hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

24/02/2025, 02:19

250224-cscjgayrdl 8

24/02/2025, 02:15

24/02/2025, 02:13

24/02/2025, 02:06

24/02/2025, 01:57

24/02/2025, 01:53

Analysis

max time kernel
192s
max time network
194s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
24/02/2025, 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

bootkit defense_evasion discovery persistence

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
25	560	chrome.exe

Executes dropped EXE 1 IoCs

pid	Process
596	Seftad.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
15	raw.githubusercontent.com
25	raw.githubusercontent.com
26	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	Seftad.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Seftad.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Seftad.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133848356620087562"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3835819470-2031661444-2626789713-1000\{3F72D421-863B-493C-A7C3-373D742A7927}	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Seftad.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
596	Seftad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 624	2052	chrome.exe	81
PID 2052 wrote to memory of 624	2052	chrome.exe	81
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 4864	2052	chrome.exe	82
PID 2052 wrote to memory of 560	2052	chrome.exe	83
PID 2052 wrote to memory of 560	2052	chrome.exe	83
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84
PID 2052 wrote to memory of 2752	2052	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1ce7cc40,0x7ffc1ce7cc4c,0x7ffc1ce7cc58
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1772,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1996 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4524,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4868,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5036,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5044,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5052,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5064,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5072,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4364,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5800,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5632,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5524,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5360,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5380,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5952,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5624,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5160,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5976,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Modifies registry class
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3796,i,1136988733402574466,3939921275124260447,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2200

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1820

C:\Users\Admin\Downloads\Seftad.exe
"C:\Users\Admin\Downloads\Seftad.exe"
1⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:596

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C0
1⤵
PID:1468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
32c7bca7e498fdf3f67e4436aa2e83ab

SHA1
8f8e2dbdc68948962d586cd54789b047cd1ff75c

SHA256
02336abb1dcb4b604d1879f6f225a360757cdb1be393e5cfc85ba2b35e999ba6

SHA512
bbf41e2a887d7f5f3aaea65d3aa3b3c47e6a1d8e845473a14680bb28172aba616ee401a9d67f4c8417f08121c29cf289adac420830795ac3d36232aa0a759ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
075f39da4ada0d60b4b1013d8a1a1171

SHA1
170310fcfd33212624a9636787fa94f0a2a695f9

SHA256
60b569ba3ce419b6a3e6f67ea880a1a76db02ebc3373e6c8bc90c77ea9d6c0c7

SHA512
e9775193bc6d90a1951c535ea3d1c00d640ae8d15fda07c8739d330c800614395335f05b5f901e512c89ce4ac56569b33de5282ba72fed03bab587c50f6ee6ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
db7d52fafcb0f67d23ff3665d30f18bf

SHA1
f71594795e8108d53038f5cce616092a6d500bcd

SHA256
d6b7e6870cc45773c61b1f79882c9ec2813d55e1e3d1f09dec028931baa272b2

SHA512
1e3a337b30b8281b7e4a86fd061fd2d727efec41b6806c130d53a300874f035cb142963d913dabfe94cd99a4c62c1e4356cd945b6fc48c1a475ac1b1c801017d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
26998eebc189830f923c29c16ad5ae0c

SHA1
05d2b634134278f115e4ba73749e61af8f7c1db3

SHA256
f5394ef79cb8e954724c6017e4e16b9c28c886e9a37d7881bd19b78532780410

SHA512
b9322b035bb9557b68f5fef3766567bb2a39aee001c3985eada553bed6a3eb952d770f0b83d30fcc46cc7cc90f0ed650b53073b4a5b347650dd3599e831848de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3336e5825df33a0b0f0a9125e05f3dff

SHA1
c8cc173e47bd277b15ccd5826e35fc78d2a3d511

SHA256
fcd631c80b23f6fe4c065e2031eea10890ceba0815ccd3a0339f31110eadd914

SHA512
3e3e2a0f8c93462877bf06be859d685dc6a1194d93ae88a4f15064092db374c5cc068d186c16f679bc3976eb4e889fc2acf4a6b9151e1c0064340f3efee7ad64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
135cc866b4e9b9a5b093207291a402d6

SHA1
70bbf68fa1be262cea0298882534eeeea2900b35

SHA256
75c3b83b5a05259420d37577701220b8d98c4a25a45f200ad5ad751f05b4ec1a

SHA512
cb03e055722a7184c525e894e8eaac8f4e0e78be6b29177e180171ea885238e6937407ea3d9173aeb26d7176143ced9ab1b040a989f812f6acca4e7d80bf1e89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
24fbf4726ad11d07592ec7ed01bf3394

