1907044f35433f2fb6337bffee862102f941367bc94c6c619f7f48326fafc63ef2a3f292280a8caddcd4164f375cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
c2bb9d09913c88d20290fdf762d48bd7

SHA1
b34f26848e015f114a3d1e5e40f3cfeefcabea93

SHA256
48e312f3b58686aecb79312822e47ca6f54e9240cd99e6867d87b4b1bb11d08b

SHA512
d2619cffc9c6a6e2cec9c61bb0d03022779c1898c616b17b01c81eea7ef648bd186c21563aea37a4449dd99269fdcbd8effcd3c061203c330b95423877560684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
3a9549fcfda365bd7acb9c30a7aa2b84

SHA1
6667377685007795b945c780e4838dbcc2035e5d

SHA256
dba752497dd18c3df25983162f4c3723f21b72bba42870de1dec7b9993f53366

SHA512
9704d6c2f6d92347940d597eb5c5b82af93ac9316f45443def29a01a9232d673141755108d3aae9222376c8a6e0d3a536cadaf93069adcaf373c8f7c993b0fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9d9a2bc5fd7f81fd95c02197442cb6b8

SHA1
032a2c24f6cc4636e59e3df33d104612654a6f0a

SHA256
db85e53a3a8d5a5764351bd9470b40479e1fa3c200e12eb7d7103e56b3409a69

SHA512
451d305806b4784c30ce0f69fe126bd9dcbc3b415016dd7ed5d9a9c7d6a97738e3b2d9bcd70a3f916b51cbe30e8a6858d393780958370af9202e01056501578f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
03ed8161cf9076ca5b74709edca9d908

SHA1
f3d702e2dc1f84ad5960482623b2e612f598eb47

SHA256
a89e90b1b3f7c1bff3de7ff0a6b9efc6e377fa09322f77176d8c3a0c17f2c110

SHA512
ef0fc79dfd8fad51750f9d708c16c315f483e0d338ba733120f88f99c0a2ca460e43441e788d613dd08150868fc6c879d17a604f47d37a433ebb575cd9f16afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
16de943f48bc5953426f43642680d598

SHA1
09eb4ef39fa02282b55c9279b479b0110cbd023a

SHA256
6a0fb1b1441fdc70c4e65e30d59ec6b5850e5c2cd002bb6ccf0122e1b3833b36

SHA512
b9e85006e54e0ef8e95145a15c2d4c90e6bdfd443ed7f586476f761281cf1b40a62453a50a638df0b0838967f14115b33046a431965fc401d4fef9b76036d6bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e65d0cd8600ad1401a0dfbd8f3cd9a30

SHA1
d54cbb676f9ff7fa8d991c6aae2944095df545be

SHA256
0890e32f2befb769a83c890ff3310dfd4b1fbfaf8fb397639b4af1e945eac4da

SHA512
2e4645084a55798897460ac293ddbd3b69cf41257c8df85b70e4fb5ffc8ecfc4027803d7392fbcd943962022af7d25041f1361dcb3d6e3b83fa3573fbce7afc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
2eb218067fea24fd00bd0f7294341db6

SHA1
41e0af59007403fb721cd5d290e411eb684314c4

SHA256
480433c1fb9e489dd348be525562f69dab8cd2acf50b0e903266866e2752cff1

SHA512
ecaa53195db7ff68d96c2e580a969037535cf160e432972adf754429c7943bf36584c8e38641fcb12ef7d73d95c18d5cf5f93687fdf624a093a44539a6d4d5a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a19e4563c02a7d1968886bf958bc542

SHA1
bcda2826abb36d0aaa9ef448e92266f4f3db8fdb

SHA256
967d1d51d1813815d0404739ba0cf7b0223e622a7d78d09b896b83e3799b6f49

SHA512
8094c8d2a9b6ff93333b3aa543204cef13adfa8627eb8e3fc3f29f4bc259df0013c9303ee652fcd1af8a8dfeb9e9cfc5bb6c1fb2ecd8898f68ff7d2fc430ce88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
61ee6bab333b15ccf3db8c362808a866

SHA1
42c63b78fb91386f7cb09aa92ee46399cd2d867f

SHA256
8a082f7932c107826d73efa73583ae7e6ed1b5be0665f4516d3b3abd9425a35f

SHA512
e8197c14370041a720ae1b246d371391ea447f2f61ddbc2740e4fcdac257c429268f917a87ab9a4325788da2012557f3e05fb887ab1a8d71962d01d965135f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\43ee325f-58c9-43ab-92b6-79af5e28905a\index-dir\the-real-index

