vidar | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbHRYaFRHVklGeXZYbnNMamZjNzlycDdsQkV6d3xBQ3Jtc0tsaF9zZUJUOUtoYkd4Y19nRFRoQVkyYmQ1dmd6V1VyVGRyd19VX1BzdUNqV3ZfcUEyNFJnSVFqdFNlV2tQdkFBN0N0UHVyZnFxeURNbE9ZVi15V05vRHRFZlE4WnJKOG1TRVNZXzdFbmVKMXRKV0pnRQ&q=https%3A%2F%2Fibf[.]tw%2FoC6bs&v=u6bEsLsEk90

Analysis

max time kernel
170s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
30-03-2023 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHRYaFRHVklGeXZYbnNMamZjNzlycDdsQkV6d3xBQ3Jtc0tsaF9zZUJUOUtoYkd4Y19nRFRoQVkyYmQ1dmd6V1VyVGRyd19VX1BzdUNqV3ZfcUEyNFJnSVFqdFNlV2tQdkFBN0N0UHVyZnFxeURNbE9ZVi15V05vRHRFZlE4WnJKOG1TRVNZXzdFbmVKMXRKV0pnRQ&q=https%3A%2F%2Fibf.tw%2FoC6bs&v=u6bEsLsEk90

Score

10^/10

vidar 5486a916d26a1354ec22e5bc436bbf98 stealer

Malware Config

Extracted

Family

vidar

Version

3.1

Botnet

5486a916d26a1354ec22e5bc436bbf98

https://steamcommunity.com/profiles/76561199472266392

https://t.me/tabootalks

http://135.181.26.183:80

Attributes

profile_id_v2
5486a916d26a1354ec22e5bc436bbf98
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Executes dropped EXE 1 IoCs

Processes:

Setup.exe

pid process

5596 Setup.exe
Loads dropped DLL 2 IoCs

Processes:

AppLaunch.exe

pid process

4044 AppLaunch.exe
4044 AppLaunch.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

Setup.exe

description pid process target process

PID 5596 set thread context of 4044 5596 Setup.exe AppLaunch.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5352 5596 WerFault.exe Setup.exe

pid	process
5596	Setup.exe

pid	process
4044	AppLaunch.exe
4044	AppLaunch.exe

description	pid	process	target process
PID 5596 set thread context of 4044	5596	Setup.exe	AppLaunch.exe

pid	pid_target	process	target process
5352	5596	WerFault.exe	Setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133246364219623275"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

5032 chrome.exe
5032 chrome.exe
3472 chrome.exe
3472 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

Processes:

chrome.exe

pid	process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

Processes:

chrome.exe7zG.exe

pid	process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
3148	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5032 wrote to memory of 1284	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1284	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 2208	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4700	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 4700	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe
PID 5032 wrote to memory of 1876	5032	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHRYaFRHVklGeXZYbnNMamZjNzlycDdsQkV6d3xBQ3Jtc0tsaF9zZUJUOUtoYkd4Y19nRFRoQVkyYmQ1dmd6V1VyVGRyd19VX1BzdUNqV3ZfcUEyNFJnSVFqdFNlV2tQdkFBN0N0UHVyZnFxeURNbE9ZVi15V05vRHRFZlE4WnJKOG1TRVNZXzdFbmVKMXRKV0pnRQ&q=https%3A%2F%2Fibf.tw%2FoC6bs&v=u6bEsLsEk90
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcdd29758,0x7ffdcdd29768,0x7ffdcdd29778
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:2
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3228 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4876 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5176 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5480 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3500 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3900 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5620 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5860 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5992 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6228 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6424 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5436 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6484 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6476 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6844 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6716 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6388 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7520 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7524 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:8
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6660 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6864 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7096 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6124 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7140 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6036 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7200 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6928 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4716 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=1776 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5260 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6956 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=2436 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4984 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7352 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6124 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8068 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7392 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7672 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7240 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7944 --field-trial-handle=1892,i,15588752774805191400,2598751952415042362,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3472

