xworm | hxxps://ads[.]luarmor[.]net/get_key?for=VHFslhWdrPey

Analysis

max time kernel
346s
max time network
347s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
04/03/2025, 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ads.luarmor.net/get_key?for=VHFslhWdrPey

Score

10^/10

xworm discovery rat trojan

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000500000002317e-762.dat	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Downloads MZ/PE file 4 IoCs

flow	pid	Process
141	3364	chrome.exe
141	3364	chrome.exe
154	3364	chrome.exe
167	3364	chrome.exe

Executes dropped EXE 2 IoCs

pid	Process
1868	RootkitBuilder.exe
2236	RootkitBuilder.exe

Loads dropped DLL 8 IoCs

pid	Process
1868	RootkitBuilder.exe
1868	RootkitBuilder.exe
1868	RootkitBuilder.exe
1868	RootkitBuilder.exe
2236	RootkitBuilder.exe
2236	RootkitBuilder.exe
2236	RootkitBuilder.exe
2236	RootkitBuilder.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs

Web Service

T1102

flow	ioc
189	pastebin.com
191	pastebin.com
194	raw.githubusercontent.com
215	pastebin.com
219	raw.githubusercontent.com
220	raw.githubusercontent.com
187	pastebin.com
192	raw.githubusercontent.com
193	raw.githubusercontent.com
214	pastebin.com
218	pastebin.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootkitBuilder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RootkitBuilder.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RootkitBuilder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	RootkitBuilder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	RootkitBuilder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RootkitBuilder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	RootkitBuilder.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	RootkitBuilder.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133856016901964474"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\1	RootkitBuilder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	RootkitBuilder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\1\NodeSlot = "5"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	RootkitBuilder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	RootkitBuilder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	RootkitBuilder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	RootkitBuilder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	RootkitBuilder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	RootkitBuilder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 0100000000000000ffffffff	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	RootkitBuilder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	RootkitBuilder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	RootkitBuilder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings	RootkitBuilder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	RootkitBuilder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	RootkitBuilder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	RootkitBuilder.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	RootkitBuilder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	RootkitBuilder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	RootkitBuilder.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4380	chrome.exe
4380	chrome.exe
2868	chrome.exe
2868	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1868	RootkitBuilder.exe
2236	RootkitBuilder.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	4380	chrome.exe
Token: SeCreatePagefilePrivilege	4380	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
4380	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1868	RootkitBuilder.exe
1868	RootkitBuilder.exe
2236	RootkitBuilder.exe
2236	RootkitBuilder.exe
2236	RootkitBuilder.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 3716	4380	chrome.exe	88
PID 4380 wrote to memory of 3716	4380	chrome.exe	88
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 3872	4380	chrome.exe	89
PID 4380 wrote to memory of 1096	4380	chrome.exe	90
PID 4380 wrote to memory of 1096	4380	chrome.exe	90
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91
PID 4380 wrote to memory of 3100	4380	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ads.luarmor.net/get_key?for=VHFslhWdrPey
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff87ac2cc40,0x7ff87ac2cc4c,0x7ff87ac2cc58
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,14236228113678237322,8445132893129130940,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,14236228113678237322,8445132893129130940,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1968 /prefetch:3
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,14236228113678237322,8445132893129130940,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,14236228113678237322,8445132893129130940,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,14236228113678237322,8445132893129130940,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4020,i,14236228113678237322,8445132893129130940,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3148,i,14236228113678237322,8445132893129130940,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4800,i,14236228113678237322,8445132893129130940,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5208,i,14236228113678237322,8445132893129130940,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3360 /prefetch:8
  2⤵
  PID:5076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff87ac2cc40,0x7ff87ac2cc4c,0x7ff87ac2cc58
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4416,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5248,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5208,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5400,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5360 /prefetch:2
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5376,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4904,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5280,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5420,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5564,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3324,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3304,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5172,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5144,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5656,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6024,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5992,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5980,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6388,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5652,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6012,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3364,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6156,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6496,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6408,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5548,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6032,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6580,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6356,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6152,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6096,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6488,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6128,i,17998488048370906471,4319976354335088337,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1248 /prefetch:8
  2⤵
  PID:3140

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2372

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5836

C:\Users\Admin\Downloads\New folder\RootkitBuilder.exe
"C:\Users\Admin\Downloads\New folder\RootkitBuilder.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff87ac2cc40,0x7ff87ac2cc4c,0x7ff87ac2cc58
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3876,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=4388 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5164,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5376,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4024,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5244,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4412,i,2233402959636506668,15359651837203492229,262144 --variations-seed-version=20250304-050112.247000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:4872

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:448

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6032

C:\Users\Admin\Downloads\New folder\RootkitBuilder.exe
"C:\Users\Admin\Downloads\New folder\RootkitBuilder.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fca79fb6982b039a708b48419b725fc3

SHA1
03b5dcf0e4762c73a4407c5261232fd8c7a640e2

SHA256
7379dfffa6d218e67131438e37e898bd90face70a1a57f2e90bac25ec50477a8

SHA512
443af87e83d272dd232a1dd0b91e38b587ef8d52e1d8d1c90bf56ef701eb1c7124fb028be5f35dbd89b97cd9f5e9a0df51306dcce6243f8959b87c910d7f0e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5868097ff7e665106fea62a78921168b

SHA1
49a346d22cc375fb18e922516747b744b4d393cc

SHA256
890abad9cdb6a00791c758768342e38d1e2bb988797f65c91db410a0a2a86d5a

SHA512
9292b36452c34fbc9ea5d870be52b3f63c81cc84c7ab122a5e28be1763420e1aaf1c4346a6e2db09fcd89a359819056300e992da8101cbce610efd704c9e963a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
4bbe0ee83790d31f749d58b96f1dd744

