1d4d371b567d870fe94ca0c3cb758b19f3418a30a6f18213071b2944c05d8325

Analysis

max time kernel
1800s
max time network
1708s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
12/04/2023, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hydro spoofer.exe
Size

466KB
MD5

89156f1eb8b9f27fa5aafa8d40c95650
SHA1

1a1437ca80d6c271c41947e18c88eb8e7b5200df
SHA256

1d4d371b567d870fe94ca0c3cb758b19f3418a30a6f18213071b2944c05d8325
SHA512

d9cdf70fcf9d5e33f16c8edea2e5fc6dccb08b23e8c3050f52f78f3e62469fe22ae88192384d06cb0c7d037196202c0006c5b4e209e10470d03ed960cc113531
SSDEEP

12288:DNCJcuW9BP2OoYOfgwAzJ/l1xFAUqrWDuLMKS:DNCJoYf/AJt1xFAFuugx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133258123034741845"	Hydro spoofer.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Hydro spoofer.exe

Modifies system certificate store 2 TTPs 9 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\9392FFDFD2DB2052D3A8D7C1E18F8FB1BF7B0E50\Blob = 0400000001000000100000007144c3834d3a05a5f6cb0ad7b34945970f0000000100000020000000c149e0c8d499265c34f37f28fe6144fdf01cebf7efa3f09b1bfc8f42410a4e381400000001000000140000007daf634f7242a6f9940ad7e8b638eb10585d6bc0190000000100000010000000fb87d6128d26614749895cf246a79c6b0300000001000000140000009392ffdfd2db2052d3a8d7c1e18f8fb1bf7b0e505c0000000100000004000000000800002000000001000000b6030000308203b23082029aa00302010202107648005e9ee5daae46102e2abd2ffda7300d06092a864886f70d01010b05003067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f74301e170d3232303431313232333134335a170d3238303431303232333134335a3067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100d88b42a03423e115a6395777cc2f05b465c3d2e0182a71552e276f832a24d80e72353131fc1ca6ce731edce0eede5ce5c136ef61d0df6a71b1a6572091b597140b58bdb56e8818af639d296ac7765383e7df8bbf37ada0f03cb295c278acbfb53adbf76c1ac0341dccbb4f818f1d628f614de558251a88d66d0e2d38b8905efa8468fefac12a3523e396a1b1dfea7fbcca9563620f274f8224c514a4cf898e6989d140367ae15fb8d288c898c3f0cdd54522acd10f6edba153645d51c58ded9a919e0b5985cb98cd186d519b4e5dcda7dd8c34b6f98dcf6705aa27d2c2f2bbb8a317d04f369788003e7b8219f4ac65a61db0eb510aeedceb4f7548aa1d309ead0203010001a35a305830130603551d25040c300a06082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e041604147daf634f7242a6f9940ad7e8b638eb10585d6bc0300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820101002195178ff8c7e30e74fd6b0ff7a13c9fddf550aeb003af53830b2b82b0dc27d57a9829aa45131e01845cf3594967d29e314a7d58b24ba263ad0e4e9a1b53b43732b2dd84df739d86f1830fa1a373b9ae1ce35bd8e3d806f72393f24f4ea403976d43ee7020556bb8c8e00b649a87cc8b3b3b8883aa77be33334883c086785e0d913e932faf804d336a65409581b50576ad06bc65b1ca757d4e09adcf4521ddc383e783b3320ac9095cd0905ec2cba952948a350da7938db9aafc90122f4fd76e930dd8fd962ec7f3d5ea0462351834a691e84d33dd817f879eec714f872dc72107dbe1328b5dbf16dd9ce5839870432911c4b01bcc2feac0d061ec73293ed3bb	Hydro spoofer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\9392FFDFD2DB2052D3A8D7C1E18F8FB1BF7B0E50\Blob = 1400000001000000140000007daf634f7242a6f9940ad7e8b638eb10585d6bc00200000001000000cc0000001c0000006c00000001000000000000000000000000000000020000007b00330031004200380042003000440038002d0044004100430035002d0034003700350044002d0038004300350035002d004100450032004300390033004100450045004400450037007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000000b000000010000003800000044004f005f004e004f0054005f00540052005500530054005f0046006900640064006c006500720052006f006f0074002d004300450000000300000001000000140000009392ffdfd2db2052d3a8d7c1e18f8fb1bf7b0e500f0000000100000020000000c149e0c8d499265c34f37f28fe6144fdf01cebf7efa3f09b1bfc8f42410a4e382000000001000000b6030000308203b23082029aa00302010202107648005e9ee5daae46102e2abd2ffda7300d06092a864886f70d01010b05003067