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4520

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5688

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap25063:98:7zEvent7233
1⤵
- Suspicious use of FindShellTrayWindow
PID:3148

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5596
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
  2⤵
  - Loads dropped DLL
  PID:4044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 624
  2⤵
  - Program crash
  PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5596 -ip 5596
1⤵
PID:4772

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
1KB

MD5
aa1caf501df68b7051cc4c43812d2d9c

SHA1
5001c217468645e7f663a7d5da50af8b64db1d4d

SHA256
ccef8b48324d4d4d994dd0011812e502f5f6d583cc05ed33dae9e49ce5411e4a

SHA512
360833a4647f6c52e7a938d13215a78f054bc3b26ca5fa3f200f9f0bb58cae2826437bfbcd9d040432b8559958a8d3f5a9a8ffb8b7e8fa001e0975d0294ba1ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
9b27308377338af011d983fe7f075041

SHA1
55533de45c458c7e3a1f96a55c11e0670b90bf0e

SHA256
00d676e154f32156bbc8d9b60b268090d885e731964b7063b44e6d22d7838f0c

SHA512
b3027b8d09f58180f6c56c6b45cbeec570a94922b042057f6704d25feb7b3ad49d93887bda048cbfb11da5b63d180f8c08dce8c2a464445b49c13a6f51c26054

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
cf6ec71299f7243dead5936a09d818b3

SHA1
ff7dbb88f3bd7139ed3e566f3a2cb43f5aeb150f

SHA256
2cb5640a0f66c8254c44e3a014771805c8220fb6f522360b9e5e2b49f0bca340

SHA512
b42e5f575475a5eefb3feab35d0ece18505d8691205898d6a61c7a4a60fd6fcca1f08b38ced7df83b2a58fed7c970d3a8e679f286c8f925d99b32354f65279bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
458B

MD5
94c357327e7a59b9a30c48a10823619b

SHA1
41026210d6174efbab747e68903964a8dc503773

SHA256
4a669993441347148eb53151d6c27b62b26fe0dbb644c1fb2a76747d4c0ec514

SHA512
dd769e709029bbd1006d25e939a634ccbdddfb6bf24a186c12eb099101886b4de1dc729b5aa3095a5fe0697c6a39bd2d4f2acf7e472d9bd39219aaf84d01f33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d707f4fada87379830d25fe4edb3de84

SHA1
0372e37cf188581f4f8aecf4ba8eae8a5289bbe0

SHA256
670d2364898a0458a5253246a4d144c96e8039a9789d51158fd7ef8362df9571

SHA512
9e6a6b90ed17fd0df7e1b31e6f83c68a4e1370fed2053fabaf76acfef2a1c3b0192a7a3a6f07d373d1d464e2fe404ae8714773bfbafa33338cae34f01bcd35f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e7b8040aff65a7619a7fcd74f74b3fa

SHA1
86601efede0c916787d89c19785b63b2f86b7ff2

SHA256
ba0a4ab594c0817cff61b7fee6279a860a906a7b046a497b5630c678c883ac40

SHA512
6c71bbc2b63683e2874eaa50263944646ac46d750bd6f86266d0192e3514d5b6e11898c3148c4bdc3f8a20a7371d6e0c57d56ea9edac9575831784a23d1a3cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
53811c34f9d9b525fc98925733d43917

SHA1
8b7e6271eb6e6138239b5c2e5c0a268307250ff9

SHA256
8fd8c54fcccc6aeecd3f3d3b23130eb0e957ac0c1d90fcbd0d792b5f0c4cd1e3

SHA512
7c5838c62cae6bd39a9a8f814b660db36b9d41c6ffb1e8b09aa58a76299e81cd8814034409aedbeb7ebdb86c36266b7f68b78e94e4b3e72dfa711bfbe4ccbbcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
192KB