SHA1
402edecb8bb30b84f95569d3efd7f5050f157d3e

SHA256
eccac2add03fcafcb5f2e387193029b4b12cc22a1b12814656ef0cff5dc46db1

SHA512
55aeb7012efc3bbc7139f016663268a3896cbd8eb2b72cb6d03768aeb9efdf9c89d33c68e7495c8522f3425b985f3897e64417e976d52961edb5c152a45c37be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
56494149db0f36aa1e0fba7ba3f621bb

SHA1
888585d07fcc244a4ee816bad6a710edf5b58c37

SHA256
9b8f2d8483dae95f57628a532b7067c6ba7e59cc8b3fe00e6219b9e562756696

SHA512
3a65fd33b9b68efd539d69371b9f7b66aa3d9dc98a28a6af0e5e2e284c15b21dbdb0063b9177eea8416eaf02fda0000ab13952d2f8cedcb7653e84f7e90d22ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
62629aa1a756167b91db376028beb241

SHA1
5b629a55316232327fd743790c9eecd6a17027da

SHA256
2bfe5afbea63a7ed53ec354d631af9372a70d6a895a149cc07b858c4af4897c4

SHA512
852c7be6934c20c6af96f225c83025510b6bc85ada419c42ed5134042c0e908d6ad9cc9a14039c6336c1a359ee6d0d10007de1e47ed1ffa9416574c9502f179c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
c229c188c92af09bba9d35c60835b5b4

SHA1
477c9d3c66c0d2f741a2eb486db9b7b90cae1bf4

SHA256
b197613b7f331c9028fc8bf6fbe095e80778af2cad4ce259356149cf611dc420

SHA512
d6a70d388bd4e9d3cef4e8e0141c632e9666874840c8233eafa3eed4d6aaea84a1616304c28cf7b35c57529cd7430a2daee764bd37e04d58b4ee0df081aafa2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
143KB

MD5
2349cb873f70480704cc31cdde0a2c22

SHA1
bde2d4d4b0c6284ba6012a6fb0d24e142e3882ad

SHA256
6d053e91f2ae9f2cdfee380a3e6be047b320f4f33cc6cc9673cd5de6a3c06e01

SHA512
c9570fc1e962e0435448c26274969c5e38556123fe989165b1cee2479c8aed0f854e8df7ccf628d572894498ba8ca1f4851d2daa7065c7589b504fa8b9374775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
9f50796ca8c3588578124fa316c114fe

SHA1
f3acdb651e33e348115e38a3b6ace819e54bc1aa

SHA256
69782626f05632d46470f2765bcbac647bca0b2bda55732f89a62d3b2d953e34

SHA512
0d30c8908937da272027742e01a82b3bc3a2af4fbebd32476ed74dc7172094d5fd7ed19392e21d8d80830e6f8bb6c494efbd4280e6979f548f3084b9397c8667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
01401c120c85b0d8caf9a0da6aae7a43

SHA1
f1962dab8d70378228197259ccd351c180b42380

SHA256
e6843bd46e96eedaa0e9df258064d26250fa7ef71d99f7fde5bfacf0220a562d

SHA512
252299e534bc4bc2841b5608ae8a350426b62fb43c08f1e98131c4e7d9259fd3c3c15bcdbac5e44e6aba7767a50004c3a126021b3ed630dd04262fa6e3c7be10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a17f808931f58db3bd968e1af41e109f

SHA1
52cf22bbb130fc0cea01ecc5191142c2905d56c9

SHA256
c38a347a572af5c55114f2580ffa40636757f585d6fe709ea512f64db0eaa115

SHA512
b23b7f01bd92e9d6086a94dffa360e4db874552442decc62f1fee17f32fdd8c5cf2abef8dea9021d6067eaaafb77efca9509e5f947eb7694f5bff878f3b0f71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
f70a0a7c5ebb5e2bfa4fdeaadc4ab39a

SHA1
4fdeeecbb82820ab5ef191e2c53c86e1f6bf87e7

SHA256
a6a5fcc53550d7f1a214a77f05f3b0af75871e20c572c29620fb7a4b21bca0a8

SHA512
363d14862c636de6d13b10c5580830b80be36bb99b8ab40a885e2f0b91b580162e9ef40488304acfe38779306f3729c80431ab484ecd0da5dbee2443b43e36cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
b0c1c96c53a065a12b64b398104b0f40

SHA1
9d8a973379b410353b9f3ed11f029b3ed6b8495c

SHA256
32cec16f2b503ff2c1bf04c6ff973a1b8bcf797a4e01ab893c8a62090897b97c

SHA512
aa18c0158d84e38255bf402deac67e74aa5792437facd23ee472994fc6de8bd2ae7d2b613825aec50f783587bb306e52ac58c0aceaa40fbcabf2faa874b1aa79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
00418f36247d681613c058ac628d8fbe

SHA1
4b8a7a49e83dddea6626fcb757344e02d135ce10

SHA256
1e5f2436e13e84b8608b7150788800d3de7eaf3aa02ddfd17b36556889c4bb84

SHA512
2e696badb4fb6afdf2f7182e04e2dfd8511981edf3297dcd8805147eedb868c8521d9cb87b3fbdef38fde6e1af713ff19f85a6edaffde582300bc8a4bb5b5d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
d376cabf5be00716e05065d4dc593b1b

SHA1
f3b90bc9e9f73979e861fcd17c3ac3b25fe0ad1a

SHA256
32ca09dc4bc3aa468d1301279acccc44db82f65c84567567694b4d4092039040

SHA512
9e59d4e6466ed0bbbe99ccc42da09f3f23ca9ae727dd7febbdb488cbf32f47a1fc6ecbeec13bce13b01b74bd93ee581f7d62b731fe48c5a32a0b2b400278e7e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
345e5c361fcb8f2fd6b772e0618e2a63

