vidar | hxxps://www[.]youtube[.]com/redirect?event=comments&redir_token=QUFFLUhqbHo1WWJNc0FOYWMtcV9XWVliWWpkTlEtUHd1UXxBQ3Jtc0trTFRqbGZkOUh4RnB1eXBvN1JDYzR2akhRVmduT085cFpjZVdwVU9teFBYYmRwM1M1bTlDUjdianBLMmpPSWt2TFVHYXh4elUwaEllb1VBMGJhckl0cVZ1OHNzVFd5bm1Qcnlsc1hUWk1ZeGFCZGFqSQ&q=http%3A%2F%2Fbit[.]ly%2F3W3g3NY&stzid=Ugz4oJnB8wBU2kzEnyB4AaABAg

Analysis

max time kernel
306s
max time network
312s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbHo1WWJNc0FOYWMtcV9XWVliWWpkTlEtUHd1UXxBQ3Jtc0trTFRqbGZkOUh4RnB1eXBvN1JDYzR2akhRVmduT085cFpjZVdwVU9teFBYYmRwM1M1bTlDUjdianBLMmpPSWt2TFVHYXh4elUwaEllb1VBMGJhckl0cVZ1OHNzVFd5bm1Qcnlsc1hUWk1ZeGFCZGFqSQ&q=http%3A%2F%2Fbit.ly%2F3W3g3NY&stzid=Ugz4oJnB8wBU2kzEnyB4AaABAg

Score

10^/10

vidar 1902 stealer

Malware Config

Extracted

Family

vidar

Version

56.2

Botnet

1902

https://t.me/aaasas3

Attributes

profile_id
1902

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Suspicious use of SetThreadContext 1 IoCs

Processes:

setup.exe

description pid process target process

PID 5116 set thread context of 4836 5116 setup.exe InstallUtil.exe

description	pid	process	target process
PID 5116 set thread context of 4836	5116	setup.exe	InstallUtil.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247465904945419"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-144354903-2550862337-1367551827-1000\{23191474-22AA-422B-8378-CB8FB4D6666E}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4704 chrome.exe
4704 chrome.exe
4036 chrome.exe
4036 chrome.exe
Suspicious behavior: LoadsDriver 14 IoCs

Processes:

pid

4
4
4
4
4
680
4
4
4
4
4
4
4
4

pid
4
4
4
4
4
680
4
4
4
4
4
4
4
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

Processes:

chrome.exe

pid	process
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe
Token: SeShutdownPrivilege	4704	chrome.exe
Token: SeCreatePagefilePrivilege	4704	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe
4704	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4704 wrote to memory of 2292	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2292	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 2696	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 1068	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 1068	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe
PID 4704 wrote to memory of 856	4704	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbHo1WWJNc0FOYWMtcV9XWVliWWpkTlEtUHd1UXxBQ3Jtc0trTFRqbGZkOUh4RnB1eXBvN1JDYzR2akhRVmduT085cFpjZVdwVU9teFBYYmRwM1M1bTlDUjdianBLMmpPSWt2TFVHYXh4elUwaEllb1VBMGJhckl0cVZ1OHNzVFd5bm1Qcnlsc1hUWk1ZeGFCZGFqSQ&q=http%3A%2F%2Fbit.ly%2F3W3g3NY&stzid=Ugz4oJnB8wBU2kzEnyB4AaABAg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddc179758,0x7ffddc179768,0x7ffddc179778
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:2
2⤵
PID:2696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:8
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:8
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:8
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5004 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5312 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:3812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:8
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5304 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:1664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3280 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:3352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6076 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5892 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6220 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6396 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:3968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6540 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6420 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6828 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6972 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6820 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:8
2⤵
PID:5464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6820 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6308 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6244 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6984 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6696 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7332 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:8
2⤵
PID:5284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4868 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3380 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:4268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7256 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6244 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6732 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7336 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7792 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7936 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4476 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6584 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7900 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8164 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7888 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4784 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:2624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7924 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7808 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:8
2⤵
PID:4708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7500 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:8
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4996 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6328 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:5860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5312 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:1844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7516 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=912 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:1
2⤵
PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:8
2⤵
- Modifies registry class
PID:5176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4784 --field-trial-handle=1784,i,4088114900211794891,1847117748568628840,131072 /prefetch:8
2⤵
PID:1908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Temp1_Setup.zip\Setup\setup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Setup.zip\Setup\setup.exe"
1⤵
- Suspicious use of SetThreadContext
PID:5116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
2⤵
PID:4836

