hxxps://youtube[.]com

Resubmissions

16-01-2025 16:52

250116-vdsk9azkbz 4

10-01-2025 23:03

03-01-2025 12:00

31-12-2024 13:41

31-12-2024 13:34

31-12-2024 12:13

30-12-2024 19:05

Analysis

max time kernel
269s
max time network
268s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
16-01-2025 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815199821351174"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "7"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "8"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "6"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5a00310000000000305ad2861000534f4654574152450000420009000400efbe305ad286305ad2862e00000094630400000028000000000000000000000000000000cac3b20053004f00460054005700410052004500000018000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b9ad977dc065db011c00f70aca65db01492d6f5c3768db0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 5a00310000000000305ad2861000534f4654574152450000420009000400efbe305acc86305ad2862e0000001563040000002b00000000000000000000000000000051afbe0053004f00460054005700410052004500000018000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3880	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: 33	3856	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3856	AUDIODG.EXE
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3880	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 4768	1628	chrome.exe	80
PID 1628 wrote to memory of 4768	1628	chrome.exe	80
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 2844	1628	chrome.exe	82
PID 1628 wrote to memory of 880	1628	chrome.exe	83
PID 1628 wrote to memory of 880	1628	chrome.exe	83
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84
PID 1628 wrote to memory of 4764	1628	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffd4f75cc40,0x7ffd4f75cc4c,0x7ffd4f75cc58
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4048,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4472,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5400,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5612,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5732,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5088,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5864,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6032,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5420,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5020,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5240,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5924,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6456,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5744,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5792,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5700,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6392,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6396,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6816,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6872,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6648,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=7164 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6912,i,12494405580836514957,8349496959080656682,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6908 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2132

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:768

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4672

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SOFTWARE\" -spe -an -ai#7zMap12144:78:7zEvent8793
1⤵
PID:2708

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SOFTWARE\SOFTWARE\" -spe -an -ai#7zMap15043:96:7zEvent27912
1⤵
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ddfce212a647f2486e1a37702da396fe

SHA1
57dca521b23d847d888d6a5b194b19ef37822bc1

SHA256
81ca8c26894e82541ae604b96697b99deda0add4506276432888e0c7ae135eec

SHA512
d2ea4273d65e99a79ac96a0fb00fcfb0233f001eda5bc8176e64c0784f9b2af631d511a534f57c08c378bd46e991083af67be5baf729ea0d7240c787da4767e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
2a43c27fb45e0d3c0904fee949fa1580

SHA1
6adf09a896e568fb98023f721f68a5dcd765f756

SHA256
e80bee0b08298cb62a3922bd79a5ee1b6dfe96865603f96e5b273baddfe0a464

SHA512
dea72a4ec41fbac23996e423b458bf74612bbec275f0e601587164918de9d82c8459c518e0177f0a93d90688a514fc606d02c4c987c233b3683fe8470ba09307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4e916897a73e29776df1ebdc83e92973

SHA1
dee63c288613a734e2480e40d3f3d1b98f94dee0

SHA256
95013c154d262330771f40a231c6bdcf42045a968df0deb6225bb4f9ab99623c

SHA512
378f933622b1dbe6d36236d2c80eae05183177438742985a5e1aaaaf946bf8b97df76252c4d2c1a91eb3c1fd7453d14ef36f33f1c780cd8b8a735a101998c775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c5df776f5f8a88d1f2db99b6bc0cea9d

SHA1
ed7b81f58fc0ca68c43f182fc83b5dc5bccfda71

SHA256
033749777f9cc58ac315f7ce3f04d3b30bc30a6925b8fa0ae1231b62dbea3482

SHA512
df9278f4093eeb47015169ebc5d84adfff0a66f493d680d930625b59df43cd9a7724763756e09a80dfa23c0aaa88604d1ac0078ce15220f1df6ceff58b96d5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
a6c2dbbadef3eaa8fe43ab654f1ba789

SHA1
c8724663028f03ca03eb4a816084a896635d6c62

SHA256
90f1453e628df03d0fc9790716d30a1e25823bcd2fbbaa9c0ea01d6961065b2a

SHA512
a922aac5bc66b4cbf5c42edc120e66aa30b31b3abb769158af9fcf0a4a7d93731bb61ca50532fa68d2dc645718785e62a23c2d398a04c349e4916b42e5dc0b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bd75f223e81ef7b812fa7dc97d999628

