hxxps://cdn1337[.]site/123[.]txt

Resubmissions

14/01/2025, 20:16

250114-y2jj2a1jbr 8

14/01/2025, 20:12

250114-yzbfmszrgj 10

Analysis

max time kernel
299s
max time network
296s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14/01/2025, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn1337.site/123.txt

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133813594172791828"	chrome.exe

Modifies registry class 47 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000d3bbf1dfaf18db01f0c18786b818db018e6ceb53c166db0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\123.txt:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3728	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3728	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3744	2932	chrome.exe	77
PID 2932 wrote to memory of 3744	2932	chrome.exe	77
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 3396	2932	chrome.exe	78
PID 2932 wrote to memory of 2584	2932	chrome.exe	79
PID 2932 wrote to memory of 2584	2932	chrome.exe	79
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80
PID 2932 wrote to memory of 2212	2932	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn1337.site/123.txt
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9a0ccc40,0x7ffe9a0ccc4c,0x7ffe9a0ccc58
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:3
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2112,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4268,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5036,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5228,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5484,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5380,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4428,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5008,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5096,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4460,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5744,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5424,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5896,i,13204667816966523664,15537854558420879239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3748

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
194ace636a0807df12399e3f1005fa38

SHA1
f579d2918c50680e7f9b2842aae3845109b8cf89

SHA256
7795acc0fcfe972d960c7b5b00759c86b59cdb523043f57d6ee981a4784e54a3

SHA512
c5454ade922d6ee61fc576594f6288fd686015261b45787978cca20bf87ea83d91aeeca570469145db6e691a4d2ad6d8cf8ae3c0b6d462f5575cb90b771b1053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f650d923b731585807e68ed58bb08e63

SHA1
3ef497703351556f7eec353a56a8d42f198df53a

SHA256
6a565e7cb1ba3c9664a863a67c14acf065745f8373a72dfbf2ca8ef87c04ce16

SHA512
851ae6ba4e75ff88458cedbc14006d2ccbe54a4f5ae64875bf4834b027634b58ab2230a8bd657ce32e7d8b94fcd4c4b6b09520795217dda272f76845018d7528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
1997e064752d66626e53e1bf01be2f00

SHA1
a9a61121c7a5bc9c085630065c49a7cebb84607a

SHA256
36796d59be16be06a16dbfe0861afa1aecefb504b4fbc11e30595044f63569dd

SHA512
25680d4e9b8f58c15e80111f4626e7f85ad11b19ae3b49bf9ec60245cc901b6f40820dd711546ee621c876794f21f60a1506089e408d94443cce23d601ccaae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
bb790deb9ef3fef5a175d670918925d1

SHA1
ad0c3ed5e8eea64ccc4e59b3b94611a8beddcfb5

SHA256
487c04db0be7ee70b87658d8d1f286fe5ff3ea223c84a01b7df34683f891e08c

SHA512
de610b09c6bc12d5e2160c7b3368873798d0d26a97d4ed5ac0e9385bcb59e776901814eeb7649e6395bac21643e43dd52009c9e0756c32c0fdd0d5f344bd1926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
17cdbab6481bbdc27c4dc4017975c235

SHA1
d124a1187afe9723cc9c625dddc93393faee36a7

SHA256
1852de1c1ae7a6efa6df6302e2a39e80ba0329c7cf7ec1ba08e996fa6bd31cf5

SHA512
2dfb97bb42ef0ad32fb92284e9ddde9dcd86c867f702d081782b8dbdf905b3c88d4706e7ce24b2fc689ea215f3728ba3a12be6b6cd0a4030c113f9fe67186fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3536243646a8c32a1161e6dd32ab8e79

SHA1
6eb6a1b901cd2b0450fdaa6cf2c37bffa73a49d2

SHA256
c22517dfcedc452849b4e6450fd13d3dce72618bb37ccef0f06a77e1ed08cd77

SHA512
3731572d31b8c53d0c069548e1d9db97c450111d91135c6b3a04e8a3d83acb618fbfc10334c99e654db5dff6c25ef3e662293995d0eca2730cbffb8adc7046dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
93c48d3485802cdc5a16df3f1004ea56

