Analysis
-
max time kernel
387s -
max time network
380s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
29-09-2022 13:56
General
-
Target
PAGOS CANCELADOS_27D.exe
-
Size
3.6MB
-
MD5
135e03400f15e6058085d0f867d6d0ef
-
SHA1
2d1e0d30426d68fecb1bbc52321df8b4c0e4363d
-
SHA256
646d385c9b7168e97199fd0557a1c22ac0c0eca724e7684bf74a524466933693
-
SHA512
ba86e3b65848fe33d94d9daec17bbf7c1077a4abf36fceee36eff6ad65b72e4e69b1b8cab093afed589428793555357b716128afcfc2afa75a317db874f779fe
-
SSDEEP
49152:FbU6bMuLV01edOnZIPaKPm6Q7m4bjuBFnhHK4i/59Cfev3DeVN2oTIO4f:FbnbMZ
Malware Config
Extracted
C:\Program Files\7-Zip\History.txt
Signatures
-
Bandook RAT
Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
-
Bandook payload 3 IoCs
-
Executes dropped EXE 3 IoCs
-
Registers COM server for autorun 1 TTPs 3 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 20 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PAGOS CANCELADOS_27D.exe"C:\Users\Admin\AppData\Local\Temp\PAGOS CANCELADOS_27D.exe"1⤵
-
C:\windows\SysWOW64\msinfo32.exeC:\windows\syswow64\msinfo32.exe2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\windows\SysWOW64\msinfo32.exeC:\windows\syswow64\msinfo32.exe2⤵
- Adds Run key to start application
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff7bc74f50,0x7fff7bc74f60,0x7fff7bc74f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1616 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4560 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4792 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4984 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4616 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4612 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5360 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,8947173872772906627,347424367389842380,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 468 -p 3152 -ip 31521⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3152 -s 16761⤵
- Program crash
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7bc74f50,0x7fff7bc74f60,0x7fff7bc74f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1980 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1644 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2320 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4524 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4808 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4568 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4976 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=808 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2384 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3128 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6024 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5972 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 /prefetch:82⤵
-
C:\Users\Admin\Downloads\7z2201-x64.exe"C:\Users\Admin\Downloads\7z2201-x64.exe"2⤵
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5756 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6124 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1536 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,12447549538613371744,2242786857925429661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3636 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PAGOS CANCELADOS_27D\" -spe -an -ai#7zMap17624:102:7zEvent35661⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\PAGOS CANCELADOS_27D\PAGOS CANCELADOS_27D.exe"C:\Users\Admin\Downloads\PAGOS CANCELADOS_27D\PAGOS CANCELADOS_27D.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD5a3a937930c5b01ecd542f094135aa0a4
SHA179234b7656f2a562129f98b27bc0762dc867d7fa
SHA256985145fe40ae859f59ca7f31f100fe1a194f21810f50f5fd26c4c73c25b03ff9
SHA5127fa94881f580973ffe4c6b67b811d47e7c104681b1fb8b36c6754ca0d29e731e89c252a9ea62e1888edf2eb3ffc8aa9f6462ed78f61c9683ddbe0d3f50f7ca41
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0Filesize
44KB
MD59467fb7782350769164d43d5518cc006