SHA1
4f2c4a9b20dec811a8aff6893708bcf1d0fdd723

SHA256
fa4f961e2d7a7564e6084cd3bf461f0056d2c2f042cd99ea1ad8b1e92a01341d

SHA512
66fffcbc0d5724024484d953f18017ee558d2c5e3059f2070f4a371b21b2e6e19ef9ebde40790f8907c76845eb3000d020c863f87841925296d3aa0c1b68d6e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
233a93ddb5988f1a770c6fc3fefa7791

SHA1
525d82f308b319ef6737a5bafa0577f2b321d66a

SHA256
b4069806cd992bc9d75e5517c77a8d752cd5be34aeb30da5fcb05f8306aa6f75

SHA512
e795e2cab1138ce2dec617e45e9b26ad61373e617a497dff741f870179321ffc2c30830bc732dc1ea9cd6a520157881c1b2c4ae0eef9b8be5044cf93315c53bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.infotodiscover.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\000003.log

Filesize
33KB

MD5
e8be13c822233c5da3054984c638bd47

SHA1
d2c0544139efc7b019c107892eda254ced0eaf22

SHA256
2534bee7fc5babfbb9b5a15f506f8eccb99d4f4751167f18baea2a16f39d9b16

SHA512
5ccc6033e5d5a185cb5c72d2564a090cebbf1d3026f7451b5ed2c7a4018b10bfa657b1755d68bb90a6dba6a043fb04e2942510c9f1b94ac4266149886cbe6a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\LOG

Filesize
355B

MD5
d27e1ffeca08fe835b8ae77dd71f8d13

SHA1
dd02e63823d4ff336e4348530f589ed36e7d3a39

SHA256
43d7f911e9fb15be063bc93f0d1d0c300d4aae878ac0b07d5ed99c080fb580e7

SHA512
ce658460957ed89a0b52cdc4cc8898e77a9a8a72c562e254a42c7a9dbb3cb1a78ec160c1028dda2ccc7caca283a51837490b14f1e3eb47259941a80aa05ebd4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
ebbc18992c3c8facbfb7456e8faf703e

SHA1
dd943a57a6cf0c268dc645a6aedc087518e45761

SHA256
79479f610429d4ece29a525af1048f082b33778e50f1031eb43a9f2db13a4faf

SHA512
005b3c556d8d16180953eac67404aa5540c8c5bf60da9227e3b70aec4dd7e6644ff63def3a5c0e92826fd03652eabb0b84bbc62f6fb52aa94ff097efff83e42c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
c10df3e0cb0864edbae2ffa421714802

SHA1
1ce04ac86e863354125c6ab9306e6ff157e2e76b

SHA256
30d4623f320fe2d4211fbe8050f20a6a884401dac1de92f782cfb098a72bb278

SHA512
db0014f8a2105dfe0612dcb46d634626caf80c317490e624b19702b3c9e67ce3ec0e6d0a275b536a7a835a096c777302acf8f79632ab4cacd8c3ed83b7b12c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
56d47e2fc34f51ce69df021f83c8993a

SHA1
6ff63f14fd859ff6eae1e36dfa576e1db3346caa

SHA256
6dda0f42b20b6281f596b3d3eada20b9d480ad0893842f6961a8da893b0d3bdc

SHA512
f0cb227d47d468d570402e85d6756164bd293ee7a7b855a09c19708913bc7dafbaa0d88a4d56e37814ed2841078ad6177778c7360de27768a335e2dcc32b13e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
e60f33a93ee40a7f2980530d6f4a3fc5

SHA1
aff44d69cb2b78670abf00feef9594b27c5fccf2

SHA256
af20bfb57832b3095658c9d6006cdeb743b0f63e7abb7eb2343b72a330679fa4

SHA512
774ec38cb38ceff6bf66caf014ccd9f54b66f1da5b8eeb5ce22dd56b79425852ff0f06bd57bc875ca77e0f3f4d96c1bbc3c09069575ed3d75c9231049e04dc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a518de92f9e71e7e8ac48ee76938a81f