SHA1
a668c91396fc0281f62760c548946b0300ec165f

SHA256
1a3b3dad0c7eea374b2c45732980d9bb1e035b2d7b32cf5f421c4a1909924449

SHA512
d6b29d202c2b0d7f8331da23579a98040459c4147522b43262d84572e55df81ba35bd927d5ab8fa9dfab364e4b1fa023210bc1af39d53b492237814e2539f479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f49d042ce04a976acb572f41f37efcf2

SHA1
ba00ae74a4cc5091d2861e09f0906b367130a1aa

SHA256
2167c0451e32a63f655112aa266ad16874d6a772fbb99c33829220929d939dfb

SHA512
7b6664a979fd3687c1166876075c692804bde995595f62ec9a3f74e39af957c298bbef47d0e439ef750135a446abc833b0580c87f3ee9dc1fa20408614cd4547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
54feb192007f79f4e9e60a9e7d9c30d2

SHA1
af3e12185a1684abe3c92c1969498f12b93d7ac0

SHA256
c03fe36f670fd45222669614bf0840943c19bad452b1d84bf250e5c21825161c

SHA512
59208a9d1010175c9bc7e05971bc76107e21bc91325d9e828dae8082d28bad0f9a218fb852000d254296640a72ad76c30c70eba9959f3c54ec0aa2dbe9e2c702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
92aadfd06b9ccafc091176af0c5ccaf2

SHA1
8c39dd6a6c9f2913dc7dac3b013875fdffd0b467

SHA256
cf127dcbd9d024c89d1b329b9b39bff0e6e5b2459be8f39b8eceab70b7b6bfe0

SHA512
240300450d47629dbb91a1fa079d3dd2084dd4acaf9d75f013b779a244d22ac03792c0b5aae28e213109a185c1e0e68f548d812d815809a3aa2186be56657645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
f598861eb7ea2a1df58b21fe5ad009b4

SHA1
81f67f5f29924a679b721797884067c3785d0c0f

SHA256
6bb352388d11d716fd86d6e02a668182fdd19c00680a6078b547a2a9dcda7e76

SHA512
15810d98e29385ca53023592528bb6324e0f57adcf844f2d486d8fffc9e7cd1440807e8f9b6b24431ba5584ce10e6685ea01a6ad070558836f7b4dedcec163f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
92f793900f8a1f3afd2efddf84647770

SHA1
04c6f1e6c2cda821497fc4e9a4dfdccbb3ba4293

SHA256
593f4c31b71f72880960f9ff301a5d824423aa94126829768c06654ab923e3eb

SHA512
b9f937a023422c2c5135baa56f276bd20029df2024fefbddab791a04575d0b0a238954b1258a0756eb47ac5f82cb15351e5f4789163c7030e47ab0dad567dc9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a1e8b31877dfc8115267aa0bc5e86bd9

SHA1
e79a804558771d2cd89cf42b696f2856064509db

SHA256
1f3c796c5af3a9674b0adc376afd705e40a772d2f9bbf485d6aa596b71b95fde

SHA512
e09d8651d1d5dd50341863b2f6eed523c49c712cedc268f649ce4e400e7acf9a1f03163aff851d8f17d3a771b2a50ca0c408357f30be0c65e85e13b6111a9521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
4ef5315e6238879423f4d78a59711e17

SHA1
4f11a4cea350f6eb81ae62c2d3b4140174c02481

SHA256
5d64196dc5c9d2e7e1644f3f1d550d560f9f277f12ec5a6612915dc7776e9a3c

SHA512
59856d59cd3e987b2e404f01241a8d138e73e31fab3e6e850ec849ffcfa0cbd3a92ff5be24caf8cfd938e94bfd8cf730a9c6fe839cad39ba7426d3772628e99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d0b843cf15e70aa5ccb0115389fbfc47

SHA1
c4c3905cabbb0d3d87bdd262f8608c270f4dbce0

SHA256
6e51ec6e883b40140c4c3c0b28eac2b353dfdf7a88d2f0460c050162e117f012

SHA512
75a74d1245e93bfb690b93737e6fb881df3698b8b08340b0f9a8c315fafb64a095bbce4f060e121f773ab3e8766b2be46029f7265c9a75bf7b49e045cfa2f6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
108c11fc68749d57b6aab0fe0fe0b668