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f74301e170d3232303431313232333134335a170d3238303431303232333134335a3067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100d88b42a03423e115a6395777cc2f05b465c3d2e0182a71552e276f832a24d80e72353131fc1ca6ce731edce0eede5ce5c136ef61d0df6a71b1a6572091b597140b58bdb56e8818af639d296ac7765383e7df8bbf37ada0f03cb295c278acbfb53adbf76c1ac0341dccbb4f818f1d628f614de558251a88d66d0e2d38b8905efa8468fefac12a3523e396a1b1dfea7fbcca9563620f274f8224c514a4cf898e6989d140367ae15fb8d288c898c3f0cdd54522acd10f6edba153645d51c58ded9a919e0b5985cb98cd186d519b4e5dcda7dd8c34b6f98dcf6705aa27d2c2f2bbb8a317d04f369788003e7b8219f4ac65a61db0eb510aeedceb4f7548aa1d309ead0203010001a35a305830130603551d25040c300a06082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e041604147daf634f7242a6f9940ad7e8b638eb10585d6bc0300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820101002195178ff8c7e30e74fd6b0ff7a13c9fddf550aeb003af53830b2b82b0dc27d57a9829aa45131e01845cf3594967d29e314a7d58b24ba263ad0e4e9a1b53b43732b2dd84df739d86f1830fa1a373b9ae1ce35bd8e3d806f72393f24f4ea403976d43ee7020556bb8c8e00b649a87cc8b3b3b8883aa77be33334883c086785e0d913e932faf804d336a65409581b50576ad06bc65b1ca757d4e09adcf4521ddc383e783b3320ac9095cd0905ec2cba952948a350da7938db9aafc90122f4fd76e930dd8fd962ec7f3d5ea0462351834a691e84d33dd817f879eec714f872dc72107dbe1328b5dbf16dd9ce5839870432911c4b01bcc2feac0d061ec73293ed3bb	Hydro spoofer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\9392FFDFD2DB2052D3A8D7C1E18F8FB1BF7B0E50\Blob = 190000000100000010000000fb87d6128d26614749895cf246a79c6b1400000001000000140000007daf634f7242a6f9940ad7e8b638eb10585d6bc00200000001000000cc0000001c0000006c00000001000000000000000000000000000000020000007b00330031004200380042003000440038002d0044004100430035002d0034003700350044002d0038004300350035002d004100450032004300390033004100450045004400450037007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000000b000000010000003800000044004f005f004e004f0054005f00540052005500530054005f0046006900640064006c006500720052006f006f0074002d004300450000000300000001000000140000009392ffdfd2db2052d3a8d7c1e18f8fb1bf7b0e500f0000000100000020000000c149e0c8d499265c34f37f28fe6144fdf01cebf7efa3f09b1bfc8f42410a4e380400000001000000100000007144c3834d3a05a5f6cb0ad7b34945972000000001000000b6030000308203b23082029aa00302010202107648005e9ee5daae46102e2abd2ffda7300d06092a864886f70d01010b05003067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f74301e170d3232303431313232333134335a170d3238303431303232333134335a3067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100d88b42a03423e115a6395777cc2f05b465c3d2e0182a71552e276f832a24d80e72353131fc1ca6ce731edce0eede5ce5c136ef61d0df6a71b1a6572091b597140b58bdb56e8818af639d296ac7765383e7df8bbf37ada0f03cb295c278acbfb53adbf76c1ac0341dccbb4f818f1d628f614de558251a88d66d0e2d38b8905efa8468fefac12a3523e396a1b1dfea7fbcca9563620f274f8224c514a4cf898e6989d140367ae15fb8d288c898c3f0cdd54522acd10f6edba153645d51c58ded9a919e0b5985cb98cd186d519b4e5dcda7dd8c34b6f98dcf6705aa27d2c2f2bbb8a317d04f369788003e7b8219f4ac65a61db0eb510aeedceb4f7548aa1d309ead0203010001a35a305830130603551d25040c300a06082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e041604147daf634f7242a6f9940ad7e8b638eb10585d6bc0300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820101002195178ff8c7e30e74fd6b0ff7a13c9fddf550aeb003af53830b2b82b0dc27d57a9829aa45131e01845cf3594967d29e314a7d58b24ba263ad0e4e9a1b53b43732b2dd84df739d86f1830fa1a373b9ae1ce35bd8e3d806f72393f24f4ea403976d43ee7020556bb8c8e00b649a87cc8b3b3b8883aa77be33334883c086785e0d913e932faf804d336a65409581b50576ad06bc65b1ca757d4e09adcf4521ddc383e783b3320ac9095cd0905ec2cba952948a350da7938db9aafc90122f4fd76e930dd8fd962ec7f3d5ea0462351834a691e84d33dd817f879eec714f872dc72107dbe1328b5dbf16dd9ce5839870432911c4b01bcc2feac0d061ec73293ed3bb	