SHA1
b087acc8c688f0e7cc3d4f900296e5cdcc8a0c61

SHA256
19f82e435d71a7b03b3d56fa6317d98b7284c9d12ee8220dbef0f02a7b05bfe3

SHA512
83ca68e8ba9c89a2e5470215c0d353500af84f793c77777af621b7354d0ae1fb18d1d034493252efeef3b1b89709746b5423b844b6f7f74bd1c9f2d90803a237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e3cf9856dd7f22b1687c3d1a2c2d3e73

SHA1
4bfefbafa3095d6a00232e75e596b52fb5036fc9

SHA256
f939820e8c6dabc2a31bc34950444a4cdf134d95e92d910a0d7326cfe701c37e

SHA512
893c73fb879b8a2bd5978434d4aa2f6fc6df32c24cbd470853494eaeafb4a8b9fb87aa0a329ebe048a2e105d623127217bfa5df7d998a1e06842f99f0bfa19dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1dc96e1394873757981f611ebe12a823

SHA1
4922559effe1818f605f08a8c82cdf1eb43883d0

SHA256
c9a3f4af8bfe2633f07cba3b4790e9a9f9445ff07bfd115b3be8ee3bebfc865a

SHA512
388d7592765015dd411477b76760dd592c97323b0bf439f1d38756ee991fd881c2f41159336abaf68c5e5e52c7bccdaf5c4ce250b02fb3e504eab25dff19f77d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae5b46e257c55285f81314b6d81f75bc

SHA1
a0babe20c52d30752c6b7f9e5943d46c898bee13

SHA256
bdc0e7c35980db4844dd57c6e4c134d74fa906b7300696d1ab7e0908e14889ab

SHA512
a7006bf8e7e5d85027731c65542b1bd5a5acdc87aac19cbd52ec2eb4cdf24c0d8cba96d7169ddea1a9c9e865aa99bc9ff2f2acd97fb218352dee40101bd7bb55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eaf1324bfe03fed60d4b2f0c5c4cf6de

SHA1
4aaaa3bea4c6fe094d88ebcd18f4d29c85e60703

SHA256
3be82feffcd68c32db7e693f6349e31ce3573c18c4c5ed8bb2918d2a14ddb254

SHA512
96684e4fa6e55fda7773c58e4e5c738fc49646b78169a2d80ff7cf90e162cbe44d0e7dfa8bf7f52b13678cc9b68576f8c55364bbeb615672943ce5bb9f604a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a220663b37e676bdc222a8a701ad553a

SHA1
56898844c78e8fb525860bf3962ad2fe87d0687d

SHA256
5a50a6799d74f3a1c61c5d6eb376ff14436903201bcae53928ac8bdf1dc9c38a

SHA512
a507788c49bf3bf69996834d5b3b7ebc2847f49b14acb27a08b317c8b0e27960964ad7f6d30af0e35bb8e9fa9be37c58e30eb0b31c029313421f6e7ae1882e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3f1b76b5e5f6944431c8175bd32841ab

SHA1
caba451f4662aad99367bcbd25af7d69d07b76a9

SHA256
55850932386858872c88fb35b72ee8f5c72e136b46603ea5b2141ddf3aab6dc2

SHA512
0098ddcf911a90e3e80edcdb4f8daad5e3af0fc757e402a388b97236ff875dc04b9e200e3cb7e179d92d3fbad20556c307796c03b3b82278ec52ec9bf54a39f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
45ba18ff18e9656dd4e0b9b2c2cc6822

SHA1
4ad5ce577964b3b6355fe5ddb73fc404e5f474f0

SHA256
0754603dc115a741fa03f987070a78264bf1ef55102e897dd03095ffa0f2940c

SHA512
974c8a4df15cd3b9ada3eab581da0bc0a7f853f616a277b8438865e474aceb9218422b1862b147dd2814c8f2e8a940e9037dafc1d0e0a2f3eed9884c7804ad6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1979f33f26934a92bf3558e55992b7ed

SHA1
699b5b9b6299e6a74a30abcc530398e37004e7b7

SHA256
10d8e2aed33da4a3a1110416e51dfbb171fdbae26275e29b507a36b94a4151c6

SHA512
b9a933269f94a86b8b15dc803b74da9b6a21c16d73de72008c9fc003684d59b4e1cf74fb67ac21b20876d14e694271a973e67d613f8613f604193cfcd20e885b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
851c1197e293a3158371c35b5caa9c67

SHA1
d762fac8eb5975fd5ee234650db0dc5960324404

SHA256
ef5a488448889a3b6255e421d56dd8cea16a3d9c744d99f6e4b25f6d1f6c9c9c

SHA512
3293fb1bc899212275c7768f4738d6bdacdbaf3f23ced2d90848fcbd9a61755ea46dad5f1b8737e11dc5516976b2b7407b3f2cab27955abf30de0efb33f5c08e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
14bd870ac7dcd4a9a553cc0ecce4bbea

