metasploit | f455e562be788aca5a678b22d4d5fd38e688ce6533e81ed2d98c6f88360f94b8

Resubmissions

03/04/2023, 11:56

230403-n38kfaga4v 10

03/04/2023, 11:54

230403-n246maga3w 4

03/04/2023, 11:52

230403-n1rh5sed88 3

Analysis

max time kernel
137s
max time network
152s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
03/04/2023, 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

image.png
Size

475KB
MD5

a32005aa31f4c2d4c53b6d5048226aca
SHA1

3acc297d00ad993f997f6659b93beb3a7ba68ac9
SHA256

f455e562be788aca5a678b22d4d5fd38e688ce6533e81ed2d98c6f88360f94b8
SHA512

aea87e5e5caac9d45799a6c1f6abaf49dd624d3e93c8d023aa139dc6a6520431edbea0bcfb51a7afd811cff87719b6a96fa4c0cdef95227669466acfa5b8c740
SSDEEP

12288:Fj0RYm0yCW1NxIgfO6Q5vfQqaR4Z+ipZRtx7koa:FjL3yCW1N1O35XQqm4Z1Rja

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

0.0.0.0:0

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Downloads MZ/PE file

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5060	1888	WerFault.exe	123

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133250038123994240"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid
4
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 4520	2292	chrome.exe	69
PID 2292 wrote to memory of 4520	2292	chrome.exe	69
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3708	2292	chrome.exe	72
PID 2292 wrote to memory of 3768	2292	chrome.exe	71
PID 2292 wrote to memory of 3768	2292	chrome.exe	71
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73
PID 2292 wrote to memory of 4704	2292	chrome.exe	73

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\image.png
1⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffec5269758,0x7ffec5269768,0x7ffec5269778
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1676 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:2
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5064 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5016 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3140 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2504 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2996 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5384 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5572 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5980 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6048 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4484 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6304 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6432 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6568 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6752 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6732 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6764 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7884 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8164 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3056 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8180 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5112 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6236 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5600 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5868 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3372 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5044 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6952 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Users\Admin\Downloads\KmsRNyL4oQ.exe
  "C:\Users\Admin\Downloads\KmsRNyL4oQ.exe"
  2⤵
  PID:1888
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 1888 -s 768
    3⤵
    - Program crash
    PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1724,i,9345770428525957077,4178822326607322867,131072 /prefetch:8
  2⤵
  PID:1892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8
1⤵
PID:2184

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:4052

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:4140

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:1008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:1536

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
PID:1172

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
22KB

MD5
0ad6d89cc66725e903f4f299ff7c117b

SHA1
791cedcc547b3e72e3fdc5899766204ec84f679c

SHA256
9fd664eb6e361c49d83e128d4e06b6de9a7b82be0eaa5e4ceb5b353e27534277

SHA512
2468a3a4f767dd445b64d4e941752aff0a7f968e139960a8336227be33b924b22b8ea030fd6089a26a7b63c8bda41ff0c6397400daec8b00245392ba44dc0a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
108KB

MD5
860816959a3a766bedc889b0db7eb7f0

SHA1
7c1578381e7b64617779199d4740ea1b6629b83e

SHA256
eb14cc55312b8af0e64fb775fe4a04c315a40f656aa694e964f56a2dd72fede6

SHA512
628a980247d8dfc82299f4e327cd3895372f4974742a32db302e213493ac26b5ef8380b069295668b06d35699d04b994614a4b327c667b9cc65aae07d227a967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076

Filesize
50KB

MD5
40333c9d07daab8ba8a53f73ee3f974e

SHA1
36c2b17a7c48fc28036534f445b79fca9658f0a4

SHA256
998313664fbeab2403238a77e6c50a4541d20805b30533f67de1a12c624fee54

SHA512
4a893bf97a02f88a3ea7830b5f72eb56295566a2c6ceafa33fd80f74f81edadbb4172f71c0e12e4a06b1e927f9d7b0cc62c5ba070cd50f3f25c8b670a1270de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000077

Filesize
612KB

MD5
a583b39f19252d5e929044138520b689

SHA1
51fc5bbd8694b72756de25fc60f13151d132ef01

SHA256
0123ffed642c61e4754dc6b590a20af667dc7d0b4262335c8b4c46e562ad3823

SHA512
434f70f7361014f9d2f87de0c29a2c2d1cd240333e99a4a61722404534783210575594c4ab996ec60d682157ffd5b2b87278cfdc9a2fbaf08213c42f1f1e1a8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079