SHA1
f40d47b6d71e9b4dd56cabd7025b4d72b62a773f

SHA256
30b55c978037b49eb77735397b89654a8e43424cd8bf893316f0c73f0a459cfe

SHA512
c331affb32958b4d88aa268624c363e7eb674420480b13a1688e8de4d74fd1ba9b8dda48906c0659c67f19fbca2a142f9fadf65c67a675e8674cf47f8af2b805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
6aaa34238800822444c2d87185950875

SHA1
2a842be78a1c96b180d9ab4a1b7251a0605fa1ce

SHA256
c8ffa333b3479c96e1027be733080b1d1c86444b3eef1e690c7769303f1cbe53

SHA512
b692f549d3fbbadcbbf5fa95bb2c34474ffd5c9c36c5e7ca92d4324d7144dad04f864318291843697cc997b7aaa245d498266c863e50e56fcabee876c8f9dde2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
309B

MD5
bcbc59d4341bdc31048f3588af4f3d91

SHA1
43f0871637de242f2e9d6a1360e661711bbb4d9a

SHA256
ba96f27af996edc0088c2b29bab7b34bc129558e437f57b58235992ea4f422b4

SHA512
ee80d4d4f91bdeb7dc7a181abfbf2466a6a202aaa38d20e507fd4cf287125aff0784c8192c9e34caddfdc9ded18f11b2da0f042365d80182d8b7071cccd56965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
01bd15442d272fd8faaa4c2ae33ba8da

SHA1
0fb224ca33fc2822b95358d4e007c95e0611508e

SHA256
cf4ae806f76f19404c6122da12e5e06903f0d55b8cf89cd9175ecf19767f1a59

SHA512
f1275f7508694d3e0907c01d461c825487afab9a220c882c45694f7d0ea89f0a8fdf7f3d8a7eb0b74ed25287deefae9d0778897c210fb8127e05341699d86413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
70e49cff7654d1d0e896944daf2ec849

SHA1
fc4d3936bf76a7fda6aa6bb0a6c29548d50d1c24

SHA256
e675bcf42054be4e4cb559a14d8d56e3eac9c4d25ab6c0c77bab5f9beae94dff

SHA512
507b5a266ba349cd98b8e0219dddc1b16866f0b01fd4b244526e2a986bb71419cbdf4270aafb4468bb9c3cd7608af32c6809af3603e8855fafaeae69705a6d20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5fc2f5453c1f9ad655c578c690077002

SHA1
16737fba9e1adefea89ab4396e7a2e6233a2a89a

SHA256
324c4838f0f14d9e94b98d4774ee7502fc2085d7e14acf969e7c063d7562d9c2

SHA512
fc03899e1a6e5c3ed324da3d6814a7e0808d8f2deb88090b4d4e6b7149a67b3d2336749f503fac48370bf521d9d636d7d6661debf455102a1a6e6294371ac763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
ffe33b8481bd97296671889e01fd2eb0

SHA1
ed46c6793e14c36369683cf06b21fbd96098f4b3

SHA256
231ef672fdd7d931e682398f67c3787a0a61e5bc8ea81a903e414dd7945567d6

SHA512
e1e44658f2b0fd7529fdaf516de27f1410d224e336fb060e249fb51f31ab1b481d52014e33676888230e4b540d321fc75d07599f4f8797b790ede6347a59fb50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
0b3804da301cd638e2afff1b3d726ba7

SHA1
e9625655dfa8d86ea599c26fa0875e7b26edb6b3

SHA256
2efc2d91bab27d5580f0c01423e1f9828decb9ea79f4240d28e3a350ee0bd368

SHA512
5e9bbc9a106ea2678a3d34997a56e8b8c5161a1313d0881763a98e1c4d11da37d24f6565667dac86704421a54818c45b45145886bbe2b7921655d86ba05f34fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
982b5653a45b11cfcc402fd45dad2e82

SHA1
5a5550d775f04385e1b7259f23deaac767856ca3

SHA256
35bf37e4f72a70344dc38f6d3bc1ca1459fcb0899ddc8fc60ad84282946d6c7c

SHA512
d7fd2a79c3caa302a89e76b0b4f37e5dba0ba0a83f71f08f5f4f3c21ce967feec6dac463ea48abac6d367be1bad05b485e7eae4cdd6a88d8701a71d31d626007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
237c802bdb3ce745c85b8e1a1e5a6f7e

SHA1
944408c2558f62b376e9928d0f0ea9163f481744

SHA256
497896ce03198e140c041de7a5b9069338d39a780343bccd8621c736216a98da

SHA512
4dec76c1a60468fef2456a0ff4be7fa8877da9ab45a0b02e5cd1e3771e41dc19ac5a2f73fd8ef9e8f6f071bd811d1721a9420268268767b79fb7a8a92dd1b0ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
3fdaee50c472da953e54381fe9b38e07

SHA1
942b97e4bdc52c1fb1c7b2b1940bbee33a1cea38

SHA256
e220ec0cdb16f60e194c24166cd48476d6bfbef4a5556143d81306767d6bccc5

SHA512
8dfa64415cbe0748be5ba961f8d2aa8e0dd7b925637fa7e2c7b864354072af05fd8262fe66539e502f5bfce1c202929331b3d601f76c254794e9da3ca9abe67a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
7b22e68cd61218713ce9a5fe4407ae73

SHA1
d1c5c432759ae4b33c2af64008dc15b2124436b8

SHA256
7918ceb578272990573f6cb05a1f2a9aaada1425b1158e78798f125729ec3adb

SHA512
252861589ac41e089d08503b635a12a70dd82c95ea52ae412a449a455222a411854635c5665119b7a53ba24a7290f76023b6d2a75edcf39df97010aa42100b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7ce1c75740d8eb8dd876bdc2fd820d21

