hxxps://youtube[.]com

Resubmissions

16/02/2025, 13:24

250216-qnfbfsyqev 8

16/02/2025, 13:15

250216-qhesqsylaq 8

29/01/2025, 18:19

250129-wygj6avqhy 10

Analysis

max time kernel
301s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2025, 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

8^/10

adware discovery persistence privilege_escalation stealer

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe

Downloads MZ/PE file 2 IoCs

flow	pid	Process
122	4264	Process not Found
360	4264	Process not Found

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/files/0x000b000000023fe9-1194.dat	net_reactor

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 11 IoCs

pid	Process
3388	setup.exe
4680	setup.exe
184	setup.exe
5160	setup.exe
6120	setup.exe
5452	setup.exe
2176	setup.exe
5024	setup.exe
5380	setup.exe
1464	setup.exe
3776	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\VisualElements\SmallLogo.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\delegatedWebFeatures.sccd	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\CompatExceptions	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\gu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ja.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\kok.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ml.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Sigma\Content	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge_pwa_launcher.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\oneauth.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge_100_percent.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ko.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\icudtl.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\mip_protection_sdk.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\qu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\ko.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\edge_feedback\mf_trace.wprp	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge.exe.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\es.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\vcruntime140_1.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\vulkan-1.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge_pwa_launcher.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\ja.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\edge_feedback\mf_trace.wprp	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\win10\identity_helper.Sparse.Dev.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\v8_context_snapshot.bin	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\mspdf.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\as.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\msedge.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Mu\Fingerprinting	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\Entities	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\133.0.3065.69.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\lt.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\nb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\webview2_integration.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ms.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\oneds.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\MEIPreload\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\win11\identity_helper.Sparse.Canary.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\hi.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\win10\identity_helper.Sparse.Canary.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Mu\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\VisualElements\LogoCanary.png	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\mi.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\PdfPreview\PdfPreviewHandler.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\VisualElements\SmallLogoBeta.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\win11\identity_helper.Sparse.Stable.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\pt-BR.pak	setup.exe
File opened for modification	C:\Program Files\msedge_installer.log	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_proxy\stable.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\dfaabecc-26f1-45ff-b98c-8a3701bd812a.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\sv.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\Advertising	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\microsoft_shell_integration.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\vulkan-1.dll	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
404	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000\Software\Microsoft\Internet Explorer\GPU	wwahost.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	wwahost.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133841853412050074"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge	setup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0"	setup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CurVer\ = "ie_to_edge_bho.IEToEdgeBHO.1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\DisplayName = "PDF Preview Handler"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ = "{2397ECFE-3237-400F-AE51-62B25B3F15B5}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\notification_click_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\AppUserModelId = "MSEdge"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\open\command	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationDescription = "Browse the web"	setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\AppID = "{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdf\Extension = ".pdf"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xht	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids	setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 4e00310000000000475adc4910004175726100003a0009000400efbe505a2b6a505a2b6a2e000000e73f020000000c000000000000000000000000000000e5cb3b004100750072006100000014000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\MSEdgeHTM	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheVersion = "1"	wwahost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xhtml\OpenWithProgids	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database\Content Type\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithProgIds\MSEdgeMHT	setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{31575964-95F7-414B-85E4-0E9A93699E13}\ = "ie_to_edge_bho"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\ = "IEToEdgeBHO Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\ = "{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationName = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml\Extension = ".svg"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.mhtml\OpenWithProgids	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Explorer\EdpDomStorage\office.com\NumberOfSubdomains = "0"	wwahost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension = ".htm"	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
6120	setup.exe
6120	setup.exe
1984	LocalBridge.exe
1984	LocalBridge.exe
1984	LocalBridge.exe
1984	LocalBridge.exe
1984	LocalBridge.exe
1984	LocalBridge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5528	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: 33	940	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	940	AUDIODG.EXE
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe
Token: SeShutdownPrivilege	800	chrome.exe
Token: SeCreatePagefilePrivilege	800	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
1744	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe
800	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5528	chrome.exe
5528	chrome.exe
5528	chrome.exe
3140	wwahost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 2796	800	chrome.exe	87
PID 800 wrote to memory of 2796	800	chrome.exe	87
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 2132	800	chrome.exe	88
PID 800 wrote to memory of 3512	800	chrome.exe	89
PID 800 wrote to memory of 3512	800	chrome.exe	89
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90
PID 800 wrote to memory of 3088	800	chrome.exe	90

System policy modification 1 TTPs 4 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7ff93271cc40,0x7ff93271cc4c,0x7ff93271cc58
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1504,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4976,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4844,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5312,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5424,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5604,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5716,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=208,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5544,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5416,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5428,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5360,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5784,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6460,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6436,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6740,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6760,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6340,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6728,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5320,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5296,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6816,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=3020,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6920,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6428,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=7064 /prefetch:8
  2⤵
  PID:6344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7064,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=7108 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7196,i,8093005940514526725,7530394676084762603,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=1448 /prefetch:1
  2⤵
  PID:6552

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1048

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2b4 0x480
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:940

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkU4MzQzMEYtRjVCQi00QTJFLUFGN0EtOTk4NTNCMDAxMDkyfSIgdXNlcmlkPSJ7OTlENUZDM0EtNEM2Mi00MzhELTg2RDgtRDE3NDI1MTZBMkE0fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QkRGOTUzREEtNEYyNC00OUY5LThCNDktQUExQzFEQzkzNDI4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI4IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY0MzMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODc1OTU2NTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTY0NjI2NTA0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:404

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5860

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Aura\" -spe -an -ai#7zMap25024:70:7zEvent6761
1⤵
- Suspicious use of FindShellTrayWindow
PID:1744

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\MicrosoftEdge_X64_133.0.3065.69.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\MicrosoftEdge_X64_133.0.3065.69.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
1⤵
PID:4144
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\MicrosoftEdge_X64_133.0.3065.69.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Executes dropped EXE
  - Installs/modifies Browser Helper Object
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:3388
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff64bb86a68,0x7ff64bb86a74,0x7ff64bb86a80
    3⤵
    - Executes dropped EXE
    PID:4680
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    PID:184
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff64bb86a68,0x7ff64bb86a74,0x7ff64bb86a80
      4⤵
      Executes dropped EXE
      PID:5160
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    PID:6120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff727ae6a68,0x7ff727ae6a74,0x7ff727ae6a80
      4⤵
      Executes dropped EXE
      PID:5024
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff727ae6a68,0x7ff727ae6a74,0x7ff727ae6a80
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:5380
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
    3⤵
    - Executes dropped EXE
    PID:2176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff727ae6a68,0x7ff727ae6a74,0x7ff727ae6a80
      4⤵
      Executes dropped EXE
      PID:1464