Hydro spoofer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\9392FFDFD2DB2052D3A8D7C1E18F8FB1BF7B0E50	Hydro spoofer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\9392FFDFD2DB2052D3A8D7C1E18F8FB1BF7B0E50	Hydro spoofer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\9392FFDFD2DB2052D3A8D7C1E18F8FB1BF7B0E50\Blob = 0f0000000100000020000000c149e0c8d499265c34f37f28fe6144fdf01cebf7efa3f09b1bfc8f42410a4e380300000001000000140000009392ffdfd2db2052d3a8d7c1e18f8fb1bf7b0e500b000000010000003800000044004f005f004e004f0054005f00540052005500530054005f0046006900640064006c006500720052006f006f0074002d004300450000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000020000007b00330031004200380042003000440038002d0044004100430035002d0034003700350044002d0038004300350035002d004100450032004300390033004100450045004400450037007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000002000000001000000b6030000308203b23082029aa00302010202107648005e9ee5daae46102e2abd2ffda7300d06092a864886f70d01010b05003067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f74301e170d3232303431313232333134335a170d3238303431303232333134335a3067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100d88b42a03423e115a6395777cc2f05b465c3d2e0182a71552e276f832a24d80e72353131fc1ca6ce731edce0eede5ce5c136ef61d0df6a71b1a6572091b597140b58bdb56e8818af639d296ac7765383e7df8bbf37ada0f03cb295c278acbfb53adbf76c1ac0341dccbb4f818f1d628f614de558251a88d66d0e2d38b8905efa8468fefac12a3523e396a1b1dfea7fbcca9563620f274f8224c514a4cf898e6989d140367ae15fb8d288c898c3f0cdd54522acd10f6edba153645d51c58ded9a919e0b5985cb98cd186d519b4e5dcda7dd8c34b6f98dcf6705aa27d2c2f2bbb8a317d04f369788003e7b8219f4ac65a61db0eb510aeedceb4f7548aa1d309ead0203010001a35a305830130603551d25040c300a06082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e041604147daf634f7242a6f9940ad7e8b638eb10585d6bc0300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820101002195178ff8c7e30e74fd6b0ff7a13c9fddf550aeb003af53830b2b82b0dc27d57a9829aa45131e01845cf3594967d29e314a7d58b24ba263ad0e4e9a1b53b43732b2dd84df739d86f1830fa1a373b9ae1ce35bd8e3d806f72393f24f4ea403976d43ee7020556bb8c8e00b649a87cc8b3b3b8883aa77be33334883c086785e0d913e932faf804d336a65409581b50576ad06bc65b1ca757d4e09adcf4521ddc383e783b3320ac9095cd0905ec2cba952948a350da7938db9aafc90122f4fd76e930dd8fd962ec7f3d5ea0462351834a691e84d33dd817f879eec714f872dc72107dbe1328b5dbf16dd9ce5839870432911c4b01bcc2feac0d061ec73293ed3bb	Hydro spoofer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\9392FFDFD2DB2052D3A8D7C1E18F8FB1BF7B0E50\Blob = 0400000001000000100000007144c3834d3a05a5f6cb0ad7b34945970f0000000100000020000000c149e0c8d499265c34f37f28fe6144fdf01cebf7efa3f09b1bfc8f42410a4e380300000001000000140000009392ffdfd2db2052d3a8d7c1e18f8fb1bf7b0e500b000000010000003800000044004f005f004e004f0054005f00540052005500530054005f0046006900640064006c006500720052006f006f0074002d004300450000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000020000007b00330031004200380042003000440038002d0044004100430035002d0034003700350044002d0038004300350035002d004100450032004300390033004100450045004400450037007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000001400000001000000140000007daf634f7242a6f9940ad7e8b638eb10585d6bc02000000001000000b6030000308203b23082029aa00302010202107648005e9ee5daae46102e2abd2ffda7300d06092a864886f70d01010b05003067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f74301e170d3232303431313232333134335a170d3238303431303232333134335a3067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100d88b42a03423e115a6395777cc2f05b465c3d2e0182a71552e276f832a24d80e72353131fc1ca6ce731edce0eede5ce5c136ef61d0df6a71b1a6572091b597140b58bdb56e8818af639d296