SHA1
19e76fa09efb36417c3e5916d303d684cef0ebd1

SHA256
04fb481b986dd36eb21152816c6b5f5c658a2d0ac67628d5cc64b207cba38c03

SHA512
0ffa9a35b0f91d3e0969c7a44373a981237c0db8cc3148bcc21ee230c0b655a7ac5825827e2916de8a92fbdf9189cc8d5dea0d2d1be0e7f124b79df52c5ccde8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
588301ddf1ca3936f58b40168ac1350c

SHA1
ea49d9e268c233d674d391d1fbeb0d7d2cd8db6c

SHA256
3d67e8b073fe274c1c472f7f428a86956464fab0f567e9d1c40e30c2a89c73f1

SHA512
30db335175c3acc06dfbfb0e8b811b420d7d1368de808292478eb9019111dbf8ba90dafef9164b0347980f6e6d92dd5d1178bb7cbb8ad6b5afc6978fcc5ed37b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ebcd144cf33a45f824dffa8184e87461

SHA1
159e42f35d80e738951d31950b2ea76181d8cc19

SHA256
46fe58b479cf5b5c46bffcc590daa3b4c3557730237378a255a46ada5d06bd9b

SHA512
f478ba1ec0e19dfb8be8d5063c3666556f8b427543a38e6f777debaa801aeb91b5017f98bd737013d62554cd87630f53ad579ec2ad4a508019c3d21020719140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d16e888c-b15b-4631-bbd6-60ecec20a723.tmp

Filesize
2KB

MD5
455f9c86cf644a18de41711993efc1c1

SHA1
67c9a4a0962ec980f18bbd4edccecba11ae0638b

SHA256
16f57c4781e51ff90b78c5911784fac0f5e29a634d6941e7169aafd64bee9f6e

SHA512
0790289793b511cf86999e0d887a39d273c942dc2f980cbcf63ac51e17353d97fdc019c87a24e04cd5ba2475fae3cef5d4c502a7e55eae20d044cc630c33969c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77c930774ed1a8a3ec031119e1c19f8a

SHA1
63c6dfad3350557ef6b8275d9cbae495900b61bd

SHA256
d803c34142bd959d02b76476fe7213d50d5548034b4764ceebcc983f0a86d8a1

SHA512
771baa98779c97c3a546837cd0f404ce2c303e486dec04de0df0dde6b286a617824054f585f96b808f0650edbb58e76ddd7e19d12a2e7865ad0758a35225a9fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92d15e7438cb9b25885dd812ba0e7d93

SHA1
67a147b1a190c621edeffb909cc4755e897253a2

SHA256
6075dcc027098ff71f54c843f0cfd8345352ebbd6bd2b52eadce17c69354c0fe

SHA512
7b84d02f88593ef3533fd1e50183ec307fd59e48bea8802eaa59d25e47f2e3a5b8f3b75ba5efc17d5e52714f19d657feb258f06deae7f34e1e945bd0009deb7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f1168f5913cade4157d4b6e8eb8a3bf

SHA1
94a4c7669af2d87c6c8eabd02a8ef70bff56dd65

SHA256
f2e2f604da0f2e35da9a1de6e13627451039cc4f680b94a8d9ebd3458baefd7f

SHA512
fd2ceaa6190bee22964905f4bffb5e53a2d2d955bb2a0c4e5b03c3c29f314e957d94deb1ca07d95a8de259497ff812dc4791ac731ec809a676d6950ecd0e16ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d58edf5f40eaafc350fa0d3feedf5e5d

SHA1
fd21790529c705bf17ff50b0de9181c4017fa08b

SHA256
4731eff392e2b5a4c5d31e57b70099cfa7b4bd32315b621afd901c1ab0878125

SHA512
ed2ad57c693675d018676853b86c323de85bd82c0e54f9a5b178efd78c308ddf8ed68f94007299077943728f478c669fbe254766721680ea6930225dd1160de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0f13bc21c8834055d7ff784a33ce9825