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
1⤵
PID:3864

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1984

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3140

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\MicrosoftEdge_X64_133.0.3065.69_132.0.2957.140.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\MicrosoftEdge_X64_133.0.3065.69_132.0.2957.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
1⤵
PID:5804
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\EDGEMITMP_F4C5A.tmp\setup.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\EDGEMITMP_F4C5A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\MicrosoftEdge_X64_133.0.3065.69_132.0.2957.140.exe" --previous-version="132.0.2957.140" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:3776
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\EDGEMITMP_F4C5A.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\EDGEMITMP_F4C5A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\EDGEMITMP_F4C5A.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff761dc6a68,0x7ff761dc6a74,0x7ff761dc6a80
    3⤵
    PID:5960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Installer\msedge_7z.data

Filesize
3KB

MD5
fdafd3d3a736e5c75d913779fcfd942c

SHA1
712989296d8bbb3990f000a16e1a9808fd2c3393

SHA256
97be491fb1b44a105e615cde0a08d3439e3ab5f311216cad0954366a3d1a71c6

SHA512
36317b8cc623aef13aaa00c51bc7906fd6e93a1c9836051ff7953ebddff1ed2e165b44165a402ae1fb62eb6877a0477966788eb4967b820d4d9049d3fc6d85a8

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\EDGEMITMP_F4C5A.tmp\SETUP.EX_

Filesize
2.7MB

MD5
8b1abae1ce12dd175032f274dfbbea25

SHA1
b22d211f9819cd791b9cbfcfb13a1f4922ce3f1c

SHA256
121f1d31e93c40320699538153b201ffe9d47bb281c7841fac111da2f6fa44c0

SHA512
f1fd5fa18d687a629144b018db92327e50f0c8f6fdbb3c4a4bb46090b2bc0d367efd7bd3e85eeb41cbaf7a24c9bc943c755f87cb4f511b2ca3393d4a064c937f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\EDGEMITMP_F4C5A.tmp\setup.exe

Filesize
1.6MB

MD5
cbf4f243e1dd530025e8f2912df64653

SHA1
c2b0248f21e13b00d94cf9864f8df44938eeb542

SHA256
56b6030e117a2c9ea4322b30658467a5dbbf45d1c812f19bfa9a544cbca02829

SHA512
3b053127759731df64c1c65d67d8cabbd506d3a8acf258c32bbfd929de38712fd2ae8231634234f970b6f684e765177e593e1b441fb1bd44fbf5bc53cdabcbc1

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B72C694E-FD60-47FD-BD5B-DFD04FACDAAE}\EDGEMITMP_F4C5A.tmp\setup.exe

Filesize
1024KB

MD5
977ad832d666cb174de2eb78942678e2

SHA1
91e650107dd303157f3176278df470602a8a1346

SHA256
e145dd2a76e0fc6fbbe56a740c6fd675a8a39cefac91b290a5dcdd9329d8e64b

SHA512
f6933fdb95a1f2df929709e69d3850c6d6c72cae9ce6a2b4b5126ad52d19007d59608ff000a2fcb9715f4b61aad9e08521e4ac5dbc55fe91f01a0ed3603bd269

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DBDC5FED-BA6C-4F1F-B716-E942C602585E}\EDGEMITMP_4BF61.tmp\setup.exe

Filesize
6.8MB

MD5
bdb1aecedc15fc82a63083452dad45c2

SHA1
a074fcd78665ff90ee3e50ffcccad5f6c3e7ddcb

SHA256
4ea0907c3fc2c2f6a4259002312671c82e008846d49957bb3b9915612e35b99f

SHA512
50909640c2957fc35dd5bcac3b51797aa5daa2fb95364e69df95d3577482e13f0c36a70ae098959cb9c2aaeb4cfe43025c1d8d55b5f8858b474bcb702609749d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Filesize
3.9MB

MD5
4aaa893417cccc147989f876c6a7b295

SHA1
b1e35c83518bb275924ead0cd6206bf0c982d30f

SHA256
2c38e3c3f18e2d3fb7f04336356b9b5186cabe06b3343beec318ef0def1a9eeb

SHA512
109e0c88977fae65a4950fc38393ca32a70d68ef41aeb75b28e6566e0fa626e32e31be38308e7ed5b6a8ba1f56fb5f2133a07aa8bb643224c3dbb089ce9cfd0e

Download Submit
C:\Program Files\msedge_installer.log

Filesize
73KB

MD5
a4a2535514d0589bbf89574f7cd701c8

SHA1
85d4970200ac656783a7e262f09e1510b70282c2

SHA256
2bcd50fba2fa1ce3d9f94280486283ef56bd988e98886b0a844b94d63b594b1e

SHA512
c64d3b1ed380ed829c087d5f23633f0430af6f791cd9b209eddfec93f7e466dd707a9ed861345167503381c978543217644de32ba75bf2e7d5b772379526fe04

Download Submit
C:\Program Files\msedge_installer.log

Filesize
102KB

MD5
04bc3b2d4e84772e9e0eebbc698e1aff

SHA1
2d20df7d1d6445c96e5915912103811273ce77f2

SHA256
b2a32960a79a144e23a3e30c7b54573f78f02c6665a1ae3cda920edf8be45c31

SHA512
37b1c13bb55bf1dc0553a37ed840a677d1bb1ba355e803eef608ea3941fea5ab562f065c451346c68fdf2dec67e04256aa2d96fea626eef608562c4c6065c7cf

Download Submit
C:\Program Files\msedge_installer.log

Filesize
103KB

MD5
662d278a8bcb8063298a0d5dbe962173

SHA1
829d852dae8c4054316022f0d4e50a339ac6e3be

SHA256
a3a6d17b6a7b2a04207c41bd235e07e896fd44d79d94c2078fcf724f46ca7f26

SHA512
34c3881ab028a58abd9fa30c34fcb45cf355f51ae3b8f38b57868dcf01a9e032ab62d312d1ad09349f175faa93008f6565668fac0772769c13c9822510c06bf6

Download Submit
C:\Program Files\msedge_installer.log

Filesize
104KB

MD5
8bb5a6e72a5ed94830da04f98c1cb6db

SHA1
5cbcde500a97451908db2e6fc97de1671c01306e

SHA256
077196eba729cf7b93030c8ed1eefa5506ae92aa2a7feca54123423a94c28810

SHA512
c0f455e5ea47351e76229c878c841d3025dc8c90a6e4562e9ff8012969ab585d3ff78d8cecfcf9f2eea7f6013246e99a30be72d9bc1933ba2ae3012b74b8016b

Download Submit
C:\Program Files\msedge_installer.log

Filesize
111KB

MD5
53ef8e0a8c147c78aec9444fe793c977

SHA1
df54aa45e9514ca2706c5b4f005594df25abd0d7

SHA256
4bbbe5277ab7c7314ff10e6a947bf4ce90a74b5a699f273afa7b38b6b0fc6b4a

SHA512
b372040172ff0dbbc9097cb668f9569605838c80633cc2c8046f802a56995ad844b91e1fbf0e170f20156c4ab3c68ebacc77dfd278633ee5570662034ce14385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\431b6573-30c7-4c6f-936f-b9ee35fb35ad.tmp