MD5
031e6230a3b8a26dd05e097e1bd9f826

SHA1
31cb93a546eb5508477c0bfd6ce34040a5682dff

SHA256
229c03670fc2af52d52777a94ddaa3798f5801cad177ea14baa883b79d2d1459

SHA512
baf04f6f31586ddce03360bc5d46b91c3a362490834dae70aded199bfdf3ec9da9dbfe5b9736cf6fd53650c4564f6f87b82c0a7edcde40c7c206f7f268239c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
72KB

MD5
801cfbf706a79591767ceaf6170aad12

SHA1
4ed68f9327bcb785c5523cd9e4543df429bd4af7

SHA256
59104582c3267077df85d4570b1ca2117466b32a5c60637dee5c5385b5334412

SHA512
974aab73fc3fe21b1a3f2db0eba29abc891c9d75f3ce807f956028b696a615a1d02ddc5bc89265bf0ae25c8ecc995d47e975b6c668ab3c0a389ef0bce8ee7748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
b1892ae2a4412092ce3fc3ed798f87c1

SHA1
1d3a9c7c1558e114bbe9fb4f213a3713f717f863

SHA256
ccb6eb7d2af796f87bdf870de60f76de0d94af7b4e8c08fa936924c315363f0a

SHA512
4a407d0006d48bde87ea1abe54facb840c14fb82d112f6459d72a31c09344b59beb247a2a5e178f552fe526b1865d234d184e1429769e3cc2d76186c322fceaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
f4d337efd9fe68e442e99f226ba58367

SHA1
ee09bc0363772251ebebaeea5378eabb870c5321

SHA256
e465e53a80e1b370fa4ba432259be4194444eccee58c5966f4b1a49eaeb6087c

SHA512
fccf8e1b11e9d859d01db9406b041b980a8c2573460de7e2c945146d95ea9321d05ac15df9f6f6d15946f37358ebe5f13310b0c116bfa8a584cb8435b9c27495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64b473a868ec9e37288edeab18961b4c

SHA1
c4162f9a64f10062a0109d27d2b4c92c0421c8ea

SHA256
67ef1df6b4b0cb8d506f3c8f896d8e691a4c6efb1df166b1a475a0f732cbba2e

SHA512
0e165dfa9cb8151989e51804ee1d0e187d3214cf4499229feabcd4beddfb3ea89e97f9811285623cac09283766956501c8232f2f85dce8afa060c5cb43f59b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
790fd7c9da82bc003ea73da863f144a6

SHA1
605bdb743ced96b1debbe02417a6894fa69a70c0

SHA256
4cdd2d8675a5d4f583164918f51b0ceef1dcb1ec01561fb08bccc77f1a75d602

SHA512
90569e318123e46c1d008c8e65d29a2d8c9d362ace1e90042dcb8acbdab02390568f2c442c161d7267be3891174a9259027f7d1947256abee1b83c892e66c2ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
6ff6d0c685418e34c58c356431e1bbc4

SHA1
d27e844a52b9abc3b287e7525edb1409742584da

SHA256
611a036d45b23afef7d3a1b048a5f00243ac68565d03d4b73c29c003a35b2ca6

SHA512
c313e0b01d7206b0ea715f8a71adc635e7cbbf299ee68801e321f8472c697fdb9ae5f4d825baa76a0e15a5c609c922aec3f10c942aa95754cd85f4e3de572d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
23015a9e4aa08f0ab05e99424f40f6b4

SHA1
3e32c90bf5fd5229d0c6f156b2f65f1dbbfe86be

SHA256
41f4ae1ab53b320e1f27c1c007218b5070df0ea50256762516308adb81b11b8b

SHA512
36c8723161aa39de4d283f45bfa5959bdd30e51b9a98d676d808b4956c4b7ae0c1ddc93e36ae4e38bcb090c1e249f3133f73cf3fb77e15a96a651a42ac89c22d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0d5ed9945b956e0998d8dca2b9f0e05b