ac7765383e7df8bbf37ada0f03cb295c278acbfb53adbf76c1ac0341dccbb4f818f1d628f614de558251a88d66d0e2d38b8905efa8468fefac12a3523e396a1b1dfea7fbcca9563620f274f8224c514a4cf898e6989d140367ae15fb8d288c898c3f0cdd54522acd10f6edba153645d51c58ded9a919e0b5985cb98cd186d519b4e5dcda7dd8c34b6f98dcf6705aa27d2c2f2bbb8a317d04f369788003e7b8219f4ac65a61db0eb510aeedceb4f7548aa1d309ead0203010001a35a305830130603551d25040c300a06082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e041604147daf634f7242a6f9940ad7e8b638eb10585d6bc0300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820101002195178ff8c7e30e74fd6b0ff7a13c9fddf550aeb003af53830b2b82b0dc27d57a9829aa45131e01845cf3594967d29e314a7d58b24ba263ad0e4e9a1b53b43732b2dd84df739d86f1830fa1a373b9ae1ce35bd8e3d806f72393f24f4ea403976d43ee7020556bb8c8e00b649a87cc8b3b3b8883aa77be33334883c086785e0d913e932faf804d336a65409581b50576ad06bc65b1ca757d4e09adcf4521ddc383e783b3320ac9095cd0905ec2cba952948a350da7938db9aafc90122f4fd76e930dd8fd962ec7f3d5ea0462351834a691e84d33dd817f879eec714f872dc72107dbe1328b5dbf16dd9ce5839870432911c4b01bcc2feac0d061ec73293ed3bb	Hydro spoofer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\9392FFDFD2DB2052D3A8D7C1E18F8FB1BF7B0E50\Blob = 5c0000000100000004000000000800000400000001000000100000007144c3834d3a05a5f6cb0ad7b34945970f0000000100000020000000c149e0c8d499265c34f37f28fe6144fdf01cebf7efa3f09b1bfc8f42410a4e380300000001000000140000009392ffdfd2db2052d3a8d7c1e18f8fb1bf7b0e500b000000010000003800000044004f005f004e004f0054005f00540052005500530054005f0046006900640064006c006500720052006f006f0074002d004300450000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000020000007b00330031004200380042003000440038002d0044004100430035002d0034003700350044002d0038004300350035002d004100450032004300390033004100450045004400450037007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e003000000000001400000001000000140000007daf634f7242a6f9940ad7e8b638eb10585d6bc0190000000100000010000000fb87d6128d26614749895cf246a79c6b2000000001000000b6030000308203b23082029aa00302010202107648005e9ee5daae46102e2abd2ffda7300d06092a864886f70d01010b05003067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f74301e170d3232303431313232333134335a170d3238303431303232333134335a3067312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31153013060355040a0c0c444f5f4e4f545f54525553543121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100d88b42a03423e115a6395777cc2f05b465c3d2e0182a71552e276f832a24d80e72353131fc1ca6ce731edce0eede5ce5c136ef61d0df6a71b1a6572091b597140b58bdb56e8818af639d296ac7765383e7df8bbf37ada0f03cb295c278acbfb53adbf76c1ac0341dccbb4f818f1d628f614de558251a88d66d0e2d38b8905efa8468fefac12a3523e396a1b1dfea7fbcca9563620f274f8224c514a4cf898e6989d140367ae15fb8d288c898c3f0cdd54522acd10f6edba153645d51c58ded9a919e0b5985cb98cd186d519b4e5dcda7dd8c34b6f98dcf6705aa27d2c2f2bbb8a317d04f369788003e7b8219f4ac65a61db0eb510aeedceb4f7548aa1d309ead0203010001a35a305830130603551d25040c300a06082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e041604147daf634f7242a6f9940ad7e8b638eb10585d6bc0300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820101002195178ff8c7e30e74fd6b0ff7a13c9fddf550aeb003af53830b2b82b0dc27d57a9829aa45131e01845cf3594967d29e314a7d58b24ba263ad0e4e9a1b53b43732b2dd84df739d86f1830fa1a373b9ae1ce35bd8e3d806f72393f24f4ea403976d43ee7020556bb8c8e00b649a87cc8b3b3b8883aa77be33334883c086785e0d913e932faf804d336a65409581b50576ad06bc65b1ca757d4e09adcf4521ddc383e783b3320ac9095cd0905ec2cba952948a350da7938db9aafc90122f4fd76e930dd8fd962ec7f3d5ea0462351834a691e84d33dd817f879eec714f872dc72107dbe1328b5dbf16dd9ce5839870432911c4b01bcc2feac0d061ec73293ed3bb	Hydro spoofer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\SystemCertificates\REQUEST	Hydro spoofer.exe