Filesize
11KB

MD5
eb0a890f65071785f3a52bf1d6e1e283

SHA1
590442751b1528bf9ad647626a535185baa32a77

SHA256
29d9e00bf6a201b4b65c7954d38affd229c806307e51cc52f78e0673c9294ccd

SHA512
6ef99c876a6a63fe19e823cf536d1e930f7bd0aefcaa68f82cf42907018bdadfc2c37ca581bef737b43eebe5a14c308ca71ad1109d52d203fef21ccffd1d7910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b633a06674476ac35e2c7a93061a6751

SHA1
1d9fde611f8a8b2da0df4062852d5d298781ce91

SHA256
cc25faeac02b7b6c615cda15a1d35a2c42e94241cf74835e687dfbe01ee82936

SHA512
e21a378e87affb598938f4cd234aa87a2e2e124b645eb3c9792fe32ae0519299323a92064806d902f6a2a4fe8a01b9b614f118f184712759a212fa81b10060e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
21KB

MD5
e2324a1769d1b03cff74210dacc28f76

SHA1
28bad99e6e6e61d645aa697a7a1fc042c0c648f0

SHA256
66c579571daecea23dc5278b8c7a74edc24f7d4fcdf17dc6d6f55f2e7789468d

SHA512
4c670ff96962d186b446fef84ecb6fb9fe2415e0370ba26ccdfca805bfa2b5d87ab46c7bd086a8efd3f956652efaa8a9684681604085e7f43bd22dd45a79fad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
19KB

MD5
750a070d77bd096a70d0e988a3f09908

SHA1
2fcf77755d297fb4ff5d6d8c026195fe1fe90757

SHA256
002e5c7c25cddf21276d699e9bae8b738545e6fa8b160ea3afb419ad52cb0f8e

SHA512
5b53d351f47ce88c4046683772a1588bd680c0a6b678f2719eb9e34657f28ecb283a216a7f97013173a2e70de612eac8f2fafe23de7e2e465d0242e9871f49c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
47KB

MD5
1f2bb2f8b9f64c48a09838f65fa1e0a7

SHA1
57b7c2f0c543291c8bc99e28373e845700e391f2

SHA256
2bb73a3eec4250b4b0dfcf005c22770f7d37521f829de5107982d78f2f9cf2be

SHA512
d5bd5e6dcf53f7f96a5e575e25d546152095af3359ba0d4511e19001dd2156bf9a16507ce9c209839ef9e117d7dc65c111763d79e2ea8c0ac3ec20ee6d893e0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
19KB

MD5
a973dfd48a94c649ee669959e057b724

SHA1
ba5bf4f0bbc8e8d0e6dcb9ce79c62b74e673234a

SHA256
5a79f25a303ef82d81c133cb4b66eab8fdd38fa10d7bf9c987a84a08c462ef4a

SHA512
c142482c2fa5a812a69d6ccc1340a8cc618988fc397f1ac4bee8d1e26c3210baad8e19b8c64a3ad95ada8ec4d2dc936778b6d9295cab31319ea3e04800f2914f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
44KB

MD5
f55cac9c28439f0026fbdedb0def9256

SHA1
dbfed046435477b1a2a601d0a294109561aa1649

SHA256
427cdcade184b617f85ff8bcf1587861f7fc4ebdf5a92c2b6e1c9b34b30021ed

SHA512
a5cc66e0db1c5353f85225004bdf172a65eb6e258d2e93d74c19e0636375a75af60b50884946fe97f1cd3f2d688d727ae16142c7aeb3c78dd0ceb306122a6a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
52KB

MD5
02f814e09f310d4211f760d855a90503

SHA1
61791b2667670a735548cdd5ddabd8a3f5676f36

SHA256
4c4ae3567f15e25fbda0c179568322edacbd786a8511594ae00273390475f994

SHA512
54a3685b70386feb293d09a3b4c12f653fda1f81e2d080d9e6efb9432655d6d052e610bb31e776b0142537ddec3476f5cf6c1bc1b4535a9facce70479aa97a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
24KB

MD5
102d806ab3ee87f88fda45e7ebb46003

SHA1
31d03a90949b95802cba1edc11c85d8377a520f4

SHA256
088ffb6059a8ea223dd3509854b0b7eb1dae3c8652e0d0834d0f4cdf5f68afe5

SHA512
a172de9f38ef9b04f55a110c6de9ced524c5b331761b1ed2deb1e15d299bc72b2f672db73f4b875802ce6b8698e24f8f148c55aca0cd3ada0342e8543568fd60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
58KB

MD5
488f6c22dbed19c68d1d18c2722b53ca

SHA1
30a80b7c498f0f044e0f5a3bb4d6eb38e1dca432

SHA256
589a83f56903f7d1cf82f93fe3c57494ddea06e3efae3b04fdf1653aca9eacaa

SHA512
77a73e9959f1a89cf30e8e23098ba7f0209c32ce1517f84abf93b18bb4b3401d62b7bbd3db0826e107912a4d9e47d59ff680d69af1074b5e04f9840cb0af9000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
75KB

MD5
cb7820b78fffb46a1958d13fc108d35c

SHA1
1335962c20d1c90dcf89fe248b254c7024c1aa53

SHA256
845548fef714157f12ff56737e827aa67ff9414cabab0e5812f3f2f05dce86f1

SHA512
2794f0cd506b5b5b01470c1e35345f712a557aadfd94e6a1a98d23f77833f4e494714d814643bbaa094b33e14774c05f2586eb21fe38e21bf0810eca446eae71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
97KB

MD5
b9b9773659a41ac59740f2ec9e56e188

SHA1
7ec4817ac63bcbfff955b8518bc77e3399367c4e

SHA256
f58be6305a263551f8e0edf786d42b78923ccbdf27f021fa7c330484a7221336

SHA512
9fb00d21154e03c8396fb8abaf71f3b0f0d6d6f8642328a31adf10643b3deec0ad8d52bf1165067fe565c7974e77d1b75a6c1f0e713b0c43eea5275b49d58f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
166KB

MD5
73603c375771f24f3ec84e6b771723f7

SHA1
6070dacdf633ebd29dd7dd7591ccfc068aac5110

SHA256
f54ada61886bd0d89da3c5124ec75f3b29eba3e8ac4cba92c93d33c014ae3cbc

SHA512
a27dee5bc0cbab859988f8302ef7b704cf8716bd90c8103e09dd23e933b37d548f439dadb7903989baafbb2289f9d199eb594b4723686bd64e279993fd8a7600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
215KB

MD5
0e9976cf5978c4cad671b37d68b935ef

SHA1
9f38e9786fbab41e6f34c2dcc041462eb11eccbc

SHA256
5e8e21f87c0a104d48abc589812e6f4e48655cabe4356cda9e3c1ceee0acaa4e

SHA512
2faa6fff6b47e20fd307a206827dc7ff4892fce8b55b59b53d3e45b7dcf5fd34cebc4776b63da5aa4d0e0408344bd4602d26d09e7a456dd286e93b768cbfaa51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
cea0da99f005a7b24b0bd269450329a5