SHA1
fb472e5d568ff136f69bde8dda297ac4ddb660ea

SHA256
427e0219977f5477943fece31719b18a402ab2440cbb981426b49ec921e66bf0

SHA512
eb07f4316d85e4fe8734a9baf53f60146a7d7d441a83d2562f83f63933a6a05922b9c70d039275274515ca5bc68f7bda3869f7d4854cdeb2b3cd87f2ed14a34a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5027d1ee33a1d742b7ec7064e6fd4524

SHA1
44bffbcb31610bf80a977dfe707c20b57c61f134

SHA256
5bb21521c72440d82de14c35aea68dbb72887f1a4bb6eca60ad6103b60f5a992

SHA512
eb809804122c2f63255a5f3b00edaa6e6d5a3115afb3862b4171f26fd76e238647d601b7bf44119fa61b0590539c752d425925813888aca0e3914e491563192d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3220300e99970c8bf42bcae05133ab94

SHA1
b981f159ee151bd90ad4612733a07d67fb77d976

SHA256
c26a86d3b309088a2ee91705914341213fed77a9d82ae55db3806e70852b0b57

SHA512
47233ece9f916d20c26b5f10ac6b28b208a89038e2580bb62f67ff203fbdd51e97444c5c75b95a3c538daff94eb0ca7ecc8e65156843771f22b970eda3f3e405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1b7a764b8d784e97fd81637b7e31b2c1

SHA1
bf59133e087c1917a4674211c9bb5afa7980d1c7

SHA256
b92121d44e6a7cbb4ccf40dbf70a414735612c52eb4f3392ae7789b171ff56cf

SHA512
65dc47832426c8b1c2ca7b84c6932b8478201e13f7fa73aff10b4d3c610b9d97da4e58d0725a4203557de84c26b22e1fcde262fe6bf81e1f911b78cb215a2abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b11647affa78b556450f190d37709ed5

SHA1
230673f8cc08de5541ef8f7a62930cb5cfeabc96

SHA256
7eb034841a49fb87476768b6fe08315b06154e623af2a04cc09170bf653c6358

SHA512
d8048537feeff2265f9d810d2a1c70ab0ea70dfe5196a4274811f9614f23e5e303a40f933bb23838221effb8d1a858b22ca3c9b3358d7e93e743e25b9ea334fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
67ec7f3b224aef1a05c91ceb7cc3f8f0

SHA1
d7a305fad123e029ade5c48baa059dd5a4eb3954

SHA256
301fcfa5a26885a741579d86500a530ed90934f78eb7420cd7814e6926e00626

SHA512
610a42744573ff15fb9ae5062b876deab74c8dc83d72d4e30c19fb89131be0e51aec0ba28aa59d53a723de1e16003ed02993c15b4c72d4a289c474c2ae3a17f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\861140c6-b1a2-4caf-8747-c277ed3e4dbe\index-dir\the-real-index

Filesize
2KB

MD5
f921758c26d3a992fb78a6da6ce498c2

SHA1
9c2acbf72a83cbb6ece9598e8c26fa25f5344408

SHA256
9c484875d25ea70b73ba6d932c0186cc831bce7a5a97c12f411bbfbecc556b2b

SHA512
dc63df3dd2e33e1561408ef336f4684172caa4c3dc646e53d044552032d723d72f97e993c904b21b5f8e5f2eeba9a9f27ac3674ae2a94ca6733be75c58624738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\861140c6-b1a2-4caf-8747-c277ed3e4dbe\index-dir\the-real-index~RFe58c7cf.TMP

Filesize
48B

MD5
afb765e405f7329d42b460c98e809bc1

SHA1
eeac7557f363dc186ce25fb57587412c0de46890

SHA256
8d7d712edd1831c56cba08a987edbb856eb9cc980d4b7a95627b8056e199e937

SHA512
a040faf6ebc484bf7b85f6e2515dbd0be2270515ae0831cd9edc22c7bf2f7f336dc847c5bd3bf750ec5cfe7eb692f726c47817ebe7e0dc54e545cb35acd2fd00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
96b43c5b59da72b4977dc3d6a1f17caa

SHA1
11bc5949800a76ca4f284dca23e013647f6753a0

SHA256
97b371b8854b6da4d97574ab76583c159828488900d23fd4c33faa104d897698

SHA512
e562fdbee68bc7552cc3e6bf8fa622d5c291bcbec02ebe95f7833c444bcd62f0d047ca9a74c2b7480099cac2a94679ca217fc4606a15709ec6d2276c4c5b320d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
b85be76a01af99654f8aa86674a20a6f