Suspicious behavior: EnumeratesProcesses 45 IoCs

pid	Process
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
2004	chrome.exe
2004	chrome.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
2004	chrome.exe
2004	chrome.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5928	chrome.exe
5928	chrome.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe
5092	Hydro spoofer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5092	Hydro spoofer.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 4892	2004	chrome.exe	88
PID 2004 wrote to memory of 4892	2004	chrome.exe	88
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 1384	2004	chrome.exe	89
PID 2004 wrote to memory of 4216	2004	chrome.exe	90
PID 2004 wrote to memory of 4216	2004	chrome.exe	90
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91
PID 2004 wrote to memory of 4988	2004	chrome.exe	91

C:\Users\Admin\AppData\Local\Temp\Hydro spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\Hydro spoofer.exe"
1⤵
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe192e9758,0x7ffe192e9768,0x7ffe192e9778
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:2
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3344 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4120 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1668 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5496 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2664 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5552 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1836,i,3750260760793212253,2944701721883338428,131072 /prefetch:8
  2⤵
  PID:4020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3772

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
1⤵
PID:5548

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
162KB

MD5
fdfdaf63d56b4a9cd6641d79f7159fdc

SHA1
18b413d8b6b9f3bec32026b7e9d9f4e5e366922f

SHA256
f4dba3e15f08cf0686e6d89370ed42e8a5dafc38973501f0aa6baa9b93c720f3

SHA512
06fd67f1a2d5f168c75b5b833d3222d6c0eccfadd4021173a7ec7f949971554d1c7df322b1dc512ef14941e76a9ff6445ba3bd16d940be5bc177be989ec39c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
2b9f7c23575084da39959f298365fc42

SHA1
3cb4cfeed3b8f0c7883c9fe3b55e658352cc06b6

SHA256
09b30110d5132da147705e157230bffe77cb1667f07c716f7b6affc3f7b1009e

SHA512
9695780384e39cad2a1a6127abcba68f8af1e622780387a65dc7bcf345c96dc6fe66036105ed4d3de20f71a2a3de524dc485e6f97da2bc49680288cced452414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\518a2b03-fbf3-4229-b5f7-7152f3c185a7.tmp

Filesize
371B

MD5
7e249e49c9f0ef201f011e2bc090fcee

SHA1
43e5a05604dd3b2997bf52d19773f166542c8325

SHA256
8dd6cb1dd181db235b30cef549455d2ee649ab8f5a27dd9e0749cabe31fcd4b4

SHA512
38cf1f886c47631de6385829df35230b093de5df0f8bb972bf7f9e131b0a3e6f9498a3ca87d3d0706110fcf4426177bc165df5caa2b1cf3b210e4c03a75df51d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
835046b3ba2a99f56f79246c5604967a

SHA1
4f9411c77b5a67844a6ef503b60035b795906727

SHA256
a247a60cdf398e0368c8cb800100246a83f9bcb948deadcfbabf6c32d6992016

SHA512
a5212181a5839da516cfa0f43cc7a2e7f9d99604a38703081e13df89e555e6c05a33b7c925ffd01335439fbe704b7bf5c99887909237c26e8401a51dcc4f49e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
be8ad03dda4f9376207b39480772f768

SHA1
608285d2e156509606e01981a23b589f2b75e583

SHA256
bbb3c3f109ecb70935e41d1c069a89e4873087cbd4804cb83896349a83ad0613

SHA512
8691b3c9ec0dd10da397ad993830a14ba278ab1ffc8ce19c6408cef3b437fa1e25d4012af4fc3478a907f9bbc0da2621eacdb1524dc979369ec164bcfc15fa1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
534B

MD5
f5a59763c9d0852b927ab772086d6b9f

SHA1
b0695d449b2bdfa592196a54475c4b12f3688347

SHA256
776e2e0b7c8135aab6ea83b5549b0e5accee8747caee488cd4eb16ddda1971b3

SHA512
490d46ab1fc17516e5c58c8cad569de1c91d2adfbdd7d0acd0c3ebdbe26c18729b260b7e74614acc8f8341ce7edd719024b007a8681c8345e1a9d1849a28d858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1a6673f80a5899438a4e6a881dfd2609

SHA1
d345d01401be276dcb38db44f80b7cf78b820072

SHA256
be2b95abc26dda2a3782665786c78f3cbf3e7846ff06db75c3449d12652406ac

SHA512
5d269c4178820591ab17c3e748c18be5155e06ab072ec817d9861bf0b7444f039f26c1f922ccae4a7a96caacf751bfe1ec9158f7b2496b2b22acb88077ffe845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
467fd99890f560df9cc2c05b921aaa46