Filesize
35KB

MD5
fbf149f3cc52c0e994c22360da1fdc3c

SHA1
71c4a5d6a47d01dcb40c659951b5ce38faf1fef0

SHA256
53e46cc83cf44a5dce1b018be9011952eb7714f2949757cfa2e3efde44112dd0

SHA512
9046410e4bc370c68e98c5c00875469bf667cec7bfb14046df5a8547be292153d3621da4f1bc4ed583b044f739a3e56dd9f0fc70bd79196568aca2949501d1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
546e721ddb120ac1f6872db74eeceeb7

SHA1
2024cd4a89a40718cb1be01d3b0cabb09da8e0a0

SHA256
721861887ee1ac608aaf7d328b4a1af54cafd679386e790372d9bf589403d718

SHA512
4bf7a57d1654872c1488b748a44240768b08cda1b141881bdff937abcb9b25f44dee6ad9dc902e1d6143442eabc86658163a528c194abb2d9b86276f630779bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bd4df5c3bdf5fd979bf3fa538b2eecf1

SHA1
d9811c2597c988ed838c8c8853bc4aea7c3bbadb

SHA256
ae850845685b6196f1c0e60577dc59f2e199606f3a1f46191acaf1ca8cfd8b2a

SHA512
5f2f62431c0c20a093859c5abdbd5e6b8e8cd3d6c7f8f43a6dad3fa1e039cbcef4f446de0616b51daa1a00b011f87b02c339e9808b1b3c2b643693e2761d2532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
5f9f220cc27a8b131b4d5a765c6a41db

SHA1
96d92dac5c6e7d94ec4d2987d251c3ec23b03157

SHA256
6d65795575afa121570cc605263b4ae1f1c6ca5afc79ef09c6f21e6a3a2d4303

SHA512
f320ded98f14e1446f9951093c76e7d5b1a4747a446f39d502b865b95e4368f6aca82ff8e62a2392d57415b190dd5a4ab7e8cd723ed89b8dcb1accd93fa557e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe580ae8.TMP

Filesize
349B

MD5
f1f5c82dee53af88b6b05211f86b88ae

SHA1
d41847bc8a16f5479ac0021e04c62019b1d1e059

SHA256
da78b81d1e6b208a81d624ec5a28b22fc5b71255cd061af960d3416ee1ee147e

SHA512
f145e61514d2d7451151d02ede6d0541a58700ac4d1caa84176f04ac386df30ec0aed2ca65567760f88b95041ab906b1f3b0f8f6f842413ce7fb14aa61b17de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4f815ff9-4e56-499f-b7de-96564323bfb6.tmp

Filesize
17KB

MD5
ba4646961073a48753941e3439c26f82

SHA1
85ebfbf538809084aaa054c05167b0750ff86f2c

SHA256
50eec9457de88499222edaa72e4c386cfab034274e0a3ec2de9d97fab73a7df0

SHA512
1797d77fd02c1eeaf840bc2b65a2de8e2dd2d4dd4128690b748cbbdac011454c53b6e28efbfdd73b628a881c93e4227f1e60a6f7e83a4fafd69f322cc0925ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
794de335554640a4cf7048c99a16f48e

SHA1
a8943eb3f4154f5bfb2cef8239ef043cca75621a

SHA256
64608ac9666f967e8e60cc8d8e835a0c4a4868199a4c7b360b0ea6ff66c8cf36

SHA512
5de80531f513b0662f5958c3833623cd604559a5b795b0be2eee1ea67f310723c4766cf7ed6c5f71c883aba830dfdca9c8dfdfe2cbbcca461aac7e6f83b3fe41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ec206e7e4759b58eacaaed1f8b538693

SHA1
17f9393f7423b30a0e73934a56d29bc084ccdb48

SHA256
471ae79aaa3d5751e8bd4df3db45ecc659992cee6aa9b7d62c08f508e1d6962c

SHA512
3d36b05f5a0b850a2a88c0ba6a51ee0ab44dd861ce093806f46219754994952577f69f6a44f324cab448ff68a9dfa41be8a80d38000adc982458259c3b8a791c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
9e1fb1cd5077e657bc1999dad686b188