SHA1
1fb0824d56e0bb4ec9d872797db6ade9ae9807a4

SHA256
8aba1f2c1c16af8fae0f744a3c5fd5593c9ca012efc95296cf7dcad86775082e

SHA512
7e87ddfd14c0e9320b7e35163801876e3bf16afd04f2e7e1e90b53880b027e4e4de71a09be7fcb0e7535c9db09449d48f9d543d0807973055a95969c0b0e5a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
41ebe5889401a695ec43804499303d05

SHA1
36baf1eef452aaad948a204a7bf9fe4a8eb818c2

SHA256
22fc72229136d841d7fa1dddd851728e12585f0ddd8a53c985f9495e32e1d74a

SHA512
0a2ef9206e059a6c07e93000a64007ccac8a06ef1b5169c487a957d796db91f640d1421ef01a6a29201042ffa92e2cbfdc3b8aae82485f7f25ec72d980fcd928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587078.TMP

Filesize
119B

MD5
9a89406afb64ec37755594f2a3187529

SHA1
5cca7e04c6d356b13d7babd8c8de4f95a6480a71

SHA256
e899beff4b76a5acb44c78da12f154fce8603e233a33667cec852d367f592e5c

SHA512
7dbd9c9da47f0fb439d90c30389dd6e4e7f06761741ecefe5c28fa3eb9a436e0740dca3f3242c0a799311a0fd8e1a03da09e5e460731fe196d5ee436c112881e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a8fc16e7ef9ab95495902c6b7cc893d9

SHA1
5dcae1fe283dd5bd5c5837f1c5b5146893ba5984

SHA256
3c502a1bea51ec06b119a9e364340d953fe92ea3cb2c24c63d72a9d0fcd15985

SHA512
265400d9b31d1658e43cf41892fd4cfbd940ae814921123f97e6b3ecceb545fe1f0f315ccc112a56c26badb4a753b49f8c1d5e71036e05133444d4d2fadd907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2052_1770085701\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2052_72374811\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2052_72374811\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
f03e9b9369e9e0c8e55aaa49bc6abee8

SHA1
23bce653c000db5f265c138d36801083d74e1661

SHA256
793445a4872fcd44bac383c89ba3de38e99fb253a18b4b84196e217e06d7b162

SHA512
9c8f1fddcd34c5e4cf7de4ebbe859624cacae7ee498b47c16d23d81612b4adf5e653ae0649ce0a3cf38a05b3be447a267588a92a54d8c2e21f7f4159e8aa00d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
bf3d0e91ca3450752110e7f3dbf6e118

SHA1
35668d8ef44f6e13e03eb15fd207b9a462acde7c

SHA256
130ffc01b040022f65046ef0015e42fe1befa34fcc965029fbfe580a3387dda2

SHA512
c52db0db6cef0ee273c0468dc0c0a164a902559744f97c368d29a071e651489a2b256179c4ff35649b9e9afab0a2c45bea96b174ee9476d71d6a478b1d2a346f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
d55ba2cb531dac9f6a16cc87e01be83b

SHA1
7a013ebd227c31cf1adc66f03d77941e428045ff

SHA256
b46a4177128eef82b9dfeff7e3797b6bb5df42b49d598cc9deb23a56163ea4f6

SHA512
212c40f02233c4bcde2c547a3d6069df2c6ae8f79b7df8a58eb79f56943f9229e5c395df010bec9f34475c5fda685fa09ea3f6461ff1a67b9f7f5942f20b8084

Download Submit
C:\Users\Admin\Downloads\Seftad.exe:Zone.Identifier

Filesize
227B

MD5
932c6fe7e0f562523b2af018077d9f82

SHA1
2d444ee6363a90e1fee8ed2537d62a557b4f5108

SHA256
f5571b95f6618137d22fdc72e5b1d0584c6d27b04dbe1c1ab8217cdc2b1c5a00

SHA512
bd97ff1e552a51eccbfff5bf963219904cdd692b8d7dc8c5dc46b86fce4a574e7759fc4b328c6cb1a30a289c86d44f97fa6c306146ff80df5b9523e845e475f8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 809537.crdownload

Filesize
48KB

MD5
86a3a3ce16360e01933d71d0bf1f2c37

SHA1
af54089e3601c742d523b507b3a0793c2b6e60be

SHA256
2ebe23ba9897d9c127b9c0a737ba63af8d0bcd76ec866610cc0b5de2f62b87bd

SHA512
65a3571cf5b057d2c3ce101346947679f162018fa5eadf79c5a6af6c0a3bc9b12731ff13f27629b14983ef8bc73fa9782cc0a9e6c44b0ffc2627da754c324d6e

Download Submit