SHA1
c6f91b3d42cfc6185c1938e9039525f9c52727ec

SHA256
66039354ea448a7259bbb3c29e4074432add8beabceddff8ab5fa36e5eddc7fc

SHA512
553cd57be3930bdc7b99505a8f37c4f808dc912be252bbd8f9333368f9e9c7afa83f904a72822d243e4f22b16aaaab60a65ff0e0f036ce22492c300fbd72d28d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f70526a5d35116671134979e0c164f23

SHA1
3aa50f716387d3b1ded4c1d8b19cc73bd5b265c8

SHA256
2f5477c5cf980c64daf8993ab7c6784d0668b03c31eb4d5b8974198953007c4a

SHA512
7c637c6bda214bf0f3785779ea06244b18f1d414d5831588ba5eabd937dd5c4e8bcda4ab9ddea1184b058998474b23c91af20d55dc8c1a2b78f4cb3ad8c24440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9c61ba5d2a545b88a13e839923b1218d

SHA1
35563480e6196d0321ea095fb4399770cfe8d17c

SHA256
99623b187310bd84e176e24f944a5d72fec42dadccd94cab46b1ae70b5999c78

SHA512
49ce66cd4a113548b1788ca78d7ac2e3d73598bad64ebf8240f0df56a112c6638860769a425bf1c1b42cb50c7d24a34eb2f338604e061e381b0eb837018ef5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6393a69df1373cdac69ec578ef0b11e4

SHA1
83e6967d0ec5acf49214133d686467b40185c0bd

SHA256
1cb17a1aa48b80634d6f08a8411d3b9f7c346a48f465a69fa54db8ece50471ef

SHA512
f85c6d23b95dadbcb7ad2388fc84b5cb572d9fc652c9b5924ed1aa3de7fd378016417ee963cac951b1be18db529055d6fcd77bfa287e83eee71ff81490a13025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ee70f866-bffe-4e2b-897b-45e416df243c.tmp

Filesize
6KB

MD5
af11f9164e3f2c833c26e01c7360fe9c

SHA1
613b0264595c56ec2ad8121a13e35291d9311418

SHA256
ddb9ced3d472b5bf65a681ceb7995c1354f76bc758e0d8b2ca0eaeb571a8816b

SHA512
8efec5e5e5765ad4dd07733af24529e7fcc7b5368bdf8faa2a27e6ea12d374c448ee16a7156deaebf08f5e20ac22f7129d9df5e6100dd9bc04e67a630a399827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
09fc315ee0984e78562f8ec9ff3047d0

SHA1
4ba5819ea0da2ff1653c05d04cc99678ebe3a630

SHA256
bcf30410e2acf3810f67e610016385aa3e2b3c1629d4cbe45a7ed508e804f430

SHA512
810364c80711c00a4ff520f99bd9e8eb3219dec52bfcd0426425fef2f9bcf51ea68b44473b064149fb5af73150b51add25b2a76e9d725be8e5535bdef6d2fed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
bbb5b04d74bdfbf2ae7df1d6cf0f1a06

SHA1
afadb2d4839481f3255b98499a6a0ffa973a1908

SHA256
47248537ba643ca4f8272a170336a0c12bad07b32801b2cc5a5bbcf493392322

SHA512
03b44e0cbde8f0dac0a7640b74a6b65270f78571eaa1c1d7e05d4fb2d63bd74afc3e0951c43860b36a0652491d8a155133998c0b79b7db78ac411b58abf0ea65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
44dadddb090f373e61d20dc866c4f9cc

SHA1
b8ea89534785d2e99da090399061e327ca3d6c97

SHA256
87e9683d82d0884e4e13800029140a471fc783e1a1860904e96e0e9b5fd5ca2c

SHA512
fe970f9bad804f5d3299adc82464105e367e963ed1f9f4980106c5532b3d0a4f588d633b38b0040eda67c78154758042534e6f1f50d5ad80481499d9717cc6c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
b88a279df650592d109378f467eff9f0

SHA1
b16aa5a7a7445b2f0caa8bfe4dc25db5338cbb5b

SHA256
d96e1df83ed180d0d8a93792a3a3b652b0defdf38f3e3a49dbde01c1b7b64668

SHA512
519fd3bf28ddc5ef9a2d2441304918808fccf289d426bda2486692318eced36dc8091dc97159f29a56ed1bac366af2ab2e889f90973efaad2b2d90f80bd63bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
8f4a1b7225f7713bdc1c50f116a34eda