SHA1
cb6b45e26970596ed4a7cf0f190f59ec015e6911

SHA256
3baca60eb03f2a534a12ef3ecafd475c6fb1fa8d54cc727e7ee38a4a8bb14d7b

SHA512
6b37b5939ee2282e0720645b96fe6e62fd15bd542290527c1f0062cfc280a21640eee2cc24d1249d3c7b0a2a1651c15fe8f3fd9c493fa03d6cb0bcca96a00611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c6f4a05c2e49000d8f341492e0524748

SHA1
a6d63c1a833243276433edd5f66af4ed207a6960

SHA256
9e3ecd98bcca827633f653e00b566b93d9aabaad439d344a675e9dd6366e5a1a

SHA512
44943c113ee5697c29df3b24ce04ffc25f4c3167a7d4cc986d0602ed4e136271f2342de78d2a3aa9ddc44458fe3f23867cfc6e8dca4f766033a05b40cd82931f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
40e229c4ddc19386e0b15ff2339a4ab0

SHA1
9400a50b6946809dcb421da794429f64bcab07b0

SHA256
beade3f1c08c3c4b20c28a08f736cd025e75e16ab3450b0b482be9fe7fd21acf

SHA512
c789242e7af7e7fc50093f28cbd1e0b7ca02ecbe4939eb8add654ab5159371df3969de026285237303304813cbf83dfbef0303a309373ab66011923966ac6027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
aad3d4860f4d872fc1e85eb3754378fa

SHA1
6280ba37465fddf658f891103e05129e52f0bc10

SHA256
1084e317d2cd86ea34e46bdadab49204417e67f4b8ecb66a66b42072c0c44430

SHA512
9d9e86d285f9c432a39c4e1c2b660e0f11b1f63cc4c068810450b20bc2d24457de1a40b9d471086d7226232dd2d080fdab35d205e1c302c88c47a608af3b00a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0dda572c0b7718356ba81186c9655305

SHA1
56666e39c196fbaa933cb9a768e99d8faf152968

SHA256
284cf74aaf8d116a181ec3bb749d24970c9325d3e77881237ff18170f85db5d2

SHA512
20dc82a975cb125a5f757391f2d54fd9ca55368c56736c66a1834b5a37a0772449991cba52938c6e7383293cfda90c9f697887aa5edbc7c1799249583c2b7478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8a2b818b4936bf2ff489f45b10625ee7

SHA1
34551ccf1487e3db557f17a3f8380caf7c36f144

SHA256
2732bf48a75d4d8489e25e2ad82202d6ad63b3f36c72fb7f0e16f6f2e419c46c

SHA512
be51217d5bb569ae79db0b0482c8bdc23c40298d167c0ff76700c77057f996af6e1fbc07722ad2a6240efbdb630314388edbbd43c541e899eab6ef84b4b15483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
304724f6ec6c81fb11e59d2ab0f78a2a

SHA1
e694aa9e033366ecc003ece7d207f4217c93a3b2

SHA256
0516c9a32f0a86d63e07276198b7959027bb4f820ac071516cd4cd8b45b8c6d1

SHA512
940dbf20421795c788bd3bc4725d3c017339f41d081f5486fdbb09a64590c52e5ce4d6cf55f4b3c6ac0a769c213e4670b3a0108057a01f714835a30db9e6df95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
21c28812e094a99ecb93c573699e21fc

SHA1
b652d52788e36762e18bcf8bcb78acadc0b40b94

SHA256
2e26411b9720fc696239418fd74855294f393f769a14a39020424e317b78f19e

SHA512
23f77a44a89a4fe22b13af7f173c4c4a69ebb61aeb9850305ccf43fc48079ab7d959e1c92d51e09ec47385e4e358962d72cb97ae161a8f74d1b0b6843da2dcac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
2ba587cac58ee09b9dc5f642edf4deab

SHA1
c629cdf763620fc1274ba8e0bf27ff1c013f4e69

SHA256
92c45599614fd943fea198d8647c76319a5585ccc8274a64c1e458493d80ca7c

SHA512
c4484a72ac055d3c9ecbd63ff9431b1fb4cfa417c5e1a59217cb8959508d0f2d80c35e1b05eec1e58ce5284b27c4eff0ae5ff57b1ded0d0fc4f8bba526a74efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8ff765b32dab5449dc25ded36af07db0