SHA1
aea63e21875217f51b1f85bdc3e82b057091182f

SHA256
d3f155952ba86b3b06f9382afd03221973fc2d17b99d4fdaa540ed062bab6dfe

SHA512
5ebc5dae067e9547ce9b7b20208e2c7cd6d031c7c1531b6a556f012fdbeee0ee70f9633eb7e6d0643d1294eb741fb14ad32a6aae81dc91f7c87b0065ab6cc4af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
00d21c7a0f389c1229a69273b0624604

SHA1
0507ced9af290aff1edb3b848f6143a186c492bb

SHA256
8951d9b8897fdc767e8a1461fc0e6f075f79d6c95bb1b2dcb42aa191030fb264

SHA512
16d91547b58fe82ae73c2ca4caca77aa0ff468902785bb7f8bc9a9a2b3f5a78aa30ab51ae3213e4d166d1e870a22fb93f3aba9abf8518dfe88f85d1f92fa5ddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
896a7487e0f6071e35863b3098b1aadc

SHA1
fffcd7519ec1b9d4ed152252a110cb74729779ae

SHA256
8c54b7b465f05bd36e48803be9ec698fd4c24cfd8fb787de8e7a5d24ea4e0aa3

SHA512
b5c0fec3936ff2eed7e8e4c4f725fdd0a6562763e5b9c913bc7b04ccf777f5dd14b411eb56b2955573a9464018bd0743252332bdd9b00e76027a9f84c0557477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
abb83813e31b67ff3a4ea8af915bd757

SHA1
38b695ac326946d2c43b0d9c723af4c3d82d8c51

SHA256
124c8d3b88a34b5027565788034fe7bfad907bca77a384fbbafb1f89048a3a2e

SHA512
2beb8b4c71085a92583532b30e6245c286a8e6282bf043572892467a3c7984b8bba4971b621323a2422c7dcd9e528a931d22d2ccdfaa37f072dfd1d9649ddd64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82353e02160ee7aa8ae42e9b873f464d

SHA1
5d5f03d176130b6f1e8ff8b0ab14d01fefca9ff0

SHA256
9555185220fa55c54332e3bd204471275fa47b45fbbe9364037f49c63439027f

SHA512
f42db04031f871642b06d762a428c3ea3793c03d8e52bcfcf05cc5c46dc2408ab8621991c0c521e8316cde25760ea9b5d23ebb39a5dfc1eb533d150a6f7c63ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5958067a0bed43155f1c4ef8d600efe2

SHA1
cf5de3e5cdd939f7673f20214b7dadd2217696dd

SHA256
d35f84efea5455af18faf0b48d17a43ad7bd7db1cac0831dcb3537d906fc7a57

SHA512
7002f6d66c511b5509f600d3bc8c4e20f1dfdd7ce18fb4926531c33c222e396eaa60b31c164e0ba0f0dc5c3d9dd7448140503d80d224bf479fc5b34de04b3f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
78b1ea141f2a171d378211cab9a74840

SHA1
0500f09c3f83c9707cbb485dd0192e98bbf93202

SHA256
32f61987cff15db1ee53fc3ab077066f4ae1e54ca2b74bf167d19164a0281de0

SHA512
c7c85289d547704d56237ddbb092b6897373047c7b5eb4e82842e902715e0e95d640f09ae2d8e84fb4383f66d99c9210bead8698dd81b53a7d70ad4a462c0193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
edf06854488fb2e680f4ac5089e45cdb

SHA1
23587e63a6c7062dc713f0a90bb116937ce8e8f1

SHA256
4369a13e6113fb83eb4fb04cce141ff297718c64316f163c80050debb34ed46d

SHA512
fd6a49c33848ce0516060933ceb1e677f34d569a9ef53e9fa93643e5c7993f1c1174ddfb915f7ab7218888b92dd406f9f92d20bcc328640a3699926cde64deb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
e738fc41362fcd22b1c3b48165b613e7

SHA1
ec8251b99f79e85fc3742a0b160fab3741f4b268

SHA256
1c2ad106edffbfed97cd9401fe546abe5ebd7ba3cbcbfe1a64b507c063591251

SHA512
a265af04e1f0493d2673622fac98274a2b177a4a80fff30962b0a58372e4b00cf92fadc81a98daa5a83891dcac51fb21904c700d206075cdf74352c7de42862a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
e768d9d6fde354ec60694c6519cd0002