SHA1
070d586ed65005b23ecb00d11df6ff7e28686284

SHA256
e610c7ad65d4bbd68e76bdc7cd182862afa6fff4ea8ff24bec741359eb81fb37

SHA512
e71820c6b8c1020414930be5755c006267fae38de117408f25dc6500005a8e3813cf96ce608226a268b2cb7c1108ac00376334f0f32170242136da1b7731c972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fdef4cfb-b745-4222-b240-788d41ae15bf.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
466f55569d1316a291b835ff81547582

SHA1
d18ff72a4e85fa3202598e549c05e0333b752c10

SHA256
001fcc22353bfa8b84ae744bd2b3802656359e6226b6a6173575777121a4df14

SHA512
ae1fbe9cb018bb8feb58b0ec1a5434ce010cd85cd2ad4e12f0cee070891c97ee9dfa42965c4bfc77f19d890df70ee6c954a6395f6c5a3f1f0452c5dc6e877a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2cab9c6e0ead6bc3e94910a326bc095d

SHA1
941c0ee6f4d206a2e78b49a3b93feb77e4f602bf

SHA256
f3ae3f0c8a67cdb7b42f8eb76505f1046205ed5c0bea16a9ddc178bd2b146a56

SHA512
3fe7facbf26ab9096431c5966ebb322f879918859a0891a8ef6c7d9cb6162ca848aa27e1251e400dda2b1bc85ac1c33367bfc31108e9a32446be87b9fb4eebeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c77999dcaee7e9f09d20be362632dc63

SHA1
6a8e242f9bc3ea5bc38cd6bcc64e8238a290ff94

SHA256
6ad08f78ef6c9b39a1046b5906df825c8d8e95c417d3e6deeaa494887d07b85b

SHA512
8986e324aeced0e3bd6d595703765759daa0efffe3c86e4607832a95092c09c6152ef4a4d76dc306a56293bf8c81e390bd6ad602387da6b16557a6213ddd57bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d683c5a8cbcdccccdb946e4074a44708

SHA1
12bb696b21b8363bc3a26116f879251142ef9663

SHA256
c26eb8bf10d461144294d80fe7d040f14327adf6661075ec6ae1ddd72e7f065a

SHA512
368513152d40dfc10cf8130a59232d9af47c4f6e32753756e19d442a286fe2f62e4df4b7c6e7cf4c12a1113745448b678ab81107496567f8c1a0b47d5e3c1e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
26b9c200cda66f129f6e40a2959c1a5e

SHA1
21424eeebc0ac53287c4d044f0fc75d2cec87861

SHA256
6bf676f392f0b3f2d8af4bdfd8dde0246a68a2fb6cf1fd001dd943f32f3ee802

SHA512
b1fec7dc096a8d2b99e75471388c360bca67a60dfebbfbd3cc2b42a9f6fd29909f97f2e429caa3447828d1b267178bc5b5506f8f487f9cc7cc7877717c5907e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a6395a94e41ee64ed747d4155bc5307c

SHA1
b83111abd041c00188e802ace40eee736653f06a

SHA256
2508aa1585e1649da393cc97a3d9b7dc57778053421fc1e0646b6ed60e8078f3

SHA512
16f964cf3b9ea3bacf1c217d032cab6a8abec0970195ebd5a823efb043b2068f0efb019249cb101cade331808c655bb06141a21530d9e2f0ba200f7df07feae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
33bfd678b1fd4e93191e9fd5a0039910

SHA1
4f0004fb7f04f21fce1d3c04e718a52abf1fbe42

SHA256
1773721d03a0d2adaef0d9a889557f99dd6d45a62ae7bee554f2fe007c412937

SHA512
fc73838e1cdf743d5ca466cb541ae86e4faffab4afaf1fb10d2661305edd70dd0c94c5c300ce02405675c730385c82a5e9fd2125a6a82f6eaa1bbc4a6b82a176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5b6d13004d530052aa67f8e4d222337d

SHA1
7749ea8b3671807fbe4bf8f0e9b6c77bbe519555

SHA256
259e415395a1a0c2464f43c603dae43b5334c184be760b7a5d7537b820644007

SHA512
e191474e60b9fe3126fb3b27bb99edcf9b840a429ce9345fd96cc4afb8848bd4b2d4c1e5099667728340ed9a60af47e17cdd028657cfa84bcb032cc1072b59ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7926366afb1842dfbaa45db1752d3855

SHA1
6fb3dee9b5fd842f8e56808450c80684bda14aa2

SHA256
8680b8205ebeb85b9667996984095006ee3495c7370fee1a2cbc9a9fd673b3a2

SHA512
7caeefe15d00ef39afdafd1159407edb5dbf4a04f5f7604a79259e1f6499677d90bbd5e83885de4d2a1403cb091f87e189407ab645046feac190b065df076d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
96c4c19f2d8bdb34d0fb07b39730fcb8

SHA1
3c550991ab03bf8da55bec6e5dc6b8d5fbaa5b34

SHA256
57001a4fb488ccd0100974fc4299a0266d623eaefc79ba3c927173178a442103

SHA512
809aacc2576675398808668e885d8d2d072e28b0719cf5df9542c0434815ca65445c40bffeb381cf78913b68442b2dc14db3a5395c2b8fa9ace992e99489fdbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e16f4f20440275057166ec60b928a623

SHA1
f1272c9d43f376c9317c65dfc995e177c22fd6ef

SHA256
468c4c40e62454f75594eec66a0d8599971642761478363c8494190d3ad0a0fc

SHA512
434673f69ad099d22818fb79a3a811e3e2385ec9babada37cc90401072467177b02dab12f93475b69b7777a66fe2012db1026b37dbd573dad78dfaa5e406fafa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cba6002de43bc7954517dc593aaa2520

SHA1
487f7f12e74a4fd46e74b20308c7916996b51634

SHA256
2ff98a919fe9a831dddf344ae3fe1b2ee64d9bc0ddb826193bff00c29679c8c5

SHA512
53478a20e9d3348182823ef2ec4d8a06ef01e313235b2ff394df25d2d2ccbdfb96dd191298b7480aa714c8cf700f77af76768c2bba2fc8c550ec2a1259a16dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
06223ece9130ba44987de5c4a007254e