SHA1
d4373f4643519876ae8ba9938aec01f896959d17

SHA256
b108c5240e03d6483de707abb29e2ff2377f36510b93cb3701430dc7ccb99c29

SHA512
46fe81842bdb8a0d0a14370459af52a48a4c148d22b5ba80ce4b5b2ca4ee683a72bb5545714f8a5674914b1ee72ca8509e3e66aefdb1c08226da75e9eb2bdd46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
83fa0d11d1202f5357f67f6507b6ac32

SHA1
e087488eec00a5107315a889a8c269794e282056

SHA256
18f78dfdd134d5287e65912b184ba28587e05453ffb4f6735f337a6b88db5831

SHA512
d43cd2bef5a4f62a11abd28da788eeb9aaad6dc9dd8131109be11a022a2129ebaa31e618b9b2ae8e606d0e95df0e9bad06945b3a0458e002f9cff6f2e18d8401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d973.TMP

Filesize
98KB

MD5
e1d3a13f00c2f3ddb8b2b9681662d5be

SHA1
8438eef6f9b5af3f10bcc3ebdccc727b8f99c674

SHA256
4d3f894723842e017577a72d46bd92e9860ad022014712872198db9acde6e530

SHA512
9335277ae9a9b81029b2d065b9922c2f39bfb4e776d550170ad539819b54ab57cbc729950b3e78eb7cddfcab8145dc03d698c9effd7dfe48c6a6548c68281fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp3E3A.tmp

Filesize
2KB

MD5
3712027554ae5c86c1562c701bbef5bc

SHA1
b9b9729bd0317b3b7e3361d18b73d2b57f7fb3b3

SHA256
f331a78f73faf1a2a16e033ba663d1b0d530d6f9e2f638b9cc1cba4d0b98fec5

SHA512
d211d71a2bf615768fc829aee96e3a6e870254722d0699d5feb4a221ddf285adaebe29afac11b2b36d8cd48b2dd1d6f3a45a9cc95dbd03140b04928004587985

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp3F07.tmp

Filesize
2KB

MD5
816cc34dd73656b15a2eb7b1279e2518

SHA1
3599ccb77702d466e321d9cd73f11fd34b0efb70

SHA256
2236f702e934bd206f456d0a3ceceadfa862d182f55917145062dc5606a2e801

SHA512
e93be71ec1ce97a4eb2f2eea27297f359c7ae7489180ffe5f2cec29305067821c59f470fc88a1428075358282d3180f5289f5aee0907969d2d94b878c31e73ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp6539.tmp

Filesize
2KB

MD5
beb6493e3d40b7e48438412d721bd80b

SHA1
1c97d65410e9b287e37f68b2dd8fd81e36ad4674

SHA256
b746f021a7d8a53989d4f4e5097f6ee0d44ba458c739ad8e855dbbe0b0435821

SHA512
b4f1e58950ef4cabac4cd5f61e1d3449ce100341a05b0ae90df53d6625ffe2e82bd66288e7f8efd7636253b3dbfd8bafeebfb75a308ac4aa34f903dd79226308

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp73D2.tmp

Filesize
2KB

MD5
8558e7a78f1df973fb25166797b4e249

SHA1
a2e3e2eee2f7bd7c529c45ecdf71c77d821fe937

SHA256
f382f575cfddac756b41e220e99de30910a1404ac53b44d195edc99886e502e2

SHA512
33859e478832f447442d0c12b35d387fb5bb370ad68794afbc2ad0e3416add5369ba0a0e411d9319cb56d8af7b46a86a8782c11c742e51101a1d525e0f9b5204

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp95BD.tmp

Filesize
2KB

MD5
790aeb1f0085a085d6ae09a6e7880b4e

SHA1
4c9eb184a719cea78472f8b663eb6dd73a79a945

SHA256
494379ec8d1e1008fda1219b9cf939245cc057354f8a25927a19a655a9e3c00f

SHA512
474a24332a9af299a828c0013c3bcb4f76d0b688dfd8588d7d935a0da01b7d098e1836ff65b1b0ce83a7f09ccd5a356cb751b2312de23a334b510dcc8a9119cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpB0CD.tmp

Filesize
2KB

MD5
251cc3d23fce07eb90a35ca34edf4baa

SHA1
7140057b17dae492580ef23c8c4e3f05bb275127

SHA256
f82193e4657af75ce78ddbc71cbb8f92143c2b9cfd998781f19422011708769f

SHA512
2a77bb1246560d11ffb0a2260a3b86f635f4e1f88cb19afcf8294ab8f5e0afdbfc1a03ec91f42f44342d7ef4c15d9ff5c9bec664bb9436dc1a1c07b0bf800c06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpDE70.tmp