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
1KB

MD5
5685a66bbb2ddaea68a2030995c73681

SHA1
44ac2693feee88df3a2089eba92f8d5e1531e698

SHA256
f64bf2743193aeddb079c194f77147f661d569f47b341a0601fafe780dcd6341

SHA512
3fe9983b5b61c4af2d7b4a93f90ae75ea4e0b113824ebb8edd100507a747d545495126f580ecc2b2079372d07065a8284e3d8a30c62ba098eb791ea6fd58e685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
1KB

MD5
71288df6e69e139111a733ad7b94866a

SHA1
9f756b5bdddb2eae7e7bf2678440117026ea8b54

SHA256
7441007a5974bcfdee443d0c1fe1c40d7e7f454fc0712501eb7abda978877837

SHA512
efab7742dd31b5397da0bf2940e9bb8de89702c39b6f062194caa33b31346ee646a3b4c622e9bc42b4ea9ed94772098476a5e87ccdfd8af0be58a7a153ffc9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
450B

MD5
c546e17be003479d0380c0e13356a4ca

SHA1
8ac6ad75762f17ddc54561ceec3d4ae58551c43f

SHA256
c6cece288a860cbe6933c265d79f38dc5c0c34f555e7f266bb9e99b3b49850b7

SHA512
9f579683dd46ceed13decbf1a8cba8d58b32f2f60a826d62b8051c10c766abdfeb7ae7fc5c6a74ddc65b3745d3353ac9094032a0963020a5591991d2e6f22eaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
458B

MD5
2e391d1a596f98bbe3b984cb279d12f8

SHA1
784b590f89c17c8ed17976bc49b5bfb641b0703b

SHA256
645aff0ceda165e712e82aa2e648119a43924464375f16d8d21482094889ceb1

SHA512
eae700060a38d63438f3678112fb27d0fa8ed6b381eb9f5bcf92fb61c1c9ca7115f104110d13aa252d7ed392fcfc3a0dbd17c4b371dca35ded9fae89d85da482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
28KB

MD5
27017ec9b5920cd206d47ba3c2e9a236

SHA1
3888d752d4cebe025cc69cce9edfb9f01227ee3b

SHA256
2c58d1a8ec4a54c2dafe3a921e004f974aad0f9e8bbed0e29ca8ecd56c827ccb

SHA512
0d75575ec4572566fc8e42f33304c38f1355efd656c6cf97045c39d86f9784b05cdea6d602fd5551d15ceb800b63887a10c6da6a27c6df0bfe3b8670ae578b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
60KB

MD5
fe582f726641abe77e5c15279877f9fd

SHA1
8fbfe0daddb368d4596cd343fac82f24a69d4d14

SHA256
7bb866c2e4804afab131efec3092585d12ae2d1080a02c3c6ece35eb8fa97eeb

SHA512
a67084c8a1e9de2282a9aec2f1e76e0eb464390f05fe4833bf4ee155a6bfedaa68e27812272a92a14841a25fe363bdcf6a76dd7d4e8fa86060ef6c24386e32b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
912B

MD5
ef7687c2935d17ef0388647d7b62e647

SHA1
1c11465356bb53ceb72e40fa2983e10e121126cb

SHA256
591e7178631d1ba6806aea48b270c7e07fb7ef9ec35a7bfc4320607e9d302a9e

SHA512
e346c005c7495430127621838623b889e53eb6ca4de903cfddc1de87361df2dde1b84f04de0c535d2ac60aaebb1f9833d072d05b34a82c5c991138dbb0f05699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
1d5a4238fd5f988523012143be397b0a

SHA1
095cede9d2ba46191f9c5e3d1c4e7e0ccea036aa

SHA256
7844f8a2796a0bc174e16d43522a5898249f9253d134d0eb4d3a57d81f25ba88

SHA512
cb030696adc2c9ed85db20806dfd96dc0be562b9e0de7ff22c4bad1f464937a4c202afce623d40f9d4cf440c76a86d5393e29449af407f772dc7a00bbae5945d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
888B

MD5
0f32aebdfdcc2845b84f09ab710e0f10

SHA1
5a7e75837d9d407643f7929f95255553da219de0

SHA256
9b2ff62c69dfd08f40a100441239e08db366f0ba001e10b3f4b033843f366548

SHA512
ff55676c0944669bb8da4909eb5a59449c7d877d23eb05da4084d3b0090353864a2e2043135bab2b4141103a869980fdc697c9a6799d60ccc08bbd608ac1129a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
864B