SHA1
4c74a378077bb6faa73fc26c96eedf6b5022ecb8

SHA256
961824ad2d34a0186937f577fa9737691b709945fea62dc4977ad312473b396e

SHA512
3a4b5d792ab7631c317831471424f916d7222b5176645c534f726bc94658e1a1587bc6fc13fb500c4999b1054a7a7b366d28865c6495f985bbece079e073d481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
e768d9d6fde354ec60694c6519cd0002

SHA1
4c74a378077bb6faa73fc26c96eedf6b5022ecb8

SHA256
961824ad2d34a0186937f577fa9737691b709945fea62dc4977ad312473b396e

SHA512
3a4b5d792ab7631c317831471424f916d7222b5176645c534f726bc94658e1a1587bc6fc13fb500c4999b1054a7a7b366d28865c6495f985bbece079e073d481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
c362da0cf4ff4790fecee48baccc3673

SHA1
47f1d78ff37ef149b50926c0f859923193bd76f9

SHA256
9731dd145d19f122eecf6215d855cb736208efb0fa0c6d574bb9f728abe8e7da

SHA512
6faef24c0aa7aa333b0ed34d251c733d5389db782fe384b1bcf18421d687802dd1686d8ba6711983fe0e8b14241f1eb39339b4cb4c17db1594178ade706c3c7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574508.TMP

Filesize
108KB

MD5
40f309d9574348bfc87532a008b3c5d2

SHA1
68f9e84f6bc8b9b64102b8f3ed570d9adfbdb7c5

SHA256
002d46bb93803d33324195cd419153980264477dbdb92406bb9b11e14e0e3e80

SHA512
b11dd126eef1de96b62596ed38406453e71ee8f5ca644cf1ce14d4f03dde4e8872000aff92ad8bbfa94afb2e8ae95116c76f399680d7ea952d8a61351115a028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\GenshinImpactHackq.rar

Filesize
7.4MB

MD5
02f76d5fcecd6c9a864386aab6e1186e

SHA1
11f995d7b1fd2758cc8c043e129e4300c8e2882e

SHA256
d57a50a3f34141502459567f22a53bbb36ccb57fd2eba4cb8ad60952bf450a22

SHA512
048c4f59e38bc8b7fd382d8c2737f248c3cfc524a5c81c5e5eeb47cba36a942bbf06ed60398dbff268a6872826df2ae72239483435ed55bafc325b1aedcd5266

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
679.1MB

MD5
375680428a783816630407607402ae06

SHA1
918d4568c81c6952f0ad07d21474a7814943aa14

SHA256
7748dd97ca06b15be0e0700b82e114cabb0d61ef784bb45258d03dbe1e96a5c2

SHA512
350d7c359e3c20902dc49e326983685c112c64d9bf7486a010fffdf93121f7da236b0236aeafb707ac67c6bb553c50f1ad2f0c71d9fe3582422586c283a976dc

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
674.2MB

MD5
f641e185f7350be2f7920b7de7d1b5f4

SHA1
ac12699839a7590e74e3463537077e9e90db05e9

SHA256
b7d6e50f4394ffc8deb64f4816fd9bafb597574b8992729e7190e7d7dcc86e59

SHA512
1d55e7c22146e4c5337c5ae5dd58ae4b5259fc96023962850f95ea9ffd7e9f954ffd8b9898357c4c90c996fed18a72b2f18275529cfd5db6f4910af21652c00f

Download Submit
\??\pipe\crashpad_5032_GTAQCGQLKCWAZHUR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4044-623-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/4044-573-0x0000000000510000-0x000000000057C000-memory.dmp

Filesize
432KB

Download
memory/4044-558-0x0000000000510000-0x000000000057C000-memory.dmp

Filesize
432KB

Download