SHA1
ba504c2255624b0cadb808b250ab44b6fec22e0f

SHA256
2f3da36ce0071c9307aad930a061a55d3898849bef916ae2bd35d3eb83e2e474

SHA512
d7fe04a805bbb6b2d956ad1d272d8938c07c90b97def575aa76f08f5101bdf39f98243b7743a90c2302e90dbcde82fcb7d082578edd50a807cf851026215ca4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cecae0b878d6d248bfd7a031ada48a6e

SHA1
2c7ac3d334150925a17825770c3d1d6dbb18df61

SHA256
b4572efcd1a728886f852c88dcdc59c9abff4d915595a41977a6a1607dc02c01

SHA512
ff64659323e0244091a560bbb7ce72ade3dde5454685040570e456a1c51960541a9882b9b472bc947becc67fc78d3827f3d52e7c60c11f67159fc48484339dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
47f1786e8ce30094a6af73ca89e18392

SHA1
bd503d91af712e5aff97253b6163fe8b56ffbb5a

SHA256
b5e2ebc35156e1cfa6473c91a8b4e56b37ac33b61f876525acfde9ca67e6e5d8

SHA512
996d54835ebf9cb61c45de11df25f0c7aa5c872bcbfa929c45f76b8840f7e3003a4c6be5a17b1f6c8f672096c0be0482017fb5a3e2db1db6981015da6647bc53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
bbcd8c51df4cf4b1fd2a4b44ee1c4c14

SHA1
0aaf9129d4df5bb5ecc48e47fd4036a4a821a4ee

SHA256
f94b616a2b5ac02fdad412a21dc8538764b0f19622cf22ec08787dc0a7f7d57c

SHA512
23f9ecc15e775eb6d7022e43a686b4352974228ebfee2c93e22eb00b8392ce0d464e6fb9758daa513aa745d4a111c2fae06b94fb9dfd0964280869cc57b8daa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a08c57af1d930bef2b2a64d2b8ccd08f

SHA1
51a45471a0944d6e88392e22b6a77ba9f7bc5194

SHA256
816d9abb4b0b7f2fe075f52457c68d16658bd249b6ba87ede28abda02ee0037e

SHA512
003b9f39ac92ed290923c98424f6f363b94d5e75caf276ee195be1e9177b4c158d2bdb5d61cca136e9362e7d560a190defbeda1008880e38b1700ad34f78ebd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
96f59c1083c7ce0d4f100f0928eaa9c1

SHA1
e2e0985c57d7f85b350f5fc4286db0d44d63683e

SHA256
d2368c0bf380e324c9b0bb51d601f85cc3d3d4cff1f81029125380c93d01c8cc

SHA512
82d568ae1303e9772a63d00121588dc371c6b0bfc86fd1ebdf5a9d10d2819da419ab9b11791904a298b79e47f132d509e9c9290250a3098d9e2e56a88f37e68b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4f5b18089f35d90e1d747ef1436cfe90

SHA1
f5ea72c5b5a4ec18cc2fc5d529c51a3c92875e20

SHA256
dfc2646748070fe4e260ca74f9aff946ddb0344ad1c3d0203a0e56221fb2675d

SHA512
fb48b6fee7750ecaf27db010e99dad7974553138945dd5f8a9f7dea6c7363827c5a4fbe0aa24c4d01fba3ea27d3e79227f63886457bec8122a9cc10d906781b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
40345dde88e81684149d5789ec1b22e5

SHA1
86ba43fa1b7cc1c0b9a60143e84012313f46ccbb

SHA256
a3a9d730ae70b6d08a5d68de4d75d21d5fe4a89464ff8c4dff4b61265471ee02

SHA512
1840cc7a59d1d0c133461346748746e30a289186f0d67aa79fec9169b53aea80b4a313cf1d1b036cd18cb783dbbc0311ec23afd713e346b2008c09e4a537bb9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
50c7d3879691066f7e191555993a38f0

SHA1
1ff4abf4b93e51fdee9d6f007ecf333b2e4c9801

SHA256
1d93881bafbaa6639b9fa7593724fe8b1f1a739597ce9c7ced8c795078f6b908

SHA512
3d7e67f6afa47eec9e15d3202b9b05b6ccfbb1e1cccd5e47b81476738dc5ddca448605f9ce5174173f061bb311af2deefb2b9ca2936dd22c143138c9b6f9b87c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0fcfbd53826a924ba3a28f7e06ad3634