SHA1
074f713fa8f4c68a8b3df3d24a8c8eac0b62b407

SHA256
daa256dc4da50791db4c11818c9964c87acacc95d2ff7d89ddfad6687c67a5b0

SHA512
38518dda507b7bf159b524c37e333cd5e1bc192fd2c69433aa8ed743c9690e793ddf63c252d43955bd11ce6a3d9baa91497ea7a56c136c772406acbca74c6935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2894dc9904acb49b773117e1dbfa80af

SHA1
3ec80c18503fe141cfbf9ad3a13c3ce6f83d27df

SHA256
9b1673ad52ed3317b7926094bc678a700a18ca35896285cb27a07d683affc842

SHA512
e3b7d0c6fea1c36d2a14803d985efb651b2e9d80f2df020ca5321990b99e7116270170ecb83cf5a383b7a31a40487733496becf33c47a99e6fd573ae95ccfc7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c97eb2015a165185e66a726623083e25

SHA1
0993d46ede1a3425a28e12a5be6dbd4bd39951c2

SHA256
bb102b12bf6c156ef801c8babc248c371389e45d474cb4fb319c03275084fa83

SHA512
f05e4997e99b474b6c5a47aebc53e5b2fd502198d81945856a7e9bdc16de33f4dd676f27f3a2505627c5207f578b6f06d5892137f92b6df911d3da160edb5ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
38f9b26df685323795605d6ccc0729e1

SHA1
4a2df35838a8b1aa0834c36b7cc97ab1d2f19dd3

SHA256
e267e17c4637ed6d1f36560f96ba9e2125dcd6fadffc51493607e5c2281d9a00

SHA512
83ac5877eed59137a3b693bada302b09470d919d57ba0a87c63b4d27b091f3066f7bcdc0f3aa4a610519a1ca3ab067dd6b65fe79976559c873fe9508b3156130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
824809f2723e2fbf6c7d5c03e397e106

SHA1
75f4f3c7b0fafcb1baa19f6ea30413f0c42e2e2a

SHA256
bc92bd8b3cd1feaaf93f0f1cfc00610a0875d6b0ce00492750a801f4e65683e3

SHA512
2a0ff8b1e3b800daebabaa1f971f277144ea229f584128554352757506fb7796e4c901823995ffbc3e716ec1ab42c6d5164ebe09f0263f50371c4787450f0b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b21850bc5972b51e134fe97fd840ffd8

SHA1
fd00b2d85e5051efa1ef5821213b8359527cd404

SHA256
b1fce01881201ae11b641c8dc24c84225b91bb6d48aef3fc81bbc615a96160a5

SHA512
3fafa9f8977b720b276b38c4569371cbab379ba280b8331cfd3037ea9714eaa55bad4b819b5b7cdc4869d144f2d70cdab458db3a99e1cd8f77d6145e07861d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a2dce69279e12a8e2473082e7cfafcb6

SHA1
cdb6e88f4843f0d4e3674abf22ca624eee954a41

SHA256
81ebe48b069494f42415101f9d4dfb656e21489100ba8553c756d12f9bbd1c39

SHA512
fb8218ff4173a22620b2143867c740cf0b0fe1ab7e84e1b2c49282a9440476385724b0ee9c0a831c275b2a2b20ccbbe2e27574697ccca6dbaf205ae0e098c36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b656a18244392fbf009321338d4dbb7b

SHA1
fff38701084f0fb0ad5e84bae3e381373c00e819

SHA256
37e67a8e3671a52600745b794165eb965b6f7d8e19d680210799f0dd48915b11

SHA512
15e638118f3efdddcc7724aa67da153c3cf5f5efe33be6b60a8b8dd135dde410d9505517ac50820dbd9dbd5eecb3e4fbd0cff14224b379d982c16dac8982a3a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ae061c09aba4368c19a86a039f723fb1

SHA1
3416327569f51bd4eb97e7b28a3aa118f1829310

SHA256
d9d9682e1f68fb8a5304f24b1d423594b924045893b210318c91ce145c8829ff

SHA512
4aa89eca95757b7b51f722282755da3c4eb8730b8588959cbd6a62ba0dbb7068e03c8893273d61d573bc2a3821cb5d2b47e6e6fbb814766241401cdcfaebd12c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc095088-b5e0-4b86-9c94-ada043736b71\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc095088-b5e0-4b86-9c94-ada043736b71\index-dir\the-real-index