SHA1
2b7433f0cb0ec0fc80407aa6376cc86c09e8183e

SHA256
09de626c4cb4ff0e34983111158290cf3fac697c2e4b053a28fee1fda5007e2a

SHA512
9601b8ce9c267ad7b1897710bb4a7810ef3292f2c4799acc2155a9a79130a0a37944eb7a58529d1d0f6c572539b784b42defee1376b5bbec59d7bbcbdb208e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3393ecbdcdef1c5f4d587c136b852843

SHA1
9e5144126584295daaca0a5503b80f37bef3324e

SHA256
f5f7442d7e49eb02cf9288d08b4c03f5543aaf33eeb43a29d56a5d3f4f1a8e05

SHA512
3dc9b027badf53bca98c903ce46bc0165e5f7afb2da1b33f6d8926921a5cef903725ee2af03b87296ebf322b0eb8e85b04fa50dfe0f97340bf8aac77e019998c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0224a900f00fa098eeb8a479421451ae

SHA1
39c414e6af8e7a2a21b552f971ddec37c83bba8b

SHA256
30f0b2c6b0f511c799c0e2d56eb9884a149ad675e9c4ecad2e2547a87f03eddc

SHA512
971c101c53ee760483a5f785e1de50fac5144d624f71e66526400bb86272c139b97469aefea12afc2a6773b8ea1cb6d18c6092677e12dc62af5572053780de7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
ea76409c0b78a811311d9d345e4d2453

SHA1
121d32b19b38a3d74f2db1146233819d28f38761

SHA256
9e0436aaba6e4f1689adac5bffc3baaaa9b9d557814348e8c2c08d6d112552cd

SHA512
5feea76598989bf2e84bb82142e1c74830490a8527b556eb588e055fdbada8ae9ca30f54098629bd33fecad6882edaa914496a5dc007b00f01fa488e2cda8a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6dce1db5847938320c6f4e4c40adfd3a

SHA1
7476080d4c53958ba0f0f73cda4c55bf3df9c04a

SHA256
fe991c406b20794800b6f0bbadd8e91d9c98c5e12f98f88fe7d487d08b6b05a5

SHA512
0267bbe8de34f89b30f8bedf2c8106244deb6017f3b84d5a4fbf17ae32c28ea056d6e0e48f0f703b73f5a4a1be233ca4abd8f8497e419ed490e09a2f67efabd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
6398fc41e15b528f1d072d52782f68a1

SHA1
c62cef1b8e6aea0aacdd98eef312e15cf83bcce6

SHA256
da6f3f447e0cf0dfbd5fe91c680770988848203069632e42607e9fa095a24519

SHA512
7f9c93721c4981ffc1f47835b3dfa99bb89ea018172593410eab00888b994d7b27b4cacf65dfa8ad5f516b1e08f2b7fa5225713c946d2d07818c0e42777c9b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c270367552d48f9c7438d26728927f8e

SHA1
75fad04be2c096062c4076c537d4dc40cc626abf

SHA256
a8a232b18a64348fd4f2e71508928b89a35e11f1678a09ae1735cdeb58778369

SHA512
c9a30178fe7f4025861ebc5d4ea623abcedc289fb99cfd5842e457e318def5127e7730d4f29cefbba2efe743a3e165e177b9d98f29a19b66e219c6faf7c8853e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
a56231e7497825f676494fc29e891478

SHA1
4050bb5448831a0d3b85be1805bf8fc8c5d52871

SHA256
e477514e5c3da7b65cb2491ee9949dfdb6721b21d96b891c098ae93b36660c59

SHA512
bc215192913da8ffd9959eff02ec2f5760f9cea8a7710573ef6ff9d7faf0fb20caf52c0d8346c979791666f22fd643140a3cc595fdb26a80b374462e997eb29c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
ffbbc7cdd023eee888d8b3e3a4db9da3

SHA1
81f18b81024be467138cae10faf14af43379fb13

SHA256
ad18ec1c5bbc592e0723631b0a42832f330f510a241a8c7d3a6c95dfffdb5796

SHA512
55fd43e29ddbf518107b0ef39ef08c92ac7f0227469d7fe60aae9283e7d11ea7af8950f42128654e7acffa3986e4ececbf652bbda4208508c311ba7414426473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
6b81bf26884547f2a0abe73c16fab0e8

SHA1
91879057d183b9c3138fdb3e1cba587b1554f3c9

SHA256
816a3f9730fcf995d9b02b2df05bd5f31fb67c2e7bb4151b31ffebb253637bc9

SHA512
bc5b53123d4b7804cf13b61053f2652d8345503071775e0e401ebae67a5317304cc3fdc0eea0ddce53ce7e98a3af240a6142166901dd4bd0692919460e22bb24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d8302fe420ad137dc602ab00a3b5f146

SHA1
0d6e535d4bcac20b41c48cb57f193b29f076d063

SHA256
35356462da3e5eeceb62fa9c4476a974aa6d5eae95386aee0f0c14914f48eaea

SHA512
c5e0ca7b82daa8c7565ee5d45be6d268e38fe0bf2445a3d7accb6c0a054c6b80fff8c7dff05170da5783fa01f411e91d3cf0deb78612d306b861e407d1bb4ddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
02251f0da8c93924b90c7d9ea9982c92

SHA1
8670befdd2ea959bdfbb05fd0217974cfc036f31

SHA256
07db4308c93e29b2f39e56b4291acde9a22717e18cd649fe4b5b8030f49ea593

SHA512
72ca383d25bc223a0dacafaaae8a9f99d6bc92a6ee39cc6579dc47b8c2367d92301f425957558e2297056fa9f913906cff2205d7a0683d1cb813867df3c15524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1d86f33175f519ddf97ce6e30818dc08

SHA1
ea0eea87e8b556f834f06f41553b7618886aad91

SHA256
3bbafe5d811d65c432c33d186e0a2f21f53f9fc0d6dad3e4d025bf451ebf3807

SHA512
339c02b92f66aa9edad4a8cd7650d81458eff1a55c8bfe228feed81c9e234828fa9f57c210caa707e9e38579857344f4bad643a01ef81798a2e6ae61b6869f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
665457f903fb0d792f3acdb7dace6437

SHA1
138e0f1a294f1af47bad454d9115599eb6c8cdb0

SHA256
fd5ec4976d11a382b821713b99303221798a7e0fabeb18d6b905c3f023161795

SHA512
802804866bb1b10ac195a6c0414c28f2f24924489f84e3ab41aa98489b99c6a27cbbcc0601c4d1fa4d59d3fb712bfa0a3a7fd50693d9733a9b0a38acec23d6d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dcfa2949fc4403fa2175184d5ae01826