SHA1
5708e0e8ac04326dd3840f5fa15187a0539a32db

SHA256
a431ecd27fb3b556333e39a6c63eae78ab32864c7a3df51f94cd94d50479abba

SHA512
8f20d709797e16aa41351ac5ffdc5d365da7689e7f9236f09b8602932b32e81c16e2b4e41de576094833a13121ee5ebcfb6c22408fe76190aec511e8dad47915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a4515f5c239f2501c246f1f0c4e28f7b

SHA1
57c84a71d9ab423bdf210b8b41c4b48d8bc8ffac

SHA256
ea0a5f1531ab0e0d0158169f1636f9136cdb8ca84cd78dd87b7a21905c66b433

SHA512
7fd8e67bcb258f4e8f1cfb5148d925f43c171b4809342f1a53c7edf2ed407b03d587c93565b3a7f8580da62e7a8fce5b2722235f0b430e1f5ac4486d9d81a478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e9f91c70ab7c6fa3cf53d4927d295a93

SHA1
71245d14713acd23d377ac80a20712f28d7a24f2

SHA256
299e2fe4607d635001c2162b3619fc2a09128cfa0f9326917fc86bf422d57f0c

SHA512
7ac00075f3349f1d5ab55906234ebd8b398ce7b01100c0c8888962fcd30633972d6f4d2ebc1831349938ab1bfca4b9fe4b35a43ac10156ec42f45dcec5794b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4f7c3ee4c67558a8a147ee891643f324

SHA1
22f34f61c7c563d6d7639af9d8f1f11547101938

SHA256
82b0ef66e7c0ec7edece774ca3ab2ee583587b16ac5b527ab865aaa2d33bb368

SHA512
5dfc74add7e52505cd479d7d5116d7f41faf08f12f350e7e86823fe00596d0129f1d551ca78c480333a47f5a1355fea87ee196704d5e9a90f10939f7a612476a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
37a338ce94d0ed1bbfdf081f93503266

SHA1
42bfcccfbcda12d809bc9807ad12c5d68a002fb5

SHA256
c800d9ccd22c83280e9349f9074430f30f93f283305867367627c86550a18884

SHA512
b6eca6561f1d7c09bfcad100b8594d87ae1f3eb36a1a61cff645dcf8b5a73c3ee6a2e9b1eeeeb969252cd02cef1a50fe7ab85095fcf3f41772dbbe73505a8b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7f2a278c05d2fbeee57287eedbf960c1

SHA1
9501eaeb7ea43ef5b93ea6de8b5b0bbf103125ea

SHA256
4ac5dd3cea6880bd4e270b54b3ac551faa8b959d259e56a67109eef599aec862

SHA512
526219a0cf3fa724978ffc9259815d4e0ae9d5490b09ccb636c7ff7aa95baafb665246256230c65a6818a6a0eb032aef21cb02c7d2bb05332a4e97fa7ec85d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
48d3cf2074905b0cf40434983433e39e

SHA1
7a451ddebcf1bc88153483270c33998b18e9949d

SHA256
220c555ba44e91b51c2f14ef3ada29f5c957e23baa13a7a4f0bb124a1cc2de3f

SHA512
c8ac3650e893a7455ebc01c1209e09629090d257c8fdd18c2c10b29157a88636e1aa281a6a3988a8658e79ab016cb0c44aeb33ab6ddf118f000e5b4b93c42571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
00e47b0dd8e334ea26bba96e300e3c55

SHA1
0a852c69aaaf5a6a7b7fd48112094e6dbbe627aa

SHA256
4821a19aac058ad505a102558851a51570c98509c2c1db8573d146fe1377ee63

SHA512
b2a4847f98d5bb43bf77a3ce330445c8aa82340df265856140a69b3e316678bf240da3150695b7f491c4cd2efa917966ca95ebf01789e7605302c3a30aa74825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c5eee9cf4083c2c049ec3e609490ac36

SHA1
dd152e0e38585bccc34111b48772c0e65dacd09a

SHA256
93c08b4046ff1c2808bd40c63e9907679fffa0b012a3debaed6009710b30e407

SHA512
2f01ac12fd9cba188908380d809076a26154bdc0f073869b63b9365994e52659d6dec90944bd860d51777080044e85f4e13768357e8c2e88717d42390ae7b498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f61a5521d78db28deb073dd8aa7ccbfe

SHA1
5dbfbff59c5014228cab20f14f6c033c63ca50db

SHA256
38f08b938dc8a7f94f5e7af14990e7109c96ed654647bb96d9dc0fa2ce8a4c08

SHA512
a408b9ac20f0c233b49fb1925df6d7dab72c566793e0ee9d01f16fc27bc78aec317a8975341e924c5b32cad3c36afc583576892540ccd8c85b7ab80c671321a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
093224ab099e0c266ecb49b71b32623c

SHA1
9e6377e46b24c1dd441b81966755a7a8e3571314

SHA256
2de30e7ca93b6f9bbd25fd6e261bd82728811a926f7f3e706ac07f80dda6019d

SHA512
5bd20f9942ed83d33b6a980a46c5160e265a0331b855cd0a341b274e2054095bab5e2c221dbe3e0fe16396f8c9c747b93a07851cb702d851b9eeb761b9d35bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
220040c925d403b21a6926078fd6278c

SHA1
ece1e0adec072057e43eb9d5925888b88c00c190

SHA256
4b770fe41e2fa735c2afa810266c14daa9f790f08cfb9e918b41e7ec14e932d5

SHA512
e083b643864ca399b1281fffb73cb4e5b50d675415ade54fb9fa953db7e41cd17b46f6e2ea9c0ff5facf2d08b20f1992910ffbd26f756240f04ad2497e181c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
a6332086fb8d56a443f0eb3ccc057090