Filesize
240B

MD5
db265e89adf1f434034bba12e75f6506

SHA1
1303311e1f7c1a7ece4f77d8fddb46ecca5f15c7

SHA256
1864ba6ea61e532320c7b5514ebb63c73a1548276bed93ca72103ae08b2fbbe1

SHA512
11d375e731ad8d37c3c8237edc78aa0e9057392145457465e58137ba134fa3760776926e50b835b19e462cc1d469e4c87ad68be0589ec4a96b4586f4e94c7c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\43ee325f-58c9-43ab-92b6-79af5e28905a\index-dir\the-real-index~RFe5d66db.TMP

Filesize
48B

MD5
fc9800a381d220d3d78d6132beb699aa

SHA1
f9ece973e9d9f6f24a27a2b3149092f9013fc102

SHA256
2ce5f1cdba3a66f2301a6aea2a0177121c987a390c3e037ac35728968717ea31

SHA512
b6d81d7e70bd11635b1273d4fa5971300ac0ea8771842f620cd7a04d27fa8191e845fb2d74109e361ae72f550fa19e9415455b4114e7fdf4fef7116a0f4f19c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
123B

MD5
0588f51c10fd5b15c945724ba094926e

SHA1
fabd044b751452a1dae3395655084e5970b61fe4

SHA256
cce67eb8cb6a559ad1b34fa65e6886955b2be36ef87beb4eafa8f2ce7f90a8e5

SHA512
cdc33e40e8afa2fdd3169c2f17e989bd2e37f4407b67e02991b9070dbdc257c5e6a5af66032904545c54dd12a71a1fbdf75a44d1172607dd05c3f4970017035a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5d670a.TMP

Filesize
128B

MD5
430e83c4d7500bbc8794c47fa2e8c49f

SHA1
2005937b67b02fd7a1d46b4661a56b8fe3c784ee

SHA256
9dd6db885e5641bc48151ee41225f63136a6b076a893483e1b450af0ae3580ca

SHA512
6843557c1447a021f2477de4977edf2b037f1747a02a81ddd013fe43046429c109615b115ebca33bbaa21b566c5c6fa38887432dc4eec6928fbe843e01216664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ba9c42a6-1d7f-4c5e-b888-b036cc639e15\index-dir\the-real-index

Filesize
2KB

MD5
d4ccfd29b73e2cb38ebf3f0a214d0a5b

SHA1
5b6cc23df6403c7b317e9e6af881ee0e8a60d4c9

SHA256
40fda615d9a4348cb332ed45015597e4671b194c51e96681f404026633fd8659

SHA512
679e012e09674ec4eac4942ae4a5146c6dadbd22b924c9bc97a7860b389eff4a41a259383c7fb35c0061c3760a651fd1f5670a0ee1eb5092bbf0a7eba5bd792e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ba9c42a6-1d7f-4c5e-b888-b036cc639e15\index-dir\the-real-index~RFe580172.TMP

Filesize
48B

MD5
9e8dae696e27bfc9c1d9381dc2f5be8d

SHA1
3f68e0a592f6afa9583b34333349d7d5a6ac18ce

SHA256
4954c9c36d6d8520ac49994426d8015fefb9a2ed8513dbd0aeba33d91f4783b3

SHA512
701fce2d872f4a1511d291fcdd888809946334a72ef8dade7a03318628a4643b2c345c5cc063e4e0a5ab88833c2041b8e4b702705389406206212840172c2511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
508d44967e350a64921049a336f2c65d

SHA1
0baa42f4f65cc2fa1a2ed462ab31d1bf6278184e

SHA256
db738e0479d1c0b29e1c9b5f642b4803bd8ce39ac092960096906e696f9d2d4f

SHA512
4a5af7e0171c811437810ab5d9f5e212d396d786c3b2b155315f2a0bb64a9d6485790b660eb4f00ab9a0922cb561ad459c6f97cda7f2dce36294a3e48b5fa949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
41d0642a7295b7b863d1b62e29c6214a

SHA1
272847ab739a004f16dc7aecc6459f59eec76e92

SHA256
c534bce6639da365e519dbfb42a343aad4d024380b596867b740562a736d2d0e

SHA512
1d6f366866312a03aa564bbbd97a3ecb20c2231c85094b846210c369bf727a86be9654282b628a2fe1e160c73a7c1809c30055d7e9c7ebe4123d884c89e76154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
2c45f045fbe6af29d04ef587595d4215