SHA1
e57db73b3621e8708e8251f5f4cbe5c841e012ac

SHA256
d08aecab2822c292fcd0d333aff66452ff21dfae5b65da6ef3d66ad177e8f780

SHA512
d89d6b1bb15a2d6d00fff5ca6b3374df6639789c2175602d1a328f5f524d56f2b41fe0877a0a70067f20522cdffb2fc8d0c8a666488c4a4f861e86262780f4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fadfb8b7d40aac77e008f714af56a1fe

SHA1
add4b4b07a25cdbcbda09bf0971212ea23fe7f65

SHA256
a9721d2b95872eb5b13996d9ae3e1e8d8734eddb524c9a39f3df8ce2c203eee1

SHA512
fe6333769ae128e0fe4ee7c352f8609600f63d123de6e18e6a7bd5bdb2dcf20c19e830fca78525061c7505280e45d89144084a84a7fe9c3fef4ea2797cd0fb55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
49160d2163ebe67fff67bfc453249511

SHA1
7737f161bf12ea50766046d5e2e41dbea60a45df

SHA256
4bde213703938d7d2fdf0bf78b1bcf24b701ec9e34756c88b2cf53499e91f8dd

SHA512
70046e5d8ee995797c34b1b4b75c6dc0d56b216673e87014a8b5547a7e8a1a62beee987c57777007dc5798da56c6c7fbca697b0524c45014a348f40678967623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cdf014c188693c2337d660a25d2f43b3

SHA1
0565364efae12499adc5b75f701c4d13c46541eb

SHA256
1c3e607ca933833ee908110c595017740bd119e6ba572983b1ed4d846774682a

SHA512
17c4b9a44c5494be742b0b920b5713ef9e0196b2b9777738ffca5a985a8a8087546d44dc1a1012f7b8fc57e89c3b3a33f4fb3e6f2ac8dabf858fa15848dc7db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
964162a8ccf5fbebb27f4117d0309cbe

SHA1
2dcadb30fbaaf6a2d4d31ac5a9a90d02e1c5e199

SHA256
b5d8e555899d14361629abd8b00ab642575c71094bc9afffc4e1882df7fbbd99

SHA512
5e16c7f6d05529ba10f528282af4392ea528f4dc9f3a2c4bb05a1da2e145693840b8e1cca07fa51ca21d44b22cafa1d06a4bb0f20c99fda2bf373e3b78f9ad1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a4f1a35a41b3f6cc722112c7789952fc

SHA1
9bea23c7c5b02480949b565e24d2394c5b128a53

SHA256
ef71e7f00013410e27141df7cbfe477ce83ffa54bdb7977ea7a3cebac0d3471f

SHA512
fc1ace063cbedd87822ad6a2daa633d0d0b93f85465b2b6ca6342ff035be0e80043a4ba1114d1d971568ff4708963ab980d768fa39b384a0608d6be365a4634a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
70dcc11333dcc7c3afbe4e7c84cdcbae

SHA1
691b1b791321b9da5a66e448e38e57b14ec444fd

SHA256
15c08c7cb240b730f4c9af25b695dfbe0c9dce9a45a5005d0ddcb6dcfc8bacc3

SHA512
2637d67ac2a5fc3f92ef9fe0805d5ecefc58ae6b187384f8b766e10c00509a8484306cbcbd09a153501be6a125271d6741db12205dc10dc5cc221940e4c880bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\64175019-610a-4f85-9f90-d92e000ec2d0\index-dir\the-real-index

Filesize
72B

MD5
dd6c1d2fbeba9348be170c48bf6a3220

SHA1
bb89a741ff92086a40daae5798452dd29c2fc2fb

SHA256
d47c2bf78fbbe4d97a1c0fdc0479ccfc53c7d52b3392768c6134283f24e48bb0

SHA512
fa03fd4018126991a2a920c99d9108995ed35678df8c5749201fcce20dce845b6f943ed16e41a0a240da1e01539370c3bd1fc84f24937b42c239fac3c86e1622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\64175019-610a-4f85-9f90-d92e000ec2d0\index-dir\the-real-index~RFe5a4a2a.TMP