SHA1
7124ca1d0f6a4688bce4e537435010d783e64e25

SHA256
d2943b34ec850a24b9bc7dca839110081d4d550179de879b06125778d144688c

SHA512
2460279af3cc99e30d1c895ec2bba45c1fdcd0ac0bb0bf2cd27e86b39d9fbb99b7da73eefcfadc751129e25e9279be0034009e03fcaa09deee92d32832c64c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a9046332a0dd7394903ac74499283d3a

SHA1
48354258948c530b76e6bff080438d28904e9197

SHA256
68a2e09dbd08656b984203532ad04e255a3d46ddce9a4e5e65d7ba8263656784

SHA512
0546bff4434a866fdb7226abbaf8e58ecc911c2b5ceaa5e2605a4b93275624e6b4b0bdc042282f4cda30550c66542b0fabde473bb488e406dd45be3642c250d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ef438372-ef36-4399-b625-00f6d1527e73.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
adff130c5ea7c36f2c93c6262b27d46c

SHA1
13df25855fcd829d5a80254d86bc61cf3afde142

SHA256
076dd317e5cb5bc5b8d030c75a2cb1d2611a672c477bfe417df851efaf4cdb09

SHA512
476f425251d42d1474d7b7ccd6c4c28c127684b13e07356b1998cb33777c8fd1d743f1c668847f7bdd8b0496ec5b590e5ba6a9740602cbdcb9f5a621788de99e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4e7491718ef0c00526b768465091887

SHA1
2eff82d0484c1ed10a141094bcda18333294b7be

SHA256
05613b3dadd740d213a7c55798153237c3b5216e003a65a6dc533dac9396250c

SHA512
10215b45a43769433ece4ee0169b1e33728972e75de55ae487002f3262f50dfbe0c7da8b6944f7ab52e3399847dad770d66e15cbbabe76cb49d6fb8e9b69d91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59b50b5cc9553b291c2a23b2c9c983ce

SHA1
2e484a74d9537b4b2ee45179f52a813e74d0b2e4

SHA256
1d421faf8f499f2fe35f435eeb147f8d0446ee18c90590f5e3e131228d909845

SHA512
a2ca2ec61656601e8cb25bf48c5481797a69d26326500d81501b965a535413a5c9b9a3989179b64d9f469d331113beb5a39a26b494e380911de77aea7ad47eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f83870e4cff3d2441bedc5546a1a9e0

SHA1
42c98c0d6e9f04138e8abb640dc4a15879f3ebe7

SHA256
e233269fe7bad432a26476bc0df98ba6b0ece5a38c2e0f1855cbca3dc21fbb65

SHA512
71aa2ef9c0390282f6470ac97eeed772bff87e5f08551c15f5a3b75b4526c27bed1291569d296f5357343d16e870eee2cc88a9299ce5fc0d0b2fbba1f3622aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
850bd5f0b677c3e529a18e2a16801e8d

SHA1
f7c4bb8434b59c030438289d9df53a2c6f5e812d

SHA256
63551a2b766365028dffce19dd87a8eac2e431e8acd65d1716a49a5531409e90

SHA512
016d5f40415b76fea7ebf83cee23c725ef9d01a61582a6cba767c31a21d5bf1a076f2a3ec28528f4efb8e580b00221796c961e1e1f58770905f78a0cc5216013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
798db5a702a07300df5946d368e1c944

SHA1
19d50bfdc6edbdf09abe076fa868ad9cab0a096f

SHA256
79f49b19909c95a5b04aa6237f46d61cda937a0fe576f4d743b0e0e9eea38696

SHA512
84876a4e1f1cb2d7a157f4271cda8d724436074f9e6ee22ea9aa989c8f303f0182c4b514c474c57dffa5f438548d98c44de31ee631b2b1f601bc92f92703a8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7299357a6c6b45396c7d970c70107529

SHA1
51afee508957526e4549f4617ba7c014aa6536c3

SHA256
3901ecc6cca6b0d5ec0694f47673616526dccc54bb2f0f405f863abc54c38ac2

SHA512
b2ff8f3653ec40312c1807002d8dd41df73e3cc294936361f4d3ceb7f7485611ab74edfa032df445daa145be0e5fdfcbff89043415a9fb4f74e5745c78e716ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c43500c462217642ecc487bdad205d3