SHA1
7d2344e7bf75c03ac421a394c15dbf1ee8c7e30f

SHA256
85406b838a771fedcba29e0b36ba16a943fa28b2160391de1e84cae92567b87b

SHA512
7d7d5a41bb7466117ddb4caea07bb93f0aa83e2a8d961b5ea72216226987b94738aa95f35a2f36981c65af46b59ddc858f2ddca40b2ca9ecd3312e5f003e7d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5762e0.TMP

Filesize
119B

MD5
2a533cfe02a81ef919d17d3525b3d915

SHA1
3f2c8d7741a9087254af6bcb5c728c4e5b516177

SHA256
7d48690f0ef6513773e6f176be438ceed30dd25fdf33db40b326de2a4413cbfd

SHA512
2bbac1c9d2971a27a9a605f258ee9b817a7cbb7d9c9fc440c5132061950370333e2be99d6ba1fad0cc15839fde76a2a8b1d9b221b6815992d97109d435c85b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
125KB

MD5
39efa544f8aeb04490dfd30ced680434

SHA1
6959be8b949cf9ba4e031efbc40c6b6a5e68a4bb

SHA256
0918e96c1bd48a4c0dafa7830c18bc435d11c7e15980e0b682d95d7a67ec0d26

SHA512
3e8dfcbb34e6a3777ee75007faaff2799fc60e6f11762f7f2b956dfe79dd30834f76972f139c95f4d3468f193b028ca41d5f2628dff160a7a5e25c00cb10fe10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
211KB

MD5
9bfbd8eb38c8e93db0ead4c1410e96c8

SHA1
95ca38a9248f1711b2ce61d979ed0498444aac4f

SHA256
445f91d0bb9e13425cc9a010cf1eb50f65397f462416c9e685466c66897a5f4f

SHA512
23f3fff99dabbefd31e63c19b7d7c22034ec17b1664191258f07bc777c7ff47c3042cac8dfb5f97344f62adcf8ad7b6c9312a62e11a7afdc9291e81d5e52f2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
64a31b0f017c59a4064a542fac98f897

SHA1
8f9e2fb6520f67a677be68d5736a285f268c8e85

SHA256
0191d46ff6f1369ad374fbbc2812f72429c70e5c40000c5a8390b6555a47c404

SHA512
38befde06119b63c9762876f489218579375c164880759326ab79ab56fde0e897fd7f836913e585ea2ecb2cb1110ba5d87fd02bf1a7d1ec52ef90099d104ef39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e763fd16e47659d20c47ab87bd884d09

SHA1
3562316093b574fcea1328f6cecc6edc966cfed9

SHA256
13d61fa8d0a55949588db89367102bb181556dec9ac51a7e3d8b395e924a2336

SHA512
5ffe367a015adcba2f525ce78b7f60c85ee95038b73d0499cce527f3fae52d84c822b2ffa1b89faac19a751abbf568a6411a1a76709f2abddeb33701014d2eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b1cb.TMP

Filesize
48B

MD5
4f541de967710818a1b54c44f81c0f2c

SHA1
3197efb4131a821e7977d90f18030222771f5768

SHA256
9a4e4073a85def4a1576cb296333c64158307c0fc70e9602a7619888aeaa5f7d

SHA512
0a0b87ff2086359567b679c1e289dbb5a866ac4baa09032180d3fbcc87093e428c7063a508c45f259d13835f8523d54547bbace6fa03dbdaeb2c597dfbb11c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
e42a54b8e0efcea587aa48f9a4221b37

SHA1
4a8778e9fb3e0daab7d7845be68dacce2e1044eb

SHA256
0d598dc714481cbc75b1a05235c3c16aa6af4b6d4919f7e74191df8a3be6dcb1

SHA512
2b7969c57ed84c92fdb835864a016a842f938ca2eb8b06c8b8cb79ce186a151becca16e891a022e2983080fc78f666e5c1f0094c4d31990d8c83f71008a726ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
8ec4ca2d40803fca78d34ebc727dd3c0

SHA1
aee90a06388f3ba5ca1d6c52971d8be8ea03db6b

SHA256
d97d8bd7e89e21d582be2c4ba5b99abe1fbf45a8eb933aed94c00c0ee782e7d0

SHA512
0642433fd979186f57c8de693339d69d83443bf35138b3a3a69069dffbdc4012e3c09e8dc60ad18a9e862f55abd3a897096279b6eecb359936df57820fcb6580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
08dee7ec913e9faf515638700c4a7397

