hxxp://klck[.]tube

Analysis

max time kernel
115s
max time network
117s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
01/03/2025, 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://klck.tube

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	api.ipify.org
11	api.ipify.org

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133853419335346690"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
1568	powershell.exe
1568	powershell.exe
1568	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
3740	WindowsTerminal.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3740	WindowsTerminal.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 4992	2180	chrome.exe	78
PID 2180 wrote to memory of 4992	2180	chrome.exe	78
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 1036	2180	chrome.exe	79
PID 2180 wrote to memory of 3460	2180	chrome.exe	80
PID 2180 wrote to memory of 3460	2180	chrome.exe	80
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81
PID 2180 wrote to memory of 1032	2180	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://klck.tube
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8640ccc40,0x7ff8640ccc4c,0x7ff8640ccc58
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,12774417300195767933,3028720038508309942,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,12774417300195767933,3028720038508309942,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,12774417300195767933,3028720038508309942,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2988,i,12774417300195767933,3028720038508309942,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2996,i,12774417300195767933,3028720038508309942,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4372,i,12774417300195767933,3028720038508309942,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3624,i,12774417300195767933,3028720038508309942,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:3472

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2736

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:544

C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3740
- C:\Windows\system32\wsl.exe
  C:\Windows\system32\wsl.exe --list
  2⤵
  PID:2380
- C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe
  "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xa48 --server 0xa44
  2⤵
  PID:5076
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
68133ea203aaff5bd9c2ce094f546de7

SHA1
e5dc9d0be0287d15b49a0c752fd62f8c1a27b3e8

SHA256
9a3da3ed866a99d3ec3d942985a19f8c65887785c5cc7afdb0e97cc3336a131c

SHA512
7755f1724e1a9e7c45c3f1094d941de07a7e1b5e56729532e9208ff68d9e802d4ce304d463f57e6d116bb7041c4a941499f88d86bea3e98a53b91c4223e25738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4c28b8f814f3829d9740792646e36ccb

SHA1
f4cb10d914084041a86bc0e5967fad425f80e5d0

SHA256
0f64ee2d400d3cf3f7a64bfd04fab9a29837fdad6658eeb6e36b49965be1d647

SHA512
de4a4867c0f22f77c8391e012272b4b503458aa249d543b9be4fd0c1831f79b0e87a1b3e3c729d34ccd0f5b8ca07cd8d201ed9d0028aa1e33ab219a905e59740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fd891af1-622c-40b2-b11b-ec2f04db03cc.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7f2903f3cc7dd9e64b564c19feef484

SHA1
cd5c0cc5057269304f049ef8d52c98ba294a4333

SHA256
2ad573ac0312823c9eaf8b031b9314a14068d81a24c3c33913e784f09bf4f7df

SHA512
3ca6df6aeee06ff91b6822b4cf86451ff0fa7ee5de0cc3dec4dc6910c82a25a1618ea2134d7c7db7b5b64e80939f9dc66dd9ae57c3c02bd3c9e6704119a9c280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b30d5fac137dc9e76032d442c0e088b6

SHA1
9dca7679fcacfb8ff75d584e1f41ad64881721e9

SHA256
1e71e3db5e52027c3fb27ea339a6a8dfd839f5a7c180cc1d665b03865f913af1

SHA512
2e4ee392348c5f0f05bdadb12fa3e3a1dc6b0eef1f706e9326feb44bdcc8a500beebee2e5c5a495c35a4732b774671d953e56ce58ccccaa5770176bc266dad2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ac870fb5039cdead9df4e978edf608d

SHA1
96cbfaf12ead57ce4a37691bd7e89b0fdd21e4ea

SHA256
61ca37075bd22f8e39d0d49f2b945294b91f691e3f8a185b357dee5148bd0fd9

SHA512
9f74c896999a55ae8d7bb59bf78ab3c0f4b6bb41824693a29d1b25e8b2ebafe81a8033090b243f04e69fa34255d9b5736785e41e046e5f45dfc82beeb73556ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6d8282a61ec2eb63a23da0e14fc974a

SHA1
dabd676c2c9bbdaa0a187ec4f507a718b55c8a83

SHA256
fcfaf52d5fae76a2e444c396501e3fc640138393d2c24d8ecf3d7ec44e2def21

SHA512
2412144adf250e15b17fbd80595c0ca841b8388bd2a40e0e0cb750b07903bbe07d2bc26867b8ceb282abf02214e34c714f83cef9fae56acee91265cf57d73829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ada11b20122e5775c5e0365fe41ae753

SHA1
1684d9afb4490c1be93de2d8dc2c8488dee01283

SHA256
f017c6524245eb8c1a08872be3fa5d970ba49e97789c430d881bc0e8de94933d

SHA512
9974658b6a8722ea05a18a7bcc79bc08c39e0bf808c66b40ed61652e13ca31df676b6d2df4bb651abb997553401f65241726524d55692ab680cd9f5785121df7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5dda92f334a8bbc5e558cc1206de805f

SHA1
97a5d06522083039902cee729f82c6fdc4addc09

SHA256
99772d38649d4caa72d8d072eb2a69dcbf8194f63cf8c2aec7fad09bd79720d2

SHA512
6ac0c9e18b39808d9aa75b9cfae416415ecde8f5e6649bf5b12e3ea19b12b333f9f324232292cfddccd0792cf64561c4e6f8fd15ca22ecd65ff88625d54eab16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
c1126e481ffcc08e800b1086131eb4a2

SHA1
18f9120e67cc68cc373dd81d22afc3f008c8e2e8

SHA256
6d454521126c05213a95bba54d5c5ffd243eeaebaf0c7f83b775200f3765968c

SHA512
658f213212a761a955934422867c7b573422b1f5d4b785a4efa1924d1187385fa402c22431a3c64c4266919e3babddbaf503a3f136a7d0654683801e0b91d572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
5301212ab75cd3d8da1b25ed38632f12

SHA1
ce12ee6d2451bc24fc7bc54a7c61256d9948e49b

SHA256
982ea38e2479bef30008048faeddff68785c0fb96ff235cfff6763f0ba52b9ef

SHA512
703b29e875b386c0d1752908ea7ab2cbc733665f2ab6fefacdfb89b9c2738ad9d884867f35c2d7c6eef494e83b60bf31e9e6cd1c95dd27d5276e1f58bfb28b9d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\cbb86590-6977-49bd-9fe9-8404eb3d6ec2.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_aobnqdot.ihl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1568-108-0x000001DBE5880000-0x000001DBE58A2000-memory.dmp

Filesize
136KB

Download
memory/1568-112-0x000001DBE5920000-0x000001DBE5966000-memory.dmp

Filesize
280KB

Download