SHA1
428b78ff84b5a3d3902c606cd61a2a639f610f18

SHA256
6cdacb3d469904269f23a3f240cb3df90a29e4983499293878f1cba5ed194d84

SHA512
7c2987efa28f0cb2aa1b1ee6f7adf0f9d16e47f6a6873a6d222d5a89b2ffd9fa53a6818af5961fbf1663633cf8b7193653cdc1d5b759bc2608cee00dc4da8686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6e9f85840ccec75efe4ca548369bc729

SHA1
b353357df304e3731b9eb36376be469ab0fa8ad0

SHA256
3522833ade99f8126e04bfb8d9b29029516ceb3a8ed9455973cd642679d80a5e

SHA512
975e9c107a1c7175bf3a13ea9cba2a1f47495ac9fccbe4f7dd7c0d260a8987237aceadada1305b39cc414a07d66aae75fbe7daf410ec16262ffdc62df85219f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
734B

MD5
75e78eb823af8cb4dc77ef01a41fb688

SHA1
771944aa194021d11992f8175b085cabb138131d

SHA256
53f91b7b3acee1ce2aaf6ff4f86f736a4843200acacc9bcd73261ed1016d1593

SHA512
1c043eed1fa100adbf1f686d3aa33da37b98124e66c3df3a9ed6c0596189cfaf07da6ad872f6256482b8e311628f056619f7f498f7a4a280bb577bdaea460f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
aca85eef24338cde0a11aacc7c60379e

SHA1
c03ca127ccade2bf5106e9ecf78afa24577f827c

SHA256
8952e8a281fdc61ddc3abb887f424187dfb261ea6c92f70ad44729b10f61a7de

SHA512
75c61b148f9901077f16830856ca3ab703c9c0a7b5ccdbbff4e6d93493121ee38f9cfea96577462fc43ab42d7e93f592e0a034ab6326aac2469a04fbd5f362ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13385601689292936

Filesize
8KB

MD5
d44263ac3580c0b9f99f01c342925aed

SHA1
d6ef62cba6a7d8135c490c3cc2971adb8263da80

SHA256
92359e2f6ad1bfb43bc40c36a8f0f1cd78afe80de9661aa336112b4f4ec6098e

SHA512
cbec932d0bc9b960fa898c0c0310d09019cf33baf2013cfd1d36faf6cdc593af090d2167f17cc85cb3b18b0b3254ba23c6540672fb614de697de975a2b59ee1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13385601689821936

Filesize
1001B

MD5
eae4ea587cb760632e15bacdb373ded7

SHA1
37150ff52dba2363f2d44f5d6ee81583981c2bbd

SHA256
3e1e4cacb33752b596567a06a7b71f47868f9c3e38d09098e274b501b01f4a92

SHA512
b14926c7d6624ad5a6c193cbd186d4b2e2a572bd9b087881c0aa4ef3898715dc9714a2f22bad7da877e896acf71fe2acbc023306cf26ea5ad5fc1bc848f3338e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
ff7c216b9e1a05eea8b266394c9f0f67

SHA1
555549fe07193e46f4fbdb50a949e46dec061e13

SHA256
f09bc7416fa2c4d41fbb393df86590dc2c38cefe4bb616d4f41aaab02c2962d1

SHA512
d20b5aec30c4c6ef550bdbc2f5c4d2eccc250e2a0056de7e7da5116def4e454f1563f8913e42d7e46c49594483a9aaad0b15a557367e13468b8dc2e93f068d2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
981bdc595b1d3902a4b30a86494e5650

SHA1
3b4c5d301bb80fdc9d121919e8ed02a5804a030a

SHA256
7d6c75ffdd4a42741cffae0502194a2c9fa18103bfd4d8fdfe780ad8589fc45c

SHA512
6535bce1f5b55ad5cea2ca47e01e398a6e9840a6fe69b8c5c7c215e075a2b61697f0ec2589f3804a924d314be3754edbb2c22641ab5df17241be1e5e5c3018d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
226776af74c939b62598f03229efd12c

SHA1
c72f86c6f2fa67989e83fa34e6e36d19bd1a70e2

SHA256
c8a98f9e35cf903036cd9614c332a4748b5d95e13635b39568990361e75d7097

SHA512
9eb2fd270604b2fc65ce4d5850324d05708390942338a4f242026fb94b7c1db273cf27622ba6b69197a34d95a30a9a993a2ba58bc25c777d503307bdd2c99b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
2846ef8f8da969bef97c83344bcd9eeb

SHA1
153cd408d02d7bcf5b8ea8e126b0e41bcf029096

SHA256
681ab8f54f4bc330e7b026f80b51be8accc0b1928ac192a7c8b8f35765c8798a

SHA512
14190188ef7cd0ea4f1232f12920ae3214348d628a47712257bcf3bfab6f8e00f327fe1a218377b7a507e8639aaf8a9ca4101194b9ca6d784e8e8964d83acc98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
2ea58ddd73951d673885d19d8aac1dbf

SHA1
38caf319eb3eab58614b6679a395581f626192d2

SHA256
aac9122658fcf53f9a363fded30d44a5f8fba1d1146ea8de78e2ccf14978c8c2

SHA512
6c455dced725eb61fb4fd93f4e5c61bb8ca7fd7d23eafd70753d566d6758deedbb43fbe504ea567dab3fc2a0c826d7fe11ac941f9d850b2ff79a27b2c1ea581a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
683c659b5843b710351316f19aa74689

SHA1
310e031230b654721780619d68b2b060dc51e5b2

SHA256
b52ed1c98d3a8bece0d931f3c40b08408a798d87b6b912b34b944c1ecb1039a0

SHA512
925390a48ea2c4a31aca51a5fb47e22b22345d3fa98f634018035671f432935719355922797f5c3c3f159dd830664a71e2d10414d4014d337271942c1258f503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
14KB