Filesize
624B

MD5
defa67e6e85e5edeef344084a4ba7f27

SHA1
ce085244ffccb5e9f2e30c532854795f5857685b

SHA256
64cd29976ed013743d1f983c2bf479ed818dff734130579f17bff83b42e1b049

SHA512
928cd3cfea121e904fb52d7fcfba7afa0056c7e835f92c0a31c8530f064b9655ccbc0dee1543126f4a2f50b94dfbef28c67242e8adc4c8697d5b498a35a4844e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc095088-b5e0-4b86-9c94-ada043736b71\index-dir\the-real-index~RFe586731.TMP

Filesize
48B

MD5
ef0efe154916b9c44b2ed5e21de93ce2

SHA1
780f8208a5a9f9bfd0c9ae725e6d564e16a6d3a9

SHA256
e1c114554ba57703ab253f21c8f4f801b6a31de05325a95f26ce033d1b8721b6

SHA512
e2838ecfaed450d7b0fe5b6f7420c77d0648a9f1d68f2d5ac7ea0cd0f7f1f4304b312d8099a038ecbc918c08490906f01d38dd1a6be2cc57c1ebaf344cb7cf70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
d134226bbe702d2858083199cefe73ef

SHA1
dade11c49708bf33657abde64cdb75bd60376b2e

SHA256
f53b8b02537f18a567aab3da393062fdcdf6ac8a8acd2f956e1844eef247e3c6

SHA512
c8542e55cec88de26a8e908e680ef03d0632058d7764d5b26f08b2c895bcf38d5dc06f785b69de6f03bcce0e064c5ef07dfe17bb25ae7fe6f7e01ee4e9b34d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
46f25fee362ed26c88b103942626f815

SHA1
42b9424d128e373671a7dcf3b3ca392d938e1f95

SHA256
75f0999581d0c398d115165d671136adf44f7c7705bf1d04d0b9d1f68b451784

SHA512
06c55e47fda32c02c7d56bb5fa465369204493a7f173dda994730e126f081f7b3a7f97bac57b3a70b314ad5ee6a13a477cae2f714eff85214785c6b91a819293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
91066745e1dadcab16d292c555ff4039

SHA1
129ced323aa963ccc042045e2d800faa49782490

SHA256
1614f34d6c6d29db9bfe5e1b7a0114b3cec3b6420cce5ecba4ae800af8ac428f

SHA512
d95371d0472830b6db6175539cb27e159c0c2bc8ac8d84537598f216c66c56fe04b23f2973db1306ffb0af13dfe0c773f26b286285f1fc2fab7114483bcdfc7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
189B

MD5
c7d3a108efd84501f091919df84e49df

SHA1
16d5cd69300fb6649abcc96d4facccf815b37a63

SHA256
b0f4d20cbe150d296a82152217d6ea01097c68a75d6ca40ae3feebb2ca5ad0a4

SHA512
0cdb0cb23f5fd9df8fa72ccfbd4a12ffd0012643170b7d8331ac1ca3d1cb2f0287131b9d486cbe6cbbc52551e1f4afdef4132a8754c5c696d4d332241df819fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
7be742e42d96f8dc264688076703d043

SHA1
9d8ca234373f27d437033aa6c05c84849c166bf8

SHA256
6af04a6844881da9509a85f87f424759e83b541a080fbcb63626580ea8e9ed58

SHA512
c37efc26e84a9158731ac8b7f76b39771dc11574dad9689afb040ca34d5786bc6c9c75933f3978c0bb1a5cb10819439afb4f8e91560c7abd270f80bb7be2e7c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56e1c9.TMP

Filesize
120B

MD5
b9ad43fd15e5aae6b19df0b67ec0f81f

SHA1
a65ee0e94fe3bf3b707bd734083b7874a2288557

SHA256
879424a8285a49d27e9c1d359204e21a5a8315a469672aa670e217adba9aaeec

SHA512
9958c9c4b0830da063a322b92d7736770d98a1883eacffe39364c4eb64be02c4542e197b3a56208a5e44732a130f445663dc3c28583438d621c275a811e7e045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
20677ae966d1294cf0582a2cb9345a3a