SHA1
13ad9bcef8cd7dd25ff23d6a299dc589b08ff9ec

SHA256
ac3bdc7af2ad2c21db5767381a35cfe44243d4e99a93413a2098a49605205607

SHA512
cfeaf5cf30ffc4d8fabd64c17e83170e171efc13f5657438cb008a2820df9670ce33ef455fbc52c3b46193d25c6456e7218d17384b6673cad7e6764105b45952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
30887c19fc6edb0d16b00823b6ca47ba

SHA1
e320d64cfa7835d1650aac02dc3cad08dd9220d5

SHA256
f75c09423564c5b9105351abee1c32575d409be41c3b2f5d42437c460b450643

SHA512
52cba308b2f92a3c1f137e1bf8baffe85c3257dcade7a7d76b765097acd61f749347d2130796e6a7d65cde54daaa57a62ec556bd8915332eac1dc458627ad373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
73e832b178c6c9fbbb5a43278da2c32a

SHA1
bc68c0d75575bbbc8fcb49d006b6f75008eab89b

SHA256
f838f009bcb323a743b13c67ceb888652bb7e478319d4b885948ec4e84fb9f74

SHA512
26c71c31f6ad611a3abe8dcb5623a0138b3028cbeb2a4ddd56ec3abd8b7d4bb1d9e3d4db14d9e444d2a1fb9c69630ef05df56ea5c9a2cb7703bb9e0a84fdc6e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
f416a9ea3ed343211d5a281e636adf80

SHA1
8c13c23cfe674192495a7a6ca9c8ef15305af56f

SHA256
1b5ad586a39f8a8a0756103f3f4ec48207c3c0bf122142b769b240544891aa2b

SHA512
fb4d2949017e2ce5b9de19012a51aae1c7951d445023da0b7dcdedf68de648b9a84b7e7533ec6fe9e17da5f277896f8b3e3355b1301d7a75746b72f29bf51bf2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
228106c606332aebc338f92b6b9187ca

SHA1
ab933bf36e91848688a57f02cdd7e435a0e5d6f6

SHA256
179dd1f6674a12583132ce2c10fe4e9ce1165105ad46e31c6f58ee1057cfaf2f

SHA512
32f31c8697232528e421ed9c98df7b10e30b4241c1bf84d00d2c6dfa33e23292e290d7ca6c6bcb778920edd723e603f0b952c6c3e116277a7da630c04036b349

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
288b7c7b974c85a2ad3fb99780addc89

SHA1
b7e1bb2da01bae415e3bf14616d06afb7688ee2f

SHA256
8ec3c3652e074533c2ffe22fce8a37b1b2f5d37574326958d04ce6529cb217a3

SHA512
92600b9b8c46b6eba7f64abba218ad5fe37db06fddb072bf6a416156e0e1ba71738bb61daca0f28b2c9ee9034a61f2a90c57c1da2b44ca5292e037ac9e8d63dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
33cedb2323c4a882d3237e8eecbed31e

SHA1
fae02e22cdc42717060a9a477a00bac1b4494c2c

SHA256
1c8ce7092828d689c4d1bb1fba94bf4cd802876e35ff7984af411808741fac92

SHA512
3f6f78a71a42a92a14ed32fde4ee4aadeabd2aa0299e858e7934cf36d55d8e0b0bd10a195b140aff3b0a7738d3e33e0bae57067b24463c1e70c7951704f69f2a

Download Submit
C:\Users\Admin\Downloads\Xsoft\Xsoft.exe

Filesize
331KB

MD5
df3c9a10ce7386254e0503e83f44e1d6

SHA1
a40779b6b46c368e8e79ca4fd5ebe9386f7d093c

SHA256
b8d0af3dcf5c079b338ca5e9f9e1c5bce62bf7e458a6f67861686901a80b2a5a

SHA512
1b7359bd75e6794f115cdbf835af15f38ff30d4e36dd4f3f13dfd2d97a9e6b50de67e83223f6183a91a6f7952c07146a33fb1b8cd2eb25ecd538f561c90d4b05

Download Submit
C:\Users\Admin\Downloads\Xsoft\libGLESv2.dll

Filesize
7.7MB

MD5
02374701c3dc3b26088763fd3cc11bc9

SHA1
84e582496c53ce139d9efd219b762ad38a50d011

SHA256
8e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41

SHA512
09693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2

Download Submit
memory/232-1629-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/232-1627-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/1612-1624-0x0000000000560000-0x00000000005BA000-memory.dmp

Filesize
360KB

Download
memory/1612-1625-0x0000000005450000-0x00000000059F6000-memory.dmp

Filesize
5.6MB

Download