MD5
1ff2aa96b392aa5d51c5dc8dd566e9c0

SHA1
aa497173f1dc9d99fcb001b35fcaa182d5bad4fb

SHA256
209a045e28389f1662b234db210fd47dd75182fe8b608a094d657b0a7a97d958

SHA512
dbc7b8e0af379603a74693a0a8f656982693cd6e972f582394a064a1a6a77df1a367d01f5fee0197a9d02f36032e34a4a4c45e6fc0ffb7a682a1b2ac15da2036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
6f37761af5cf4e8b1f89b4d845f9b658

SHA1
7b976df15f55a889a9d103edb990bd4d5b64c2d0

SHA256
6d5bd4055dc3332fa8fc708b34bac60bf97ff8a71e44c5aad1df584b9980f134

SHA512
3e3328817bde65f3391773741b6ed20d675d6ab4e4849474cf9c3c23238a02ead30d86445d9448a3c017f6d82a852046d88bacfe557f4b3fecd9e76f081b97a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
ea1d5f9c90f30eaf2c815702ed5b2c31

SHA1
b194f047af7b472adebc131cb5bba84870c3159d

SHA256
d643f64e56e30da32231e7ae2b387bc637fb2c9b3dd9be1d230ef28f9f546567

SHA512
6aaf996b3ef47150633a7bd17883beaa6fb9c8e1fa32607fcaae61a47bbdadf5bf6629d0f063001ba9905d4d8de205c6d7ada9f01d0f32706b6df2ee1f6d592f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
0d220fcce6961e9f4872cc3a0d75843c

SHA1
da925bb91eb592a84c724809c28d1b368a0f0373

SHA256
d2dfb5a5c650a544ea2a991ce4aedd8cb643a41ccaf713215ffbeb694c7a0741

SHA512
121a059743c21b762a3dba5216a9f4334f59032d2a03ad95f7c920e770ede4451d77d90a55b955c0f364df72594ed85b6a2473267adff76263823a11e8086efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
0883565ae4221be94101d975a7d3ba67

SHA1
811661830261c4026474600ec3e42a52987b73c3

SHA256
624da0d462ed0f98f876257dd64ad38c9e1a606db8b45b1f7ab58ed3f02117d7

SHA512
4983a6f0b898beb9c2e44eadcebf3e54cad3d1f0aa029d00a7f36d12b113083d886c101c83d63b9fdfca9bd61bf786bba0ea78901ae6472c11e3b0a78785f04a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
676f4878cc754879c11f90a83094463d

SHA1
9f2de04e4f7830be9f50756913f72f4a162e7e5a

SHA256
692988dbd90dbdd22c9cb540c724647e30579fafc4acd3f82c1eb32bc9c98b69

SHA512
c7e0c5b7d130140f7aea6cce836d35a25f13a38edf067033f564c5bb469e8a26af04bbeb761022bf6f7b5ae4c6f1b7adbefb64e04d6bfaa2926970d4599004aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
9ebb02528ab5916149614d5f4a23f3f3

SHA1
9bf29e74550b7c7b96c10f5d01acd6e7b53965f8

SHA256
14ba78e634ae441fecd01e0a611ff00e3e6b2c3e589c163cfe52e64aabeb8031

SHA512
d15d64ebb49878c85301f22b86f930c08b866d906206c0ced42527001c2412b86efe70ea83d849cf5aae6e8901b3a6a1b149e4f64a9ea1d35bd84b643835d376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000001

Filesize
16KB

MD5
5cdec0426eb6ec54578b03331671102c

SHA1
eb1c2e089ba8d367fbb7af4b84e2791fb5e378d7

SHA256
fa7ebfec6f63fc35f3ab2cb4acf17b51ae9f8436ce59354348abdb2f0b633155

SHA512
b8cbab449444e57aca9e6198b803cf7eb1dea2c10470b9aea77d7b34ff80a45cebb405a9ef1b645eef252e5536c80b60490a9f0fd05739bbc9c581d7ed6c5609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
650d7375a7721eec976a26fa0f292d75

SHA1
6869d631cfab8346f6322e05c060feac1f4e28a3

SHA256
f4d90d59fa346b4f46f8cfa7a747fb5c450796a9b92b9cf8f0d152b5a80bd843

SHA512
d55a7a7315d927ad6d55e544dcb252ddcf1d3fdb3eec9f4a7f7d2f2a0f64d59e6ed0cf318cd63275d2de0e2c8fe8c6c9abced0171e590c8dad6b33b615de2f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
106fcf454fe1982773ca3c6c5bf4aa4f

SHA1
55e10533f80240d4dfa781bbaf338effe1cdf61d

SHA256
7aa02459f35e90d57a89690eda6e1d8667a544a68177755a9c00c52fff27b681

SHA512
bb3f07f8dfddd2f734923d719b089ff63c1f2eb7faa368dfbeb102414315a01b835a5a58efc9572d81777c179763f30f404a41691881e7c8aa2db122e493db3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
125KB

MD5
a71cd725e377b886b6dd040fcf504907

SHA1
4e508d0ae7b7ea4ad78e23e2b3ed53b60f53fb8f

SHA256
335ac7276089d3c46ec03b0e744221a392d95c421aef13175f15d55cbbc48901

SHA512
31ef660cd9df56bc48573913c9fc4226eef0cff2a31b640f5d650d7d46776c9791e06199283978b6eeb20a1ef7012aa7de0b722b5604c1c817a40511d89f4321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
226d08ee321ba24ce5cb536f8ebbd9b9

SHA1
d3ae6bae76ddacef8306536dbb94f2c088a890c0

SHA256
c593f535fc27c0fc1f402c5672b46d3a9d778e28bdddf1679c39d98bfd7cb92a

SHA512
13a5de2af6ba7da35e33e562984567d573748a1f3dc97da4e4ee8b4e66d9bdd6c0f12de5675158aa6f32f9f6b592e829f66198f6e7bf21701c25f06aa1914d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
125KB