MD5
97924328938d980ff2a82c2444d0b154

SHA1
de28a090c4d7ff05c90586f3227aaa4c1643e9cc

SHA256
261612e65cfae22f74a3c1c1cf5adf601112b66ef1470902262fcc4e53d3a484

SHA512
e179731cb9a7906952d4594dffd4111230410af6212bdd6c5734f66f241980a2a4c7289292406d73c83454004b0f145dd472dba356a57b325b4ad80acd8dc7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
11KB

MD5
04ca613c5d6b7cfbdd18cf1fd2766ff2

SHA1
c34188061983fbce834b75843878b70b447b33c6

SHA256
a4239cd7b88ef8123aa4ff48f8eedf2e0bbdeb348d4fdb87e4b3bc0b07e31aef

SHA512
ada3720b3346d3aa5911eb3bb5ba7515bda621ab20a98085a64256ed2d59738a24c73ca409751e43dbc8c0cf90602c2bbb8febb8eb408bdd25a50638e0df9558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
12KB

MD5
c4924c21065213308cdd4196f93e2bf0

SHA1
aa5b8da085a1517c090be6b675830b3320ae994e

SHA256
a90483b3294583595ab7c7e111464a2ce41ba2c0eea78d3d7aa715c57bca93d8

SHA512
ba7c499cb272d24b8ad1183c46f2e2dbb321d1a4aac08c6085218f21bb2045afcb1863c3317b074236ab3994e5391686ea656066cba05a92d6b5281277aeb3c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
13KB

MD5
57b5979602e8cb5103e98e0c5cbb09fb

SHA1
adf618103eee87e93f7fecb7fdc40f433bb4a3d7

SHA256
3be65ea0bece29c5cd98054160ff45417ea70ef1838351f4775ccbb76e0be6fa

SHA512
6c7b2ef6c9437fde69a859a8e203d32161cef5dc2ded229334388b993ed55cfc588070ec57e782ab2d04c0d189ce2a29e457782463acd6355058d3472f369932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
3698482b231b5ced1b38f9ba03b2cda7

SHA1
d62bcfbb9ac3b846ebf25dd6445b2da4da789762

SHA256
d2f362b0e13e40b7cf6ca886dd376eddd5f50b4d485a401aaa092f3706b45981

SHA512
4aa7d0ea59a1d0b097463108963d713142c02b5cef45651746a0803211a2620ae2ee089c460963cfdf770cee4453300c9b6bfbc4ca5ebd2dbe5903460a6f89bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f26a19c410868a1388fa09c3b5adb26f

SHA1
77a3b9bf4cb01f32b795be1f3c73c73927ed1b5a

SHA256
315eae26a74de4b071306272b9f2ddc78155405a54378536e18c6c63ecc3591f

SHA512
f45eddb4a8bb39a5da480f9d392c6e72543d140649fcc6d04f56144f3912cadd649e3e9b5dc452175d1852007f8bf5a26d2c314e0fa8ba9c3dd24db861062994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
46a93bd4a1e8e1915a0090628e58a691

SHA1
b4428e041a1304c7525fa9adf5f4f1c607efecbc

SHA256
e73ab88ccc1e1c2ef19b9e4d3fe4ec016254f0bbd21a8c8cad9b79e4a70241fc

SHA512
90b95567d46b2f7deb809e136885c073bca184b023930ae41ae0c2c1a9d663f3623ea04ca0f548df1b4ebbe34de171d3f3cb5eeebe76aa114f751bed4463126c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
2f1ef83b783baf3a822c475b2c1f15f6

SHA1
25bf93d809b2905084fb824035d68f8b5c45b923

SHA256
11da5460e4c42a53102ea69fbaea2d81d37a0182570e14b52943e1b0b40d973f

SHA512
b9a350ea63650fc9d17e6848259c7efd03efb88be874461e61f3fbebb091c74ecd35d38cc74c5e3ed886326d26cc2a2b99dee2a88dee1f46ca42ec220b4f912e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
42b6507a18605ccd5f8eec3f2307f22e

SHA1
62f36e42a9c00696ea457329d0b046f6b0e299f0

SHA256
f8066f41d9e98fb34a500ac8db785df3f29c7647f8fbf67875562d06629c6580

SHA512
8b729cdb666dde08a74e4acdb83de48359b0a0e8fe4c0555254463bad90a2ac44e9a04b696cf06bfea2a1dde5de3df96ec3981ac8aedaad478f16f7052cbea05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
793db025090c71eaafbe17f9cd22aa3b