Filesize
48B

MD5
27d470ce593be49c058f232936d785b5

SHA1
3e2cc26ddee5e10bf41713e461ed2795054f6454

SHA256
eb8b772304878a6a33d37de3a87e58aa68aba49ea702691316488b2f429d2ba2

SHA512
44541a3e057160a7d571a9263bb099ee6da04c515760d2d67b6678271247e87e9844be26ba00053e0a08b6277779af5e4e834cce39b55a7d2bac53e87242cd4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
122B

MD5
7c3d398346f9ae3957152ebe053935af

SHA1
3763bb089a62b91ad1e13e830b3078c9dc7ee25e

SHA256
796df6f2a2267bf923a7adca72716a314f599c9e4f5aed36b61cfab87e4e9214

SHA512
ec073bef121671bde2754658280b19bceecbaceedd271fd120013816ddf2f01d509c38b1771f259d7f1b51af6896bffb936ac2a0ec8b1b9fe9956c39ba54a358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5a4a58.TMP

Filesize
128B

MD5
da8fcee1baa0b35850ed391e1cb7e67b

SHA1
12d4ebfde58ddfa0b719e4c2595202579a9a6676

SHA256
e379d09c696da1b3983abd9a36d88fbcfa9dd8f2e490760f78165c5d0e5d03af

SHA512
fea1bd80773b03ab618c9e17b56278dc700d16e11d4d6e6a7a4bb1de8a7e0aa1fe650304933d69315c4477cb08cce3e915adf4fb0d8de8ab78a186378989c6eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ded483bc-f630-4468-8310-1903f67a0260\index-dir\the-real-index

Filesize
2KB

MD5
7970edf280f98e104df7d92407868a03

SHA1
cba85bd3f19ec0ca63a1d08de0dbbf573315a44d

SHA256
50cd198b206fa340853db3783d6a75c59213925b7950ade004a07a36ff7f13ba

SHA512
3ca6d5a7d4f19f0e01b5e9d2abe4ce31ef1e49ca0a7e9e4bb72148a877e0e6baf38a9fc5a758e9d123cbecc86d910f5997795a85f20b0931471d32fb9c778e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ded483bc-f630-4468-8310-1903f67a0260\index-dir\the-real-index

Filesize
2KB

MD5
e9aa10ceddf29ecc8ef5e4e7b863b8e6

SHA1
1a8133036ab618bc8c2d1f466d0c2a6b154f3c1e

SHA256
5f8e35067a72080cac5b10831d04aa99789137c12d58a7657840b3dbfa7822ff

SHA512
7233ca32642a11b6656876271f4cb9ee22f6a7c5d4f5667d535cf776da40aeb091404673c41cd68408ad31c94e6355d695f16ac212217bf6e6d1e7509309c8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ded483bc-f630-4468-8310-1903f67a0260\index-dir\the-real-index~RFe584011.TMP

Filesize
48B

MD5
39d5599acd146fe8138831408d39f858

SHA1
1e803e12a9cdc8631c601f9327bdd8e2f807d53f

SHA256
e5f6b3492cf2ea6cd3ae16f472636edf12cb1c81e47e3f9c37136bc8506d3a24

SHA512
5638d29c5881ff970863b28b2a1557b7bbc495dc3bc17519bf4790dedad3e234d33a6b3646b209def325b02b0c024a123c12efbc8c6ddbacbdd02f8254ceade1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
906eb6df9ae6acfc36084b214db1e15d

SHA1
1e7d59a9bc71ec523fde4f559b76a3bb3f5e3bb9

SHA256
29055fe6133ae511b3cb7e4672a4c2f5a0bb77364b5ab3722b606b02f45dff6a

SHA512
a2c52460cc9a17ad63f8e812de7a79dd260721c8a5e8f8be02506110c682bca4d5d4c1ee1efa46e95dcaa6d6e7cc21ae191c51c44ec7e71e3f2ef8dc4ac4c87c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
eb7e0309980bd7e681b9d6976100a331

SHA1
d64c7776e94990dfff26e346fe721760b69be8a7

SHA256
eb791c31933de78e8d3a9e8f6172a4e618052a79bc80bed10f40ccd357d90888

SHA512
a44e3052ae6296e88788a75e12a80da89c7948464e0e484fdc786ee7e6a432c61c6721b1c030ad6b9c498dec42b67351fd87d04a0332ebb032576968e0c02ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
8c704e798d90666eb8364e47b5d47ef9