MD5
f4248af0272a14d68749cd00360de8d9

SHA1
d4b94e186dac4e21d1b4f0c2b767b9d52d2edbf9

SHA256
541fd9aef0d16a416301e57716f777ae7be95e366e0be7b13975710bebefa48b

SHA512
3154979e0e1fc7e1e94d3afd58da100812b98af88c20e13bef7b72048b6e2506c5e0d076d1f29ccb54d06fc5295538238ef1b9275a5c6ff17bcbd7b436c1c0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
4b699e9c88c94820e94096a8b7ddfc2f

SHA1
6c681118d4b0de3b502aecd67ef5ea056be4f5e0

SHA256
4368cabc38148c50e256b518ed86e7fa412f5c7fba484a0d598b00962970479b

SHA512
ccbd575e70e559427fb99586a1af81534dacc1a2913337d1c9481384d94c557d29bebdba4283440e3ce475ac920b25fdeaf957e853c19a179ccbf754afd9213c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
6c56f9b943be2b2cbb95b429c8df81ce

SHA1
0fe9900f9bad2e656d38d6a411e5a10ffbd2b615

SHA256
c15fc624374ad67a718007015c12d86871ab06e18aef717a9a57d48482677ecb

SHA512
daf31a54263eedfbe89ee1ba39bea14e3b0d502ed5fb2ef71519e5e2998102a834f3b5cc5d51e80cbdb754fb1f498607b2cc24104b419e06a5f338f1928a622e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
76822dc38eb29d4ad51f262db6a4e38c

SHA1
5db3054040b81558ea9d7f6a597281eda7332229

SHA256
7d397dd5b2698bc34ebd27393851cb6fea0da5d6e3a5d534c9268599dffc8a70

SHA512
8ba6fb4186cfb554ceb2afe614f5a51609a789abf32b99719d9d6c1a2297e7bcab28a6000bb71b1a178f0e5b2063c084dd92f219a293af4370d3f9fbea1603d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
4KB

MD5
3f262b844fe74164501dc3f844c020bf

SHA1
081e35e2541b18964b66cfb7397809413fb57819

SHA256
8b7c87ad99a32f61b29b2c80162499fea696cb9e34d6d4c1f8144877236c05f0

SHA512
d9a1f307b579ec4407f07fe79cb31daad6ea6a9793bba161c33d8556d87e06b148514514ab6bae7890c51454584536a8e5cf27f1accb3e50f8f3b61bf7cdac2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7a353101-779c-4bc5-b59f-f6bea353b95b.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2868_1813713791\6efc0e43-e5ce-4dc2-b3a6-14e0ec601465.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2868_1813713791\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\RootkitBuilder.exe

Filesize
209KB

MD5
ba90b4f62e980dbb25e18c42f73304d0

SHA1
54e0864b6594cdfb4b04cb9a7b219c47a4e2ce2d

SHA256
5e1cd6f5781afe5b7e4f97d8ef5ac2e528faf2ac041b930a758f3e7219a00ef4

SHA512
61350191006b20ed78edbdbb12eb35185f2dec202fa4b87517cdb9608d528d951fb39f6cf5b9d0c68df392c80873c1133bbbcac6e1bc626aea9569d16b255d02

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 401202.crdownload

Filesize
1.1MB

MD5
3d913aab7b1c514502c6a232e37d470e

SHA1
28ac2d1519ec5ea58b81fe40777645acc043b349

SHA256
bdb84aa16678189510def7c589851f6ea15e60ff977ea4c7c8c156504e6ac0ff

SHA512
311e8f73c52dd65cbaf9f6e008b3231090ea99edf3471bac63cca4156a37a0d874ac590b19c01b15e05345bb6a5b636a11698bbd4e88c59c138dd3f358800027

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 461067.crdownload

Filesize
2.1MB

MD5
b464fc896b14bfa34f608da53856e999

SHA1
55568eecc97895cad49a42bffe757e3588c5313c

SHA256
2130c7489f5a5e21812c1eab37dc4903b901861a2d545aa607555be269091afd

SHA512
1b310b16b0973c9100c9d220338ffc9340b4085d7a095cc601998b5cbcb67b927d8665070bd8b6e2af2a29d13762f404a794b79dbe223b48751894a4bf47c5ca

Download Submit
memory/1868-944-0x0000000074E50000-0x0000000075600000-memory.dmp

Filesize
7.7MB

Download
memory/1868-1005-0x0000000074E50000-0x0000000075600000-memory.dmp

Filesize
7.7MB

Download
memory/1868-941-0x0000000005570000-0x000000000559A000-memory.dmp

Filesize
168KB

Download
memory/1868-940-0x0000000000C00000-0x0000000000C3A000-memory.dmp

Filesize
232KB

Download
memory/1868-939-0x0000000074E5E000-0x0000000074E5F000-memory.dmp

Filesize
4KB

Download
memory/1868-942-0x000000000A090000-0x000000000A634000-memory.dmp

Filesize
5.6MB

Download
memory/1868-994-0x000000000D340000-0x000000000D466000-memory.dmp

Filesize
1.1MB

Download
memory/1868-943-0x0000000005800000-0x0000000005892000-memory.dmp

Filesize
584KB

Download
memory/1868-947-0x0000000074E5E000-0x0000000074E5F000-memory.dmp

Filesize
4KB

Download
memory/1868-945-0x0000000006D20000-0x0000000006D2A000-memory.dmp

Filesize
40KB

Download
memory/1868-946-0x0000000006F50000-0x000000000716C000-memory.dmp

Filesize
2.1MB

Download
memory/1868-948-0x0000000074E50000-0x0000000075600000-memory.dmp

Filesize
7.7MB

Download