SHA1
7ffc727efa50b10acf159b7df3f4c3e4f8ff8ac4

SHA256
c65a3fcdf6e6c12fbebefe0de4b059500d2334e57cb21dfbf6bf47b32ccb23e3

SHA512
9bf338bace094c38353e8cbb57b04905bb8be78af76045175e2baebcbb0b504592feafe5eb2c13a379f6cfe7147cde9f78278510f2a155be0e56ada63c848000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b26d99a232a9994f8c71ad1907aa31f1

SHA1
adda9c782c6e7cef8f4f9426b4edd2dea00d5d3c

SHA256
002c5e15b1e40b87f3822b84aa9bb5889db4baa8e27b700c1d8960280c91bc0f

SHA512
57ea037e50a77099d25229122d74edbd3ac48bf968a93df6a751a34ae332b35d62347cceb88a7827e66930a129827cc8536831cddc2998527499cfe010807e61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d3afaf95bee1ea1c556c456b20ef41ab

SHA1
3d1d8ef4476e0d148bb962847aa7189a87ef2fd2

SHA256
7ec022cf33154f4e3df8c20313b653b29e63f1c631387b237b13a14725da02c9

SHA512
8002b00878e4d83affff86f7c3ab8c24a77ad35d1c55a4107d4e7f7c5a6d3f833073c1e36175c52b37b54aa4811982136ffd3a806c1823af9f401e00f69b97f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ff023412d4226ba5e17dd19acbb31977

SHA1
44bde19b712a0cc4dccb705383b047a9922a4a2b

SHA256
bd45609748a6189282c0413735eeaf129dd746652022af648f8135a399ff9728

SHA512
aadf0d6b73bfbf177bd3fbf7688a387b19928e6c4325520ccc474395e4f25dee4bde2d0e0e4eea2d78eaa5a00430d61dcefc9342b33effe64d0ac43b1f872cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
259eb3ece05a7fafb0cf6502411b0b42

SHA1
20a88f72dbe74134b344ea93d17222b128f962e2

SHA256
d438052b853e7a030562c05e3f46387839bca5497bbb12b4a4034bb9738f09a3

SHA512
9b8e9c11f396fea48d15d037ef7103765745ed9cfae2f57d2b1c520acd1ade0ed48cc5a87ccb4a252838adef057f62a0ca5a6546e92b549e065e8963f9a78e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
27d8cbd2c6df585f3351d80297b186e1

SHA1
49a6b0084e40f480ea0d9fe63ba6152e8dcac718

SHA256
5f05ef6dac81f09bca95d9d35b091ebcbee1087fbabb78e4e46db4e407f12d17

SHA512
d32628de09174140553cf513e6ff9ff2f3e66c9d1f13241e9e89c719b62e433cbf426f348eba3ca0ba7c99cb18b89b1d71e3dadd046a636faa24e52be7288988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0ee7bc09ee7ac3d3a4333350edda1133

SHA1
e08a777f8085b9da1ed85ffb77e2c1873fac30df

SHA256
52d47890a5c1b12413f50f0d623a533f8c275b37f70bfa853032eac8549af455

SHA512
d1a237061f80f537c50f590b45c446ae40d78f973fcb64cbeb5773cb05eb1d5c8fc3b4251b92b38685afc1fd0711850a7eec778683d799679664fd969a5316e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a842f3095d7f353907904c850e2b59ed

SHA1
2c46154d66f9639003ca978ecdfa13d9331ac060

SHA256
48a36cc40e66b1bd245efb7cf6e63d0804e2180b0c0e892d1f2b2bc4806cce91

SHA512
0caeebce8bf19a850264805ad6467527bb9c6ff27ced06f85549817795cfcbf27b21f6af08d888a77f9295b85c668983f5eed1d466bb67cf1ac7bed14f48e712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6db33882e6db7ccd3dae8294c25adba

SHA1
13962a49804859de89ebe9b3584b625fc014cf29

SHA256
d77abe4f3c336e258106a55f23a296631652b24c485df10739070d0e36388f31

SHA512
a904fe4daa46f24f38cb871531f4751ba935262af092f7b76cb26e8ee7e043d818cfa905c21589881b65330560451a9334b5cb50ae04578773ef9e6929c40010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc17934011b558c284b2caedcb8d6000

SHA1
4299474e77763a48ca1c6720a08fa36da04a5403

SHA256
094a9ea244117550c21bdb59bfb2a31c3910a250f034d48bc5ac972bb91607e9

SHA512
f3bbe7a3173c044634ac2304d42461be1975a2919b7405ef96e2f3dc3ae24d2d82e89475655ff426fdf079cf69aa5c6829f713e4210fc9cec9ba8734bc548154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f67f7c87b3670e0cb3aad9b2e0c671e

SHA1
7d681df5eebe986eb367651401e283686e551848

SHA256
dc9727f18eb429c67efd2ee81869621f1b77054e4eb0f3995282b6e0eff60e12

SHA512
f30cf378bd9823dbbe1e511aa172f2600c4c21dd37713585233cd031a18a321b5da7570070386348c4c33523afef140434075613b11eaf7b0ab9cb3f9d696c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1af29a5c0373c906ff16ae32c4a6d386

SHA1
8122138780893e35e659b5e4a0d1602491ce55d2

SHA256
0df4e9a0e797b85bc2f6ae10ecbb4d0fd461741d8793d3a276a9acda3911b69a

SHA512
b0a1b6154c1c74f9797f2df5ab9ca60e138262042152286cbe07d47a2d11c3ad94513af57784d40e6231ebf28770b8ca04075aedb3abd34196f113526d0a8cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c730d64c3cdaf2b7bbe3a1fed7fa720

SHA1
c5a0bfca3779809768e9f552dbb449bf26493c16

SHA256
8fb6fab05cb8688a270b049e8cf0ffee5aded8c6a5d32d34cbd6cb03856be9c6

SHA512
10c1e46f958b78bc17a65dc2df1bf72d2dcdf0a624bb3dedfa0e861397e0c7991aba382ce350ee961e93922b12cdc6b22a23151bc2d9ab1fdd17b94e1617831c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
247f07b12c65efcd7794499bce5047bc

SHA1
7b4bda86c91cc28b60ad0c9e1260f6f127423e57

SHA256
0be13416b3851ecfadacc1f1018730813edbd2a6bd1b200a1c131b058c69df4c

SHA512
b4a8b89edf688f47b3f5705fbdedd7278a71f89ea18d9b664dfad9797d5b05287d6560cf36602515f23b3c843b2d48f9901c930bee6d7e7b2c85cf3491a4b96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
47ff13eab0148324f54918f93ea89cf2

SHA1
23952718ecde33119ac4e24a99964c8ffba1b0f7

SHA256
31e788890b456b0511a78d9fad25550bbe33dda052db90f273992565c6fcadd8

SHA512
fd62d81840708cc9607b97c9ce8b1a1d139c721c71a7a74157ccc3023529e4b0d7744235fb032d5cbd8cee5477d18448402e52659445bfdedeff692dc98ed177