SHA1
4d4c48fe1af34b6f9fd62fc3144224ea6c600354

SHA256
047d247a91f18b1ef0300c89790ade1ed1c6bc2753e8daac8702b7938c68d644

SHA512
1b0a7bcd17a07694248170de0e6924b75c2ebb226a5d9867ea1e8aecff96841dca4464e2c7dc298a27134e0ebc538fdd4df685bae3fc208c755ec9a26329970c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
039111df88087198102fa7833be11338

SHA1
6ba155566cab9fb648d645f04a84f18572e56ba1

SHA256
927b91cfa020db35543932527f8dd774c875b36bb319e295dfe364a6ab2ea17f

SHA512
b64c210081c6caf2feaff22501fff269d4b55501c745b7805ba5f5e561b70f39d20a6358e76fedbd2a3bf98bfc3b14a6c6af7f44823772b9a2955458a126e87e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d8ae288f482ca05fbd64e7ca5ad1d2d

SHA1
b75b0a7335379184bf07e921c9d3539e6b24ea63

SHA256
94c738538828e53b20fc01e746e895667991dcc26e54d4bdaa221b63155817db

SHA512
5456901fdf399524f6befd74fa4fe755c4a0f2b05731a24870aafed13950d09ba06eb6a101125e776064d6d5d0469700a5818a720a63f981a9bb42d97d6c0c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c735f4149fc79d01d06216533ae69cf

SHA1
cbd18ccc29668250ac95d8cae044bdae93c7da60

SHA256
0cb1fe668e4622ff7f7bf7727a288dc616c995db74daff4ed257a806cfd39ee3

SHA512
9e4651a48ffdf2e7ca1235db6e8f45be467e8eea0fc9c95fc300f472a8e5d0dddb6c351647e8b521457d7416b42bd62f7a0d8dba03827beb7ddebab1ea051675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b442981bb9e2932feacc93358ddc277e

SHA1
62c3e30046996e67177ad92c809cf865dcf23a8e

SHA256
78739a46bf49dd15af79c7f772be6ad4d6f8a3317c02596c85e935f1990cb0fe

SHA512
029dfccc0c28f7acd1d7ea2c2175d87f5250d5bb9b636cffa3df3463c05aa8fa37682a6d79ffce4a8b084816e4953f4491fc47e9141b7ea43a873bb4dee0ecb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b8067515c24a62b30a6305074e7f762

SHA1
29ff0bd9c2b6e6eb869377ef91914c7cd8a3ff74

SHA256
734c8eab41fc01701f6369957e4d45538ed767067d8f8f6659445291393f2777

SHA512
f34abde6dd58d36172288119934971646b787dfe5d5375d2feb4364a693ecc1974c40cddce3317ebc5362e2caa3c84d74b20b187d810bb191799766854b541b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17a5a96073c70fd48f4f3bb4ef93ae5f

SHA1
2055ccaf016fd65356c5a5c09af74c02b916e8a3

SHA256
02eee3c6cf778655982e249e40fe357f1c97226bfc75d06a412a329946dd14ee

SHA512
27e6bf147f0bc52afd5c856b7e81cca62fec07fc0d780a04f3234f50c68fde76730f6330fd407f610dfcadc77291853c0cc1c13faa0a36cbf91f73116e87d49c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a77f9a3b8d6ef486bdd3ed392d4fee82

SHA1
410eb650d9720b7cc5df54ad132505a5fadb5ef1

SHA256
31c96dc3cc5ded69e38c2ec9a9a71a7f68bc38ba77d62ccf55dbda406920cf3a

SHA512
95581d4f1296955330d2efe2a1ce3927f52ef7b09f480d5faa31aff709a7e68469b5e93406c07f9f57f813018f65f5765bf0512a88429b830572189d4bb49f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a00600ed9f87a1f63f702525e0f5d817

SHA1
b39fc6384c56e354827742c5d2a80c0ff00d9474

SHA256
e880f97d812f5921dd8c2b4dac7839948b6334e419ac9790bc8393a57a33d1e4

SHA512
bd3f7d2ef25c9d7c0329662ea83eb3abfcb9220af2645817550e5b41bebdb206e8b1576d4def3ebc629a901e3b2da8fb345d709f5e37efae8d883bd7c4ab2bd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8164ea8dc6cf9bd930e564f453b29c34