SHA1
b1625fb6b63da2b214c4dc930a82e54f9a9d77ed

SHA256
6cdcf9d053db49b999f56f523494c3636134aec0b9d14eec5bc9e2165c9b9043

SHA512
c5ceea9ac112d3a27c480a49f936887cc9ef966a1b16280a54254160a0a7deb811d072ec38b566f7d45b1b8edcebad97d42347c37a8d97822a07b1318fd3cbda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585c44.TMP

Filesize
48B

MD5
0a11cdb7d36d7ec6b59a8f0c3cb6e91a

SHA1
9ce89d59050eec7d51bd910e6dfa994069e68ea6

SHA256
0565a65066ea104c68bea33b65561cc0a1a72985503006899f4814e2d4d345a7

SHA512
9f6b30e23ab23da1d0c4c066d33b41a7d627d3a9185a8804ddca0f20c85d4f2c538b3f78fe6857e100341d1ec1def6f6592a882d7b5bd3d3d566700f214428a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2292_1348821408\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
b074ef44cc847f0f01fed21aadf92d2c

SHA1
3f7602c8e6537a67ce7d62d81f17586191a03664

SHA256
4bee6cc5b68a31b4fb32e389ad7066c0a91345878f5c896057a3b7fac04e29f1

SHA512
22f5d65c82c917ae4ec84eb4a1b12896b90ce25520cd570d173a6b28d3569e82d8988bbf5fafaaa54e000093ea4c87eebf1c2dc2689c938e1759ab7c5424c6ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
1218326e55303b822914ef4b194f1434

SHA1
a3223e89b25a79308dfbdb1c90a62865d3656ba6

SHA256
749fc70108e4de930510b22d80b6023a534c120554eef77555f363aec0aadbf3

SHA512
7e3f48a6a7959ddb75c7e51f9e026565a35ff54722a3cb4db005c4ee2fb5a79f1b2f9a297111d8a7d50759de5f2ca9be1506121e4a1cd66d5f6237313554bb40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
e9e13180695f3ca7c969609ed91a8617

SHA1
7c2150cd01347712a66e6c80b7f0117d96b3925d

SHA256
53b809467bdc94ae844a0094fbdd7c8fa33c982693d53ca05f30d1b1d69b6a0b

SHA512
cf8e15984b8c9ce6080d60f2ccb8d61542786d40f06550688a5c431f4aa6bc68e01d980e3d8dde390ab1420ef582756f64fd1d5f36056ba2e30b0a7eb3820211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
751151e661536e4cad3b667ea7d23f77

SHA1
c8a6f92eb42f78ae53c97f61fb499381d4ee31e2

SHA256
5a997ba18020f415818d43a868d765b8764fbb88b12b232f10e78aaa8ab35b76

SHA512
3825e52c55a1f018beb268aa9d95d0c63233918a9459dfe1e9b793c6a48b79b555f888a5becc2209c5873d8db05c0ba506f62bb7f9151b4ec51f9fb36ca3dc29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
08ce7067a11172a7d78ea88434409f56

SHA1
a619bcd3be6bc20a9ce051eb4d4e78c7c6ff4ead

SHA256
684a65c48cb9feab46bfd27b3ae8bb2316674af9f1104fb3b21cb72877584e18

SHA512
b55b9dd406f73325551e710f4911e8ad711a6cf487e9820d98bf7721e5123dbe30859069a9ef2efd7d4b6605a8755f1208590be3d564a8f0f6190255d2c767b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
64646744672a798c0d440b96a4c822fa

SHA1
3be50ece527e46ad96bedebdbe3b1102a167eaa8

SHA256
0f385b22370f20d9c269cd1c667b817e113dbcb4d795cedd5cabcbaf79e478f3

SHA512
ac780a18c38a4e63f9f58b3df6dc86828881cef7eac83cce7a866e25e6e78f5716fea14273f48c51d901c7619da35f738a294c5a9d799aa505f61f92eba3c207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
e87094e8a72b749b72825af026e3ff1d

SHA1
d898541aee21bfa22f345b4c7bb11f7b47793323

SHA256
10e140619cb3673a4e74227654437522aef940105be582fd2b535b81fbe9dfdb

SHA512
ae388e854b05429c69028017d463f0587903ab43ea84ac51ced074504dbfc66b86739a64d46d085dd468582e7fcbf145935f8c8fdc39f48a846eed6eeac19366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
efc30bb5db5d05473b50a5a6a4df0595