SHA1
f7d41d3be44ab80067a5ada61b7fce774344708e

SHA256
f24b41cbc0e9b2524dcf4ac1581b40462aa06d5be182f490b2387f2d0012d990

SHA512
8b15a4b43c2916a475e6c80783c0247e1ac00048d30e737feeb92b034e77037571a67bd31e923066c8ce28bfa0412897ed401d00eabce74574283e63ca54a5a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3433da16943152966c5af2bc6d6b34be

SHA1
982d4687dbc7aae643cbb8fce7c86e8da92955fa

SHA256
1644799ffee6813acd4b094961a44f03226e5363ae76a201f64d085e6e075b78

SHA512
19ad7f6278242ec1131dabf6863433c854c2e43241f530abe761048fcccc86bba74fc742971d5aba5cdb772c5ee6ea2900487624b55c3cd2df04c9c62fd70887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
5b27c2218897bac5bc5a53cf38f48cd5

SHA1
985e447ccbdcee05a40a819ed31d5bb68eabd64b

SHA256
4112dbbb6c91487fd57c5eb0c683c92d01f241742f792b6ac63f517804199ba5

SHA512
4e1854c78e62538dbe80a6d4cbb06eacaf39f978f72114e4c6abc8bd53033d9163b545d8f16f1caf716a68d6b84040411fa0135f3ade5d0137c2693db8b739fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
84a312e2d3d0d289f89120b0b82d1151

SHA1
1d590d77fe82d81aca98826349f78fceeac5e38d

SHA256
ea074f5f9f91b38644b946d1241b3e4ed06b3033b7509b60e6ac71729552def6

SHA512
60849102df997e0b5570a485391299ec7b63d87af45fcfd25d41bd179fb4f4dd7463655458997d3205677baacbf0aa8f978b386c9af3e76b09c4a3d7a81a587d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
591a1204406036858b5f1c1c9538e51a

SHA1
85f24f0d9e0dadc93d5bf0a5970e8f6dfb443970

SHA256
215822517ebe395210cb7d565a66fceb90d59ed466e99f4554028a1703bb5099

SHA512
ef27acbb95a206cf21462fdae180ab2941e90cb5a1d77b8e0b68f8da9f20db77bb26a0bf53fa8b5d2ee4055bdeff69577f23616dae95ce16dd1b227661bdec4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b2faa13cf1855be86d5b50fd3043585b

SHA1
ccbed1ed85d9ea00d84b78ea60cfbd4094a223fc

SHA256
6550d1edb6dfc7d08eac718a981c99bc6d426d15a5cb5bdabfc281f8a1b14d4c

SHA512
1bf37f51f6dec5904a0350f3f007c9dfccc8fe37ee888d18f35544e0d17f7937c11a18cd33c1390ea8d29cc024c31fa769ad4f546af9f2fa27bd2f48719777ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6f4722d3c0d933ef69c673bc02428b87

SHA1
e0e499e5b9804c67f6776d0a44866fdb43f4c2f7

SHA256
c40a3758e75a15020be6c06b59569fc68de4b20e2c2bfb07d0f028f5837413d5

SHA512
79343b44db680f168de08e958e12206a2d9b274f9a5ebccd8a97cc0ad80ac507b5eb43aa21b12080ac1a6a758ac1198edb2c1a5712aa78fb3bda1ab6866bd77e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
27c592d7f1cfdb503150adabb966c291

SHA1
ec6aa9c3cc1943060832ad92519940e947e29274

SHA256
d76f6487a8cbbc9f6d4d34d21489fd4cbdc518ba9ce7b75c200ccb2cde28d700

SHA512
afe4557d9e0aef4576fe468d73f6f495c633e0f0befb8f0ddc0de459e95de4ea69c3fc7945f8ff3139e174aa67799ccb115812c6443a212b3927078dfd9e7ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
6e9fa91f58a0a27ac6137e0caef75aad

SHA1
c9aa1bcebb27078dc9c0fcef120219faec8be05b

SHA256
0ef3f0da580ddff870288288b77370ed60858beda3171317c81ef9f771b03a0e

SHA512
b909faab1701bba56c72f197971f3516f3675928e1731c3c8d80fa2f5c38c6c5d463992c2192ded81fc16ba000875bfb6efabb4b9445c2eecbbdfe3a77fb9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
72bf817a460c09f81b9ab19b1286ce12