SHA1a7dade6f3096b0aa75def01d8a33206d957315c2
SHA256c5c1b1e82bed926cd6409b60dcac7512b7b9309bf87df7e20d5499316f244648
SHA512124f68e1146141991cbcb2ffeaffc6a0179c369d8f11036f790485aa9af8e33c40f21a59a6854ae6d8b35cea4de22cc7180be2edeb2452b4a2867ebbd4709e1a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1Filesize
264KB
MD5128aa250c0a3ed0b89bbeccf770456c0
SHA139f0cace98b22c8d3c3ebac4da06039374e0dbb4
SHA25693e8b72a85d980a278d94d6a589863f7bcc88b8dec3f5e7a7fa23cdae5a43176
SHA5126789420b414dc69de57596fb1e6ad48879d8ad58f4a438ce94468bb1e5de152cf944073cb210283647922bf42e71309c08128f87c0f02c37d01b37445f9188eb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3Filesize
4.0MB
MD569dc9917270abbca1e05b4432bfd4f6d
SHA124acff63aadb8cc7f6316719cb4963ae80053d93
SHA256bf4c8cd426e922a5167aa474f630cfb0e162aa475571795d5ae8e12b6c0e7efe
SHA512e62f1288915eff217fc36c81935ee265b8ab357ebcc0ca1704dc5eefb7607a5a48e8d4db51ef00a3d6c3f1c5c2deb545505de07df6670dae978f09a3814af4a6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001Filesize
39KB
MD5f3134c2c53ae6e1e768ad42d4f63aa3f
SHA1da57bd50eae145d33854e1904be1957cb2ddf045
SHA25610ae99d9c7d3c87d054b63c8721a32e676da2e93f4830df3021660a43fae5ed4
SHA512416f7c0574ca281d2a73746a3ddc15708553be1571705b62bc48e6a634f706c817fa50de76a753fb893aa9760b3f980659972761f34285ecfa12ec14417ace4c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002Filesize
49KB
MD588a91890e14f1a8ae4e4264c515b38e3
SHA16e3c1a4903768e6cb32e6f898bb2e74c46912e3f
SHA256a0d5dcb379336ba10d79ae9b3af9bd36412efc86a02e77446099a82b6030ceb0
SHA5121150e59fb1af188ad47f5109e3d3e67832c77c5d8dfdc56acc9a335fdb19f23cde6a94da22f5e6351461c49ad476480789367b43add3f78c04f0b8220fde6830
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003Filesize
35KB
MD548ff0e8782ee2e49fb2fc1e680e7953a
SHA1669792e69fa69c053a346ce0c75272fb6ec4e330
SHA25684496f0ae0347138128eb776b51457f470452aa1e7284653af71efa3d4954c62
SHA5126e37171b9394685d2686895d9f47500302937e603c7e7af4190bc39f08f4b9e8b3d01cb844c442a8ade6eaa5eab41b66cd7b4eea261190a70f5d0597e2b85c6d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.logFilesize
399B
MD5a15ac2782bb6b4407d11979316f678fd
SHA1b64eaf0810e180d99b83bba8e366b2e3416c5881
SHA25655f8fa21c3f0d42c973aedf538f1ade32563ae4a1e7107c939ab82b4a4d7859a
SHA512370b43c7e434c6cc9328d266c1c9db327621e2c95ad13d953c4d63457a141fbf2be0b35072de96becc29048224d3646535a149229fc2ba367c7903d3e3e79bdb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOGFilesize
317B
MD5d566242002a51fafebbf91190b26e9da
SHA1c4ed7212b7e939bfbfdc26fd65393c1baa906d1f
SHA2567896fcb98e13588b1493dc4db9b7a97e81c08ee9d952e3dc1ae7391c5ea47ac5
SHA5126dd2c695f935a2d37c94d830bdcfe85d101bd6f80f48f896dd5194e1f2420176963da5bafb5f9664acc5d1929362f6ccb87b4106971daa2ecc4a0ea37c2435f9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.jsonFilesize
10KB
MD590f880064a42b29ccff51fe5425bf1a3
SHA16a3cae3996e9fff653a1ddf731ced32b2be2acbf
SHA256965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268
SHA512d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.jsonFilesize
7KB
MD50834821960cb5c6e9d477aef649cb2e4
SHA17d25f027d7cee9e94e9cbdee1f9220c8d20a1588
SHA25652a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69
SHA5129aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD55cc901d022c4fbc36a6eed4a8d62a699
SHA1f2a8728b12c1dfb7f96e5414bd3bb775697f5e9c
SHA2562c9b6a865f201b0e550a816ce5b2f024f05f5f87d195bc68eb717fd3a789db86
SHA51203cca499c12faa6fe2920fbc4291575d30f7a3ef318a2a3255f927798f2981bd7e01f0c33ede5d406c638eacfea2e7cb3ba3648a2d43dd94e82bcd0efae162ff
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGFilesize
329B
MD5b2a205b2de840ce19e8e99057b5d03c1
SHA1d130bf96fae0369f8dba4baf1632af69ab7b8d67
SHA256d5e8927a04441ef5ded489b84de01747c0a8924edff2968e0b8b567bf7d9ee32
SHA512d67f72b38ac8e700d94526d3eb8551db085029d7466df710cc4b37030d63795aa9459061ce7b26ff2612fa1597d0cfa7c49185a447b4e33fc8e11b4c48de34c8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent StateFilesize