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e5a63c47fb40b4e620e18fa54be3a31d

SHA1
a26dd94d683356e2b903234f7fc139a510fd38af

SHA256
65d0886ab1d4cf60bf222c42f3fc0474f4275320f9f083a67bafc8fba1ed7a26

SHA512
c25aa1dc52795f3794887c28a60ae2f177f7e4b9d49ca936e54cdf375f93b5b58273897f130994d916f9c79fd7ec16dc4cdb72be31cd105e10ec8239b2d99f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4e3e53942ba4af3f0c3e0fc4aef1f1f6

SHA1
05ef85d8b6c3b87864b8da496f87ebceb7510be9

SHA256
5d0e45d678fb46a35cbd55bbc5055ded43a1b2a7a5b31c11c0cf1dcb783e2d29

SHA512
24879cc6a6e721b5c9e391b6e8e00d8653e8af9316d52ca3ba6028c9e8be0b8b627d3def08cc29e79641c32bb6dedcdee058c1c2d52df5f931832cf2a3356b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
95cc7b65be1d031d7a12f96282f66267

SHA1
8d402774ced33e69d9d548a002960621902056a2

SHA256
2015af12d87f93452daa9749a12d124a534075e5085f5eaaaa7d53279f55055f

SHA512
8ca2e066b82e1dcd4e1e5261af3a1ab7a6b07195ce17c689a6ab362c6d21c35575449f1112957284cbe7d52a8f13a1889b60854968f36a1382eabd670657d4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d732ee8289392fb86f86d8428931e56f

SHA1
5d10ab0090ecfda0b0c8f1c5f37d48d674ea6f55

SHA256
085854b405772a422d12b12d4f6a1e41b9737ef634f6de5f53a0e3a2adcb59d7

SHA512
a9933a51e9a746429374df428b58c855b33f9c8b37fc4fc1e243121d062912f1ba510253f34ff4887f2cf1e065326f6f0c8ce4b3f475264856f6da13ddfe9a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ecbfc980a40fae8a09cf509f87904a06

SHA1
324ebf0d87161cc729b6e2211527e5b731b73104

SHA256
0af3a9f86fedf820040b861d8ca0790ce4306b27299efb2c7223d3aaa6f70ecc

SHA512
ed3b1f4597953dd48bd765e98b3dea014ff2287d2f99b7b3998da6f4ac7d13cf187cc7b9326d5464e16d203129f60a20618cc06ee92ed7cc32ef81d82634b567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f865b55c22552c2a8193b94a145dbb17

SHA1
b81e5acd3d0e3f5a1eee571c9ac9ebfa1414ac46

SHA256
06f13e43f1a92c98e1c4f9f93f3196726615aa70d8569dfc34957c5464919d18

SHA512
2623fb9399354065cd243d31d54b21c78205d134d3f98844d1c590b57fb185e40db2d6236d656b11340377afa570b936e0745570f7cbef96a37314ecfcfcb8a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9ed138f26b9989063c8b19550b790b38

SHA1
c856a407842013df6965a33b539195963f1c5572

SHA256
ee170fde05c3fe8e3a4cd74f1baecc1ceec58a0aefe539ed1fdfdb18c1119c9b

SHA512
e2b5d979a1377a583cdc3a3f1a963194ea0a342752e264f4e8589505679c16cd06f0be2b52180b7acdd5e64305f031b261dbaec2c5d44cb5b89ed5a24098f6c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
addf2c9f4b0dff09bb4cfb03b38f2b70

SHA1
baf984936301149d72963ded7a1f88a37bed1d98

SHA256
e0599d64d3c1f75fb98b00666e528eb332f8451d95ae56ecffdf6ce119c4c679

SHA512
e12003ce90b97875e289b7811792fdea5f2a4725fc190c82f1840c086b0cbae5930f92774a8bc01755cc66111d76353de80ca732177c28973cfc40afde993755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1f635589b2284af800f68e4d5d80d72d

SHA1
4734e672e5445090327183de88aea0a7d7acf51c

SHA256
6e3bce14cc2a19846b2e4932c1cb7999ff20e61cdaaa073a415a96a386a4e128

SHA512
a091faae090e195307e8d2ea6d3d341ba0a797f610349da2f9b6faa79c6415afd1be06296b532e867a2263ed2d8cea192009d39da72249c94eb9c42e4bb60b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4e3c606c3fba321d7387693904ba9529

SHA1
f3473f9db7a8a8114de5bebaa4707e16c786037f

SHA256
3313152e519b35bc6eca93e3291b5689e15584f4e93fb88d2e4f7cde8d7eb61d

SHA512
ebde4fba18d54595e9ff84589e771e682c9a22687f2714c6e23a325873a4094f22c31ff3c096d0b0388a727592fd110b780d3af3c6936fb0751c5240db8c9db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a412e27ecefa2f585027edbe379ca7d

SHA1
41648de4efb3ba47adc2a3bdbb6884f99633f8ac

SHA256
e533dab0e9b480ef31674a70f31bd41b694b72dbd30fafc4dca93187fb3318a6

SHA512
8b149d84c5324f07c9324f11415385212dcf8986612e9e273718a93e220ddda08542e3b3b45a0dbda86176f4970db0f616a4b311413fa5f7e7e7fe48261c55c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ec5093a-fdbd-4180-a18d-3a4596b90764\index-dir\the-real-index

Filesize
2KB

MD5
bd8fe60c02098540fd9c3a33adf89c4c

SHA1
6e6d9309f27d8981111ac00d135a3f5fbe45fcb8

SHA256
69670d99eca967d29eb9251d88b5c9e683fc094c39ce7e20ecc5f40db0b0a316

SHA512
0251e6ca02614590963f79f012f67e672ef0f2840bee9ad5b1cd620d15bdf29c4c2b4223c47dac2af31b2f3afaaeb53cd3aa0a71e1e1d81cef4c68bab7a08bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ec5093a-fdbd-4180-a18d-3a4596b90764\index-dir\the-real-index~RFe58ab9d.TMP

Filesize
48B

MD5
d74badbc96f6f0d7074972085d0c9ef1

SHA1
2073463ee19790855095c4b226d42d209336af26

SHA256
23465940b46917a0ae776ead1ccac2f6da2f734d46b80bc6082f3b7bda2ad841

SHA512
dfea920487f5b00bed10bacc9980d21fa35695b723a616f663339638593bb4f618a2c25b299c792f31af453f9259903e7575d19a6995814b8fe85f95e90c48b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
ee3d3b0f583bf10ea0f6e8a083e4c434

SHA1
78c0e3bb07efecf4a91b0db31aa7d43ecec31d6f

SHA256
c17f6579b69d7d604f9ae0207007ff7e4bf2513974002d59d8534f024055e29f

SHA512
d8fc1b126c891c7bf2fd100365918ab2e1719635797ce4e0d3829d11437eb2129250027a0a96296a9e0dd2ba410d2f9de7ae148c02cb3e3637a2fe48bd928822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
aa5d2f6df9f547aff15e3c4cf1066187