SHA1
b8f9557a9897fd410899ae0193c533d170566666

SHA256
57449ee5aec680f4996daffb7d0a5e9211281cfe53a0b85097e98873ef713aeb

SHA512
6abff86cbf75c9212086292e7510de067fc61a20e2f23d1da9d5d259b7dc6307a47a5cb6609fe0df6881536859a7711f0f845e4f59fe4c3603801b555a4d9b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8de3a1b662cea9ce5777d5e32a43dda5

SHA1
51d2af22cf41fdea8b1c7b0c20aec93ea586c8e9

SHA256
6606e064c350773c8f0d54c38282b09a698d3b67f7190e69c00001d23bc65c55

SHA512
2b25b7921e3e879e573a0f518de862c73fbc3c16683bc83c83b5cd70cf21f90f45a101d8908e6f3ba086a58be2dd7c14df789c64def613e547af998f20949102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
b679c7e4b81112dd71df4cfd290ffbf2

SHA1
8478d12eb7bebebb17d55b9879b82955b9dced4f

SHA256
0898398fdd1980cc092817369f058ab660cf1bb38def61594fede74e670bf00c

SHA512
ea5203ffb479acf59125ff74a99e7c412951e9392ee274f2386105f51bb9cbeeb05ca1b2ffa0317706920321fdf28a9384312bb554683f68ec9ca6971e39282b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
2d8043e4f86560f1841787bfcb950ee4

SHA1
393c31964385feee51a7b38cf84a1208189fbfed

SHA256
f5ed7abe9c50ced19906c6862f6094b974e3bdfd82e032f62565259df9f4905b

SHA512
eadb86ea7e6f8b010cdf2ff164c2971bbbdc617c7302805503a67987e1895ae69887c5d8a0d448fdfcca6c11f76e789d0a58fc6fa98b265e0523db0de60da4ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
98b2e8bc06ca66af5c7c87f46fa73ba3

SHA1
0016a5c73ec439e74d42e3d769dc165455381579

SHA256
5384fc5abfeba1feaad46940f9caaf2d6cdedcb5e191acc2b6d5ecb8403ee6b0

SHA512
a9b8af9329a60abe97723b79527a49fbd7e1a823f60a7af100d876afa6f4b4b81e2db381125b4e47411ba74ff8f7d0f230d21198b15243f89872bae79c0e4c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
0df36b9d0cdb96cf1930835f237d9dd0

SHA1
435146d89edcb49ba7b871c72429c7fc7cbe4f6d

SHA256
a534760d2b6cbd5ef68cd3146fcaf442a9fd10d281cb9ab9f57ec56a266310d4

SHA512
1f26a1b750a829f85600a14d10eb4b2b46ac330438483c5e1e85fe48540261f326444de7bfc87fa182f8b3dfab41f1f300c0d3f48b8aed7f86f9c7627b8f1138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
112KB

MD5
d49b57e18134c47488a709d885372d61

SHA1
85ee7aaa605eddd6759ccc9c0d96705ac4e2bf76

SHA256
88b26a8631721a58a8e1fcc53412fd62426f5faf8ca1e66eb03a9e43b7f4b7ef

SHA512
8360c4a4c3c44a8740e657aac2a302d9b45a24bb25d32b036677ba4b74a693dd51c7b8789f75c1066594849ef7087d13d755624113ff2cbc1e5bfe8bb9da299f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584b5c.TMP
Filesize
109KB

MD5
4490fe80f239a4be9d47bab89412de2c

SHA1
ba5072e0e1a45caac2544b44aae648de7de2ec27

SHA256
ab783755a281ce64bd86d8d07d9c4b6a6fd7574ac056e12bbd2c7fb3251ef22d

SHA512
8972289444a50b5e1074231c37c5f655a648bd61e53f03b853181b3d2932b84104b4cebcbbed0f3cf4efe96eeed80976823bb01cb0ea84dfeb671ab0be0714c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d8e3a521-d55f-4b12-b06f-5dbbac37efb4.tmp
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4704_FZETYAEZOJKHCRCK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4836-458-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/4836-462-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/4836-461-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/4836-481-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/4836-460-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/5116-456-0x000001659E830000-0x000001659E840000-memory.dmp

Filesize
64KB

Download
memory/5116-455-0x000001659E400000-0x000001659E4B8000-memory.dmp

Filesize
736KB

Download
memory/5116-457-0x000001659E830000-0x000001659E840000-memory.dmp

Filesize
64KB

Download