1KB
MD532982bd630caa832510795b22bfd4ff8
SHA1a06e5b63a9323f6efda7d198dff6295717686c20
SHA25642b8de709bb50e3f10fadcb628201e8d4653f2842c892a938af73bf8d77576a7
SHA51216fb283f69fe1e2789bf8de0eb82ae6ed9582205879473c372ebe935d52b9c1cf74e80830e9d58c7e4c7b9df5068ecb1c7ef3aa6120ba054352d38128d79f0f1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOGFilesize
331B
MD52d665c28eeffeba7d1be34105e7e1620
SHA100f6ea48b61663f8e80199702ce8f401e788102d
SHA256c6e5a547ce5c8fac7f4b41e6388486ae47a00230893232e4b5e18dcb4f16cf7a
SHA51268d4a68ce4531ec18079f5254669ae000356311c9fb776bad657e5b431f979412c4840a36b771cee2eddc6449fbcd8f4f3d600abe32b41dffb005c02228e75b1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
4KB
MD52313edf50e51693b40eb39d62dc5cc47
SHA1ed2fef3ab647f193c7c37747367f8e7cde22a7ec
SHA25660fe14d87040f6be101d4fb0037bfa0cf65da4cc369befeddd14a27bce7e7561
SHA51297379f55760ddce6bf60661af18c34b7762971ec42a68d0b0dffe3a38d1548561c1e167028e104e89e19a33c2deb0acbd9e0e58330f5350ac9762663c87a6c60
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferredAppsFilesize
33B
MD52b432fef211c69c745aca86de4f8e4ab
SHA14b92da8d4c0188cf2409500adcd2200444a82fcc
SHA25642b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de
SHA512948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NELFilesize
36KB
MD5021ba8a2b15ee68ab0204ba6986aba8c
SHA159ce840b6e819a29696311d7cf0891cf39e71d26
SHA256c5b2b7a540359b9a0f318c258a8677ecb890a792ee7a84cc4a1b1c94dbe790a5
SHA512f84c522da0b514c263b6f80aa29542b1f764950bd1df86ba77a473ddfaa4501058bcac268c5afb54c42d6aafb843efddf5d82378a498b05961d7b67f6ec32fa2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
17KB
MD51a4b4fa23c83ebe185f954fc5480c08f
SHA15c7f8260f31ebf69bf96bb6e00ac2a6e36f24930
SHA2566cb68aa132508ae42cfb6f721f8358e7416d455cb093c4155b2f2be0c783ed04
SHA51268668054cf048f917aae81f25f715deadf27e45c56997dd8de340ef06231cbfc2e69e41f5b76f00969eb3951452f197e8180d0dc048f7649cedbab1f75bd70e8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.logFilesize
194B
MD5d7d9437445aa960dcea52ffe772822dc
SHA1c2bbf4ac0732d905d998c4f645fd60f95a675d02
SHA2564ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1
SHA512335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOGFilesize
317B
MD57001fca435d3c6fd45ddba5afe84b094
SHA1126a4223553ef0b18231e5cc754ec7f6e94de2b5
SHA256eb272e3131c12627729af5a0534f3146fab986ce127767d42ce7aa993940e21d
SHA512db5aefb4314782e2b6496a5d8177ec3a724a8a9f3181115317d401021523260e122c66bdc13574e3d7a315c5c2eae785379f3e71fbbe68d54b18a8dac94b7a98
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13308940678932679Filesize
669B
MD5133c73c4f559cdbadd3ad0f7c487aecc
SHA13295baf1b33229bb92aae724d1dabd05173ce618
SHA25679bc00574c875834a847de949672a1bcdcc8bae8689ef0158ff69be4d1d0005a
SHA512bbfc8d5c481c35d06dabc55f4e3646c70835c1c05f7fe204ce89d570dac56e318fe5689a0ad2d9fe90357e3e3a85403d2ff8085b02c4688845b711c4fd3d234d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ShortcutsFilesize
20KB
MD58be985ece811ba0a3f10087f5f4e6fd4
SHA1c87c84d4fe182ffb8362f3cabd33349af94e9b55
SHA256da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a
SHA512901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOGFilesize
345B
MD5ecf6b86fb865b6b29340ea64b97a6b34
SHA1ca31d12be959cae841e206054132ec63d45020f8
SHA2563a2ef97960e229a235b40521106ac390ddafe718f959eeaf5f2e0531a019317f
SHA512167883cfab48f3db9af07c8ee04a96ca403dfad16458124b42bc5aa5818aa1174f8543cc25fc9ef5f025cf8a6515c8494f53f17cd61ec6d50554824625874763
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.logFilesize
160B
MD5de92ad90be6d3364745b2f73f4c3cf73
SHA19158681463bd30e5af4dda4baac81f93cedbda77
SHA2560025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0
SHA5129e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOGFilesize
321B
MD5bebca65c4f60a5845d9de40cc86bce56
SHA17e45bf3da80a5981455d4855724894eb9338839b
SHA25642334bc76cf42f430085bc649acfdffb47147654e1c040af9cb0d77b1506dc5b