SHA1
38734ea94f5755f5854f279b36f0441cbf6d88c5

SHA256
e25d5a5c86cc2b8027c5292fabe16f8fbdd55fad8759cf69bb5705378e1de301

SHA512
e765a7276a65c4b22b8c35169a3c1154bcc3f8e1ac5cd0eff2eb29810ee458869139329dfc33865bfb3d953a5fe381d40baccb50fbfabe6792e3163e44e07dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
7a278e73dfe526dc946ddc368cab0407

SHA1
ef56761837744d3655c442cf9bb2c26b7f1852ed

SHA256
02f5cff0701244ddd4d8d36cdb4bf83321454b49e075b71025ec67538e90dc01

SHA512
83f6507978eaa9e4fc7a0c36aa4d0a2a2c26924ec5fd177996e25cc94af565a240c5325bb808b6b640eda209c5fd8720d24f93252a18354d75f758fcdee4d28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580347.TMP

Filesize
119B

MD5
8be98da8277112eed7597e19b55e7b7a

SHA1
59fc0f0bd0f9de475a1d7bb0c01ba00a94d31287

SHA256
728b247406cffb32fb7017672fe3c44b714829478103885a47ba3cbe87f1504f

SHA512
b8096a19290d5a6301c259c5bf3ed37ea0134ee435cc9a05207728cf1ea39d949cccc149e99c7763eb0a0f9d7d749e19be710a08dde07bb5d6dc27ccf15d8bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\1d368c49-b94c-435c-bc58-9377e90b4ccc\index-dir\the-real-index

Filesize
48B

MD5
80bc9093989f7506d2266fec83a2da56

SHA1
a473a051cb0011a6d0fbc9038f8d977fbf8414e9

SHA256
d33e2415658cf535372e2db628cc9defee6b503b7ada00d2a7e1ad3b906c00a5

SHA512
54dbf9f3d78e2f84a84f9e7432b4edd55b3f5272b4d8ae830e713aca47d928173f6dfe64b76556b1d38fd836ca04b5c180e9d488d5d3263023f1589fe361bcfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\1d368c49-b94c-435c-bc58-9377e90b4ccc\index-dir\the-real-index~RFe596bb0.TMP

Filesize
48B

MD5
3d4c513fd129a82e47fbfee0ccd71d06

SHA1
7ea31a6d5e0bae6031a3d556a1d1eee6c7e8487f

SHA256
35f3a4381bfc8847b2cff9ba76239bc2be773d61b2942ad2781e7ac508f669be

SHA512
625c55c9a769bbdd09623ab13b4c854aeb8c90b498a49c4bdd595a695c553fbd7865afe794a57b51b9809f6cbe71645718530e8c25a665d57f8f5aafe6405e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\index.txt

Filesize
111B

MD5
561062c8c285904706bc6d04d4df964e

SHA1
981f51c77da50abe7c233b8e57c35d58f3a9a699

SHA256
a286def5eb660ece74d6b01391edca53bd9f3ed267b1681101a1e06101bbbd8b

SHA512
43fa2358e957fd4586012f7f95ff45f3b82a4c090ed4e0817a168d51644c427d653f12fec75f78286b581efe61faf30b8e8fd22733bd84653ce8426d18972062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\index.txt~RFe596bdf.TMP

Filesize
118B

MD5
e21e7f1cbf77d2b0b04a1c38b2656223

SHA1
a4ff65bb6c644b17bfbb93c47b976ff3d75f3704

SHA256
86cdbbd5eb93ddaaf2aa85c70e749bda7e3351007754dedf3bcdf42f24b63a38

SHA512
387fc1f0c81473363501150ff18838e9e552597ed4a9a8fcf34414001c2e9dbc6ad32a874dc65656fe3e9dc7f3f2e18e575e4a6632f9d3afe4c37f2e3a7f0e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
6KB

MD5
94d3ab977000aa53227b323d690c643a

SHA1
c232b32cad5bd316ba3da97a134968ecb5ba5fa1

SHA256
0dacc685759f0bbfb76c10817f015b1169f433720dc7c26088da47c401d3e00d

SHA512
b29196e6ddf11ad0aaf42dcc86b934f315787d36d886c695fb68ccd4a6752924ed9aa798654c619eafe36f2ed13993bef312e174160df5e662ded131e0ea35fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
7005dd04b9429ef6ff4eaa83d54af024

SHA1
424b585d33657c762b3b7c9a6b64eb0519a3f5fe

SHA256
80a315be235fea06a2c4dd03176770e26fff7efbf6c3de3b466aae439dc4369c

SHA512
6d1334afa40346a38351c7f124d8148d150661fc276864af99f011ac9ff496319d57904f6c7c5a1803eb699379f26c6b3430b5804419ecefc24c6c23339d6763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fd07d6ba752a2196ec2186794399d0b1

SHA1
9ad3c0cadd967947351d63578625237cefa7964b

SHA256
7db8de4f2e1ae4ce73c18a77868821ef745aa0e26d2a486672b9ed793d0ff707

SHA512
3934c2a7d1ade58b3806bb3bf026fe93d31560ff789ae908b8226d810927f22977a3072d94c7f19e517b66f0334d4514280fa0977230930a18629be83df243da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
78a0adc67ad2e3e6c503ce79c83ae344

SHA1
f21b543a4e7e8f9f5ec417d8424066c6f122e946

SHA256
0182b3f6d00bd7db4d0d04c714009aeefdbac89d8378dd1806bb7c40128f5432

SHA512
eb3e15d56fa291eaa18f9a733916ce25374ffdc64786a103a7e288a11727367b1147d92b39597c1942be9b9b18b749b810391133082147ddcbbd9e26af3a4dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\f6e49e14-6c8e-4bba-9902-2595f4a8cd74\2

Filesize
1.6MB

MD5
ab2109f43bf437b6aad41098833116f0

SHA1
534d3d15d89ca05e7fd0448364196373f10c9058

SHA256
c025f8c3bdf6eb60bf9679f9d75b59ea5a1392b0402217ed8a54cf105e96282c

SHA512
90d5dfba4ca9a93061b284ac94b0a9102f9b90ef22d716a6d218cd262636fa6014a0955e1418ecbcb8dccbce77fed96ad0a387734e36827b7e4788e941894fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\f6e49e14-6c8e-4bba-9902-2595f4a8cd74\4

Filesize
10.0MB

MD5
add8bddeab347968232b16a785b8ea8d

SHA1
dfe87a86f586eaa5c1ef88c0d1732e28d81e33d5

SHA256
da7e51fd6626a2ac1a41db37260a103b714056677b2380c6bb7a2e87ed96d341

SHA512
22daeffb1c7b26c09be212a6b55de51412d87463553b06df7e11e610b07bcd693bab8d2457ac4943338323b9e901ad0f47f4c4cddf4ff11a478a636f1d852951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
1ded671ab395be3f25090e144476d7af