SHA1
dac88d49059b5475a7a9f382d6e4ee95b87e6ba7

SHA256
b1cce195ba9d335d334647ba1ee981e4e6f258c7fb4044891171b90510770e97

SHA512
64207848248b71d7dfe1e66eaf3db1d6f85aa98a21689d94e02d704ef39367704dcbcc56b1e9b6968e9d067750a6d71b8d268d3f6d81b76ae55c2245f3b21751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25f50ab24a20f834209276fff707889d

SHA1
d482f9bdc59f96cfe55ddbac6383832f041bd5a4

SHA256
49f2014d41317011ffb114088344eec4bfb0956fa58696143104ec3086aa8e72

SHA512
2a82d2f0cb3ce9503a9356c5a98a07fce3d28d96d794c1a35c97dd37f426a026490aba08206ad71ddd0a755a0bae7f6b9b4428d44180b61792eb8129ceaeae23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0c84d6dddcd225f500ec173b338177c9

SHA1
6970c2f4b2fb1a9225d75e45aae869900b035fe0

SHA256
8dcd4f80c25372fd3f259b7aaee2ea8955a428e81f4f583157a3c7948ef284e8

SHA512
381184af8e0f7180ace7505530ce1a4446f45741c1190dec429ba4dab72b71f66abe63d949986bdfc1375931c7a63ad51725b49d2b240e016688b2fb2d6f5601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
3288bdfc981b2b186af35fc1275c441e

SHA1
bf265de99306068013e178f0cfcb72317da3fe2f

SHA256
91005c1051f927d9b874d5951f56168d9f97aabdc1908f66c90734adaea168d8

SHA512
91d31d517ce1550fa77c00cefa7bef2f61c01818bc0ef01260b7c61e1d5533985e6ff7f09a4b55b191aab0ee8d1509c8e1c7054b61c8bdd69a15f48e2277b36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
3d2e6c5949cffbbc047aac5f4e1ad554

SHA1
89837fb1eba898d989e6b73e0977062134a8f0f4

SHA256
078fe0297df133a13a9e65db7c5d7aecf8cf7868beb7c964701371b84209b200

SHA512
b46e7442d38f8177afeb06a78d1bbf154d3f9aedd710bb7554bd600cea7963467766c6c2120edf71f6a737f9f6d1d7c0f953f576f9653aad0d4dc113e76321e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
fbaec478b8a6c09a26cccebc1b16b9f3

SHA1
f9f545e371f00e803c58fef4e093fc40fd6c8ef9

SHA256
df5eaff1b90a91b066edb72d8ae8bf15aac45e806b609036ca2e49db194be264

SHA512
acb6c692b2a254dcb210d4ea9062978f1939be72454808df564ffc4e10a9cf98e553d1fad61e28c3624fcf3ba4cfbca1fe9c1240578c90b97f99927b8d8025d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
5b15858253d6c93728614bad5ecd9ffb

SHA1
431717302d41ed022f7d5a1e09cf9d5c1d1e73b6

SHA256
99e09f8a74e8b723465917aaa9bb3474519acf77b17404c5fe375b532f4f0a9a

SHA512
01d5c4820389d3bc9a29d70f86a421c96d94288b3ee9f8aa661dcabecf80090a03d03afc39353b24aff0e1e82a370fa7b81f54bb2a0f05e7a9fa4e5692eac73c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
0f80328eac6875865ea5de4096cd3e49

SHA1
3a2a65d8e5db98946d4729b03b133997e57451e1

SHA256
9cd0f52016c5bd0ad77556a6fa159c6b1539d3fd95b5edc422de7e02712cfd24

SHA512
85965a4ca17f6e669c76dd1f07311b9dfe824be2ab4a8d81e9d1b147ebc0300825537d24b676356d54e7b8aceaab4ee1739b47c7e116ce7f5d2a293c1c130bf3

Download Submit
C:\Users\Admin\Downloads\123.txt:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Physmeme.exe

Filesize
2.1MB

MD5
261edf92e8d85c7a9f7151080ea80467

SHA1
be7cba5291a89ccaed22bfb092a7651d34a36def

SHA256
e21cfe74517aaaad37fd5b4825fa4eb97edc6c8daeb386e0cf562b5901f7fdeb

SHA512
bec64fce5dc2a93edf16963236c975409ca4f40c8809e6a16661578d99ff0fd09178c0d7c293211f6da2419342e71e9532f17d6e455a5ef573326c4fa7fb7c8c

Download Submit