SHA1
1f333869b9719ea5537adaeb607cb20ae0d7b119

SHA256
2c5a193e0a1e9ccaafba1835ab216639e030e5bac2660b5c7158c57364170449

SHA512
143dd335994f4a75c652a7702f83def30c1decc925ffd9d6726251269d0afff3c3a7151b50d362e4d2b578d32f6ea6112f3e4386dc269a6247337630301847f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
7bf6c5c9fccdd00c26e77a3eaeb43c86

SHA1
910a80b35f52e01e2147af3b39216d3cb23f5d26

SHA256
67aacdec20b0ef92add4f3105835e8b8f2d171a5ef0580765c9c417d59fbbbfc

SHA512
ff32b8e8d14745c40ea7423befe387641c43e0520eb064e1c80bb87ce8be44dd20972a01607cb1a07b0a600077ed2f5099ac97062e1349c5b88ba0bc54058de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5798b6.TMP

Filesize
119B

MD5
3f5a0de9303c0feb365f8f8446c21937

SHA1
318ede4a00855a0c179c16897fe1046372464251

SHA256
10c78c91657e05babac106e7ab7d40bbeb0109cc9224d1ed3d272b5565e710a1

SHA512
2f8ff995cf3cb3ca2d4c54c715d406b68eeb6331cd1b3c514e03c208f66f3706f4df84a16a729546bdea7bd12ee1937691c2a41c1f18587c385e7d577785fead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
28ec04b7b2efdb802ef9f9f96ae76550

SHA1
0a9312fc9027b2f0b4ce6d56f560d4b4dfc49536

SHA256
b180d00a8d621a5f6846ca5bfdcf89e01371419e6758a3c89e09f81da2077b6c

SHA512
f6ee7867ac1890fb24d7cd1f097024619feadd4654aa7bf3c74c11cfd3b5023d30eeb5e273c106246dd3fa056e74a0a5b27eca5d5d4e02aa3512ec4ede5cf3f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
c5f0dd5af938b72e232d69ab4fab5f35

SHA1
b8cfcd7175fcf6b5f71eee631f449a248027fc89

SHA256
98521ab507ccff0799076f688e4361d4c1447c3596d42569b2e87c31486afbc6

SHA512
15edf38d5df94ff2230548a0c96ec3f43082ff7b4a920883501f8c438d81da8c8b92965bf076a1ee7e4ddb26aa1a92307a1288313cde4b6c585bdbbd251e4be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
cf404d22344c55a36179869cd86970a2

SHA1
c70e10f7d6edd585a0f7847a9a996eae446455cc

SHA256
7778b50797636129d9cac9482a4399e177a53e2e5f96ac360b873a46022374de

SHA512
dc664da4d5d0540f363300a48ee512da5aebcff0682d68d76e72eedf4aae934b65b9cc67cb3496267ce0f3eacbda74a449e0b5dfc02e1f6e2a79fa576f05eb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
afb4ff05710e75434968ce905a2f8b56

SHA1
22713cffa062587ddbf08e7f3f7d8658c470a79b

SHA256
4a780299709f385b894386d3eeff26396cc69b2a9cca61862e200e2cdd33f87c

SHA512
5f483422de74ac11374284ccd83d875f0bb97484acb088223bccd50d47fb07481a56ce4f9f977f12bc1641f3c187f90cbc8b033e18248b898f3d076d1b1f75bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
0cac1d0f104b215aeafdc18d397de8c8

SHA1
365bb3de44156b00b807ba4fd8d3ad5b7bc2230e

SHA256
c1f34f4b0126c5e5d0e8b68ccfcf43e96c35be8193a7e2c5e68efcf5390d3f13

SHA512
589a4cc182a60ef0af827af5f0d2e5b8ba5d3f2758ce13db224b214b25bd9dadae349f8d97f3d1d15d8faacd92656fdd4264efa0f75f108386815aec7b86b93d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
fdaca7b5a6671d92db83ade58895d8a0