SHA1
c5999a6a74ba4ce6d71784612659bf2b80d5e0c1

SHA256
b9d502058042eeda3ae1867ad0a671ed6cda16068a8a868cdf68ee8b18583b98

SHA512
81509229bd15053d37bb83d0f6215608a74847f8702df4608682b807b46a269344ff901af4f9736913a18d3553803b7fe9904a521dd64705eaac3d247a73d867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
a837c3d8ce3f5280a1c2051a90338cd7

SHA1
08af3607aee802ab1193df554ddbd99687423e3a

SHA256
aa1ddf55ff3ff6ea899b7d57f853bd9a8834dabda81e6ef4a520d5305b0177d8

SHA512
3ce8cfc889e8f6b96ca09d2b0a7aaa74b11a2a67bafae96879bc5d28d60c0eacead3de72db6a5ce968b7da6d4f4d02911c2411bea07b0d99f4b2471b2657ce88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
dbfa00a9b618199996e3c502de5d4053

SHA1
65116c9875eea55dbdd6f406a9f8985775725c45

SHA256
d6fb91873d02382c194206005ffdfc0dcb10762c5b64c2b53b9e5fbf0d6e13e9

SHA512
d05ba5b47efe48345b1e5e881020b865dfc53be89a1ff8c6f12c5664426156b74525510a0d3650479cebd9a042533a57b7c269eabd0b7fccb5eecddbf43e7ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
d9ef5f7ff271122b8ed3f284aaa0c7b6

SHA1
25f77dd51cb41d6f900fe14117ffe79f1a7c5b8e

SHA256
870ff6fe50f639707f2f56c4b86e74841f99973b2ea6cbe1e5a14ee425d84583

SHA512
9808551e4d7e6836ad97b0bdac3c8a2e21d2854d339c4a7b6b97af4e04f1f69cd543b7ce30604fb54021513b1e9b473c2ddb3c4d16be83595f1a75ae154313f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
9e85e75bff93db99764b0e146c9eb5d2

SHA1
57d8a4cbcb47fd64465b9d9cd8f5a315046b1f1c

SHA256
73ba7a7843b30834db8542beadac735a1bed878101be74a28b241557ce606b6c

SHA512
dc668291240b114e1fb096ab3d266b1c1e280ba8945be571cbd3199d0816aee807cb53d8b9e4c0fbafb25950cdf5ad05467fbff548264b10fe4ed11420a46d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
217KB

MD5
2f64c18f7615648e348bf0b384f9cce1

SHA1
440cc9d961ee8a163f2f0553f3a9d7dc7c9223c2

SHA256
a7f79d0b234aa6efb646e22b5d73ca5e5f2dd1d311f8f3c3537e0d8bc1ad7b70

SHA512
146cf32b406541d27e5b3df19def91592dc1f6f401320c4f412cddfa6789fe28645f2a7ad80935151b93ebe4a4fbefa179c242a12a22fca202f596d1fbd74ab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
0bfe0c1af742a37ab58abbbbefb63f43

SHA1
0ff48f3514c8630410fcd32a6ea7b68a5d9bf3a2

SHA256
1946600f53a3ba9612cd225d55ce13f0b0f43f09f5af73fd02d898ce46605950

SHA512
5e38d588c0536003e32ca2da6f113a224456f0a411b00913766929b9679f41413909e8af64ad70ee06e38d7a90e4b3635d1a0209b662e8c0f49107e6b1958b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
3e9a5300c7aa462af8a79586ed642f6a

SHA1
67168e46538dab635a003fe957e10dc9aca0a0cc

SHA256
fb1a6c83cdc4ea77c237b187daac741fcd973b1fd7b7b8cf2cd3c47665414be5

SHA512
716eb427a07640a31d51ece97723aca551e70577375045606afd38bdd011197ba89b477225d430342366c77ae9c9573632d893acb03a514de43afbe7a406ce42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
a3e97e8a85ec1c8e7d1cbb97d4c4745c

SHA1
648903e5b13e672996829dbd493037ef2b225235

SHA256
57d0c64a319b96804522c5e51f8aadba14deab48f470757e7e9d0880cf05726c

SHA512
84a14285c49336ec999b35cd0dbad82c4cd95c4c916e41f80d1bf0f4a9ce9663923c56a0c7be6ccfe16baedfe7d9bd45cff28041e6378d977924f8827b21fa36

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Aura.rar

Filesize
34.0MB

MD5
ee6b7e9013774401883d3cd7d411d8ec

SHA1
0a2074b0ef6cf7e28e8dbebd8a29706048822a46

SHA256
bedcfc8d51ab4da8b4e465181fa428a43297199d61c92a6add416e6d7c14fa01

SHA512
9a9933e4dd2c75c9c11b1c848102fd3c750a8dcdcb96acc14b58f5c25f1b9f6657ed8c5c0f07a9bc400e17d7ddf08303c1c5cdc1f56ec255ce7b867e4a9a16d6

Download Submit
C:\Users\Admin\Downloads\Aura\Aura.exe

Filesize
916KB

MD5
a739d6c0f3ac1b0504b88b8f5e57bf94

SHA1
0adfabcc7fe4ab46bef3f6fee96dd10e5894dab2

SHA256
bd498ec64500af3495b9f6b2f0f0793a23dc113c248ce7c0d2a975b4b9e9a954

SHA512
bf403c4a640ee88d09262c6a584926dffb187e33daf6c54b3a53f7dc500c869e30fb83eb366cd3a7ab56ea8af4c6c7a290cba32e03e68cc652fe0ff614687092

Download Submit
C:\Users\Admin\Downloads\Aura\workspace\1.dll

Filesize
22.6MB

MD5
c4d3ad33845c7009189df1ac5d28dfaf

SHA1
2c8895a1ff8a4ffb4505dce9d9d2c2c4d5caae38

SHA256
c2f23e9c3e6bfcad0228a2cd45fbbc046d63183459ef7f7dd54f15c19e70e82a

SHA512
f6837ed7feb0cb639206756c505d3ce99ae4480d4ba92bcdbfcd18bb8bb38058a4d1c08a427d4614aa38b45d183e250b7bcf30718e6f2c472e2c0d1f40ca3d36

Download Submit
memory/1984-1434-0x0000020745340000-0x0000020745589000-memory.dmp

Filesize
2.3MB

Download
memory/1984-1431-0x0000020729B30000-0x0000020729B3E000-memory.dmp

Filesize
56KB

Download
memory/1984-1432-0x0000020729FE0000-0x0000020729FEA000-memory.dmp

Filesize
40KB

Download
memory/1984-1433-0x0000020729FF0000-0x0000020729FF8000-memory.dmp

Filesize
32KB

Download
memory/1984-1508-0x0000020745590000-0x0000020745629000-memory.dmp

Filesize
612KB

Download