SHA512a4f5e52b5fe2e6818f854a46e4f3a24461c157990bcff147a365364dc93cc517ece1bd922a84b63b95413c25466792361560b786408484b5ab71425b38d6d2b1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurityFilesize
538B
MD52b33e8b801013f026e01b0fdccdfa175
SHA131fc46dce12b7fde5378aa6e4c307048cc381772
SHA2563f44d671d27fdf1be105eda4c19dcf2b73c05d12a9e26d8cc402f296ffc6d0a8
SHA512181c661aa6e15a05029d15fa1e86052cf86e3f7289b754a90d23c7650576824e32490da35a21427607cd89cb87e2bd6eecff5bc99105fcae094d668fa179e7fa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOGFilesize
45B
MD5ead5229376df30bd117a5767f643e040
SHA159580aebeaf606e0e8bbaefe3b8fa925e7085692
SHA2565b120755e7010721087cc2f91ac89d01ac403baea66528db224d8db3a8c6a22a
SHA51282be4acb29892227e1d2555d84b0a8c20c63af4b727456adbe86e452ed72f6dc69b4a0858692cab9c345f64bb723bb722114c8cd3629ed8943483c1e6da32a1a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002Filesize
50B
MD522bf0e81636b1b45051b138f48b3d148
SHA156755d203579ab356e5620ce7e85519ad69d614a
SHA256e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97
SHA512a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.dbFilesize
16KB
MD59a8e0fb6cf4941534771c38bb54a76be
SHA192d45ac2cc921f6733e68b454dc171426ec43c1c
SHA2569ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be
SHA51212ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.dbFilesize
16KB
MD5d926f072b41774f50da6b28384e0fed1
SHA1237dfa5fa72af61f8c38a1e46618a4de59bd6f10
SHA2564f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249
SHA512a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD587c0823540a7a141ed14447e40abbbbb
SHA1d83e5f3e536d3ff695368f70b5a7916068655fe4
SHA256bfbcc0d00c0ad03e808793d20d780b63f5b165d5680df6f0cccc776f46ac08eb
SHA5120d8c690d44dff6d19e1342f77c1e017340f5bc315af07e03d29d6b70993131b5b5c59992c0845c3d75c049e9a8e4186b2d6ab15eab736e0e7495fc70e0450042
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last VersionFilesize
13B
MD5b63048c4e7e52c52053d25da30d9c5ab
SHA1679a44d402f5ec24605719e06459f5a707989187
SHA256389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1
SHA512e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
96KB
MD5e0994a7117402c8fe9baa91027bd88c7
SHA18dc5ca09edd4dd8c36fdeb19011165e2c3231a78
SHA2569d3fc168981726b399e36097921b10d88f5a63ad45b28b777ac6d88d3fbb4e37
SHA5124547fcd69cc78c61d2a9f803aecf9d79ed55146584f28fd6cf8957c7cad86b5f40de7abd0dfe6cbabc9b712e9f51e6b74a70b4f301121e082440869604e68e7d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5450998a1f331d315c5281f06d3317059
SHA1f02dd07802c2051b05f6c9a603139a12eaa7947e
SHA256f60fbc7c0a443c8ae0e42300a434b227e48ad190183b846ad0612a1dbc14a6fc
SHA5127c8f1109474128ed6aa922f210a1c55b206c4a9a7b178c4e655796f99c2249d7a308f190eb084d5784ba72c5604c180c8ef0b997006a35ab90dda1d0e85831d6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txtFilesize
4B
MD5e09f61118b4be1386d24242390fb563f
SHA1ab5fb1c699c36b4510743fa24f0b06dc70ab8397
SHA25699c931f38383eb00b3322318221f1f28e4272264eaac7da21afacf5cb4eda814
SHA512ea751bfaa5cf483325bead5716ac726716089c6d7966f7da32c8bc4559d7e898f50b8ab7a6f936968981f18dc6aa987594c4dcdf8d6ea6de11bea57a278eb0f1
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.aclFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.excFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\crashpad_204_OECUCPDIBEXACNZPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_4880_SREOANVEIQRSYZUSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3672-174-0x0000000000000000-mapping.dmp
-
memory/3672-175-0x0000000013140000-0x0000000014009000-memory.dmpFilesize
14.8MB
-
memory/3672-176-0x0000000013140000-0x0000000014009000-memory.dmpFilesize
14.8MB
-
memory/3672-177-0x0000000013140000-0x0000000014009000-memory.dmpFilesize
14.8MB
-
memory/3672-178-0x0000000013140000-0x0000000014009000-memory.dmpFilesize
14.8MB
-
memory/4376-179-0x0000000000000000-mapping.dmp
-
memory/4572-180-0x0000000000000000-mapping.dmp
-
memory/4572-184-0x0000000013140000-0x0000000014009000-memory.dmpFilesize
14.8MB