SHA1
d2833d6c0cb085d877b1df107a2cb3a67b24cf96

SHA256
e018a394a20dde70817fb865faf1b27b2b460df99c59a022ae2909d841c2d144

SHA512
3a51b42cde8b21bbd2c8fc01e000e54aa48a46e36557ceecd4bc5f70f8da2e89a00b352315db1c597ffdb88ccf368bbb09afa6973e82096d91ebf4c470bbe340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
207365300c8af9649012da92fc31d8ba

SHA1
57d87b6860037902c9d80db62641a6cbdc25af03

SHA256
b0a15629113f65de21b397e27684e0f4f3dd6378309176111ad7e5aa91a7a4ff

SHA512
4879090e11a5558def634553c8ea7e32ef7baa3509f35169227ad575df4040bda5463121d30063dbda3cde229e165ba86c5278967a3850613460ff8a34f6ccbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57730d.TMP

Filesize
93KB

MD5
eb89a7cedc1f6fd4046f199ee51349d7

SHA1
f7471c2e79d6f9106604679794f7b86b13825609

SHA256
5fe304269c61a81f6fa8459d2e983eec993cdf9fa20fb46166e58ba133efc86b

SHA512
52600da799607df6cc145831f4726a3d71ea128f471e6538404830876f64f2a8a9f4b063c8f8965a620eb9695bfce625c513e9ec6d44903e1707dbaeae07fcc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\KmsRNyL4oQ.exe

Filesize
6.4MB

MD5
d9170f66194db0d9f605edd0dc6c69ca

SHA1
063d5e6a67d18698baa3654a3e7771a3b1a03203

SHA256
d819bda110e3afa9682e7f9b741571b3015c8818e340cf01132ca632717ab178

SHA512
dd5622bd69f55e78ecd6c9d5e36c9972d6c773a3a3a7f8d6a958cf81869df776cc771a750dbdb98fd393ca3cf380ddd272c645c507fac5b3335e43908d5e5002

Download Submit
C:\Users\Admin\Downloads\KmsRNyL4oQ.exe

Filesize
6.4MB

MD5
d9170f66194db0d9f605edd0dc6c69ca

SHA1
063d5e6a67d18698baa3654a3e7771a3b1a03203

SHA256
d819bda110e3afa9682e7f9b741571b3015c8818e340cf01132ca632717ab178

SHA512
dd5622bd69f55e78ecd6c9d5e36c9972d6c773a3a3a7f8d6a958cf81869df776cc771a750dbdb98fd393ca3cf380ddd272c645c507fac5b3335e43908d5e5002

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 747499.crdownload

Filesize
6.4MB

MD5
d9170f66194db0d9f605edd0dc6c69ca

SHA1
063d5e6a67d18698baa3654a3e7771a3b1a03203

SHA256
d819bda110e3afa9682e7f9b741571b3015c8818e340cf01132ca632717ab178

SHA512
dd5622bd69f55e78ecd6c9d5e36c9972d6c773a3a3a7f8d6a958cf81869df776cc771a750dbdb98fd393ca3cf380ddd272c645c507fac5b3335e43908d5e5002

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
2f824bb2a5c94294cda5cbee4472e21f

SHA1
adc83c262ada398c3bf095e7c6061aea0f93e00b

SHA256
d8176fc8defa31b394579b79333229dff4061745c87833a9d674c11af08cda23

SHA512
e4b31f526b171e717ff23231b77e07420cb7d1cc1637dd943d167b800c9d6afd3a793bde1c2f767791723b2825cff9e4083c0756a441fee21abe413767095f86

Download Submit
C:\Windows\INF\netsstpa.PNF

Filesize
6KB

MD5
01e21456e8000bab92907eec3b3aeea9

SHA1
39b34fe438352f7b095e24c89968fca48b8ce11c

SHA256
35ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f

SHA512
9d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec

Download Submit
memory/1888-1449-0x00007FF79C4B0000-0x00007FF79D511000-memory.dmp

Filesize
16.4MB

Download
memory/1888-1461-0x00007FF79C4B0000-0x00007FF79D511000-memory.dmp

Filesize
16.4MB

Download