SHA1
9b369935a0068032978f3033644eba10d3eb1d52

SHA256
a5744f0175c8d55567572ba10f71ddae5c80fd7f9c9f735fc7c654b2921335b9

SHA512
7fe36553992d59326c85250d395ba1cf729fa0091a5a334f0ac8bfc6698cbf9be0cd1a92a49cac96e80a3e75b905b27cc5dabf0d5f68d86ed36cd665ce5f68ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
94b9acbf3e7c0916d9cdf1e0a5c20c2b

SHA1
c50770e13abc67284e8ea3ffaafaef9451f297b3

SHA256
98ae1bcf1257973992fedeed3da75be7a4445dc10e194ce77622d2ee2a6449a9

SHA512
3c6d29199a868a1559d1fb936dbb0c5673b1f7f8772a1afc47c28fcc615f7ea4d3fa3bef269e7b6b16fd5c41525647943924da3e191eccf184a7f7d95e26651e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
b33610d7f6db744cfe3c0929f5133895

SHA1
6309c5088050268841f90aece27cf08aeffa4dad

SHA256
d3b82c223c4ecc0202ff3dd741758cef4b756f42c54ef31f606f36d633e4db4c

SHA512
7c4c9f0ef584e4130ca9c07c819bf20b57368306c002af377b38a1ade229e2bcf8b595aad0b59d9563f52d57ce0380f45eb78d4649e50b7d97e88b82e75a87bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
1b2ae289979f22ab42e1c69db4cd8f01

SHA1
859a083f22c1def4889c535b4e3e750b9aa695a8

SHA256
e6cba34b4b82d8f059fd162a493a151cc8ec5bb5b4fadd7a9f32132043aeb938

SHA512
e90687e83299a76222aabcd70dc7a3cdbef2576c6c047601a3dc99bfb163f9cd9612beca31836fbdd18f855746c5943f6626352574878c960adbf7f0a3387fe6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\SOFTWARE.zip

Filesize
12.4MB

MD5
9dacea6208635a7392afeded26cf56ad

SHA1
485bc51a68d794b621b81bc145cdbd06c0e87f4e

SHA256
c4b4159682ce28f313f9f2d6321ef800ef7b3f33c5b6f6d0fe62dc01e4f505ef

SHA512
5b49a7e252d1f83d9f2e5253769852d8194311d2d9cfe0034d7d622979f320e0789b4cfee8275d875c93b922f04aeadc42fa7ec64e910d774e5aa200e167e84e

Download Submit
C:\Users\Admin\Downloads\SOFTWARE\SOFTWARE.rar

Filesize
12.4MB

MD5
d0e09b2a68359afa5546ec338c227c2a

SHA1
27fddfd4de95b24da815efe461377e607b639147

SHA256
5b45534abd5157f83a65bf1ca125c8cb3f23ac6accee353ea8784e12213d84ff

SHA512
6582a480a48071938641e0698c9c9702acbb38d42f2f4d8865a2f167995bcc129183d689b20bf739835bea37a176c352502de7b44885c55fc9e19febfe503a12

Download Submit
C:\Users\Admin\Downloads\SOFTWARE\SOFTWARE\launcher.exe

Filesize
362KB

MD5
9a575926076b28ed2b693e67ffba9684

SHA1
cfe3a0c89e6cac7114ae174d362e87bf27880e35

SHA256
95ab72e3a908cd13dbb74824727ef8385f747e5224851af3f5db230ebdbbf335

SHA512
588236db97b74273b651e83ebc2b43d57cf633728a32ba82b46f19e0b6c252d54d7b525d6d953d5a97798b6e583d7bb744d6c398c45d4d3a1ce4cab0bd5d25c1

Download Submit
C:\Users\Admin\Downloads\SOFTWARE\SOFTWARE\msvcp140_2.dll

Filesize
191KB

MD5
d33d9ec1486e319526f893fd9b1d9c12

SHA1
a9171bb893665f0591b274fe23b32f583e9e395c

SHA256
7c629aa475626a26d4f38832a513cef3bcb539fb5195ffd06682f31ec3a125a5

SHA512
672112d2df18fa0442c11a16e802871e7e383e590475a315ee55c5c10a4f4a15ed41a7338c25fd0b0ba2649fb44da9e656d25de4bc49e2a4f69b1d5d7f92a94b

Download Submit