Filesize
2KB

MD5
d51e434fffdd31292416797557e2c6a6

SHA1
3c0c00011ef6e8ffc641477185c2f97cebf4f39d

SHA256
e0f01370be545f4292ab65c5f2595129047f9b0725f58c09add4e873449ca9f9

SHA512
bb234142cbcaa99c35a4350c230bc9024f23a35d2a5331677fd26fafc83ac06c98cc935a7af9efc18c84ad90afd4d317db4220184ac18ca35623e34076499b60

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpDFE9.tmp

Filesize
2KB

MD5
09f83ebe04d1bc31bf75dd7b22d7df96

SHA1
4de7db19d1e76b8948febf26d94e5e597151f14f

SHA256
261b410a59104ffd0e6fc071a70723ef49c208a168d15f6dda79d9152a9c7e22

SHA512
27c20593ac9968923e268995a5f02ce0171de9fcf258ea482bc0f5b9b171af8665e1c4673ba905ceb05cfd40277a7bd88bea826f2a9c1d9fc2282d8750474aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpE366.tmp

Filesize
2KB

MD5
15d7e2a4ceaee79400ae2e159a5cb8ea

SHA1
229c48ae9dee8e605a62c0e4eb10078bb8ab77fd

SHA256
3be02eebdf1230e74b7136139001cd6db969e9de79787fa176e69d2c96897f6c

SHA512
45bdd0527cc5efca334e43f35d523c2314244331e2e3938985c991386b6fcdf271f3b1496d5604c7d1424f684b1233547ec3063f4d2d61a758bfbc033b103a8a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1675742406-747946869-1029867430-1000\69beadd9af451402d17925bb9eca3df9_8d6935fa-0795-4a6f-bfd9-e755f1917fa0

Filesize
2KB

MD5
3dca85e51d35e769b9dca730f2ee1a4f

SHA1
5e7fdf909ec7a737b4effac9fa1ace609015c7bc

SHA256
f2d5eb423d5047214c7619720d350297ea715e9fb5c31b4ad92b38bcc38343a3

SHA512
088e2372948171482d9d73b6a4ce2cbaa972a45041c67726d50965c89e1c149beaddab314d7782ab15cbb021ad1a4a42b853d18001ce1b448d2109163e95ea9c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1675742406-747946869-1029867430-1000\6f039e0b238d9ec1c968f2b3f72166ab_8d6935fa-0795-4a6f-bfd9-e755f1917fa0

Filesize
2KB

MD5
17cf2e2766f140a2b65e8cc40f1e1303

SHA1
215d61574f9a0ba11903739b9e9c0136c8a9b8f0

SHA256
c1d052efc9a02bc410a2005a795d16d908fc4ccc63b865747d06d66db54cd633

SHA512
b7a57c724d10a64fc4b227dd433d6b8fc5e7e565f56a16e558b87820e6c27d57518d0ec8b2ef0a7e3757d8af9e289baa4bfe1060df196bb00127397359ec3e5d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\38A023092B332CB89526ADF213EB8200794DBAEC

Filesize
1KB

MD5
41592cd7fa4c6ab7c5759641ea41f01c

SHA1
f7f7b8d92ea02182b64b8130e156cfe0672947bd

SHA256
eafadcb3bcdfec01c6428ffaa176a14baeb54cb5e99c05cc44236c072e36e7df

SHA512
6293bd0c3b6e3fd64ab4ccce0affefa79383939cc0b83c37b3819eb8d242a082f824077e7f2ad22413ac68d55f9a28d63e6cb68837f733935660a575d9706283

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\38A023092B332CB89526ADF213EB8200794DBAEC

Filesize
1KB

MD5
41592cd7fa4c6ab7c5759641ea41f01c

SHA1
f7f7b8d92ea02182b64b8130e156cfe0672947bd

SHA256
eafadcb3bcdfec01c6428ffaa176a14baeb54cb5e99c05cc44236c072e36e7df

SHA512
6293bd0c3b6e3fd64ab4ccce0affefa79383939cc0b83c37b3819eb8d242a082f824077e7f2ad22413ac68d55f9a28d63e6cb68837f733935660a575d9706283

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\419AEB3B1D9EC3BCED73A27B7AD9DE194B9C602B

Filesize
1KB

MD5
7615f3f0456fc241841cc6e7b32e43d2

SHA1
7399eed8667aa86248dfdc940da378be246acd36

SHA256
0565440d370be4806aab7b0fe0982d1f81386556bdf5956b2f609f8b3c1c0469

SHA512
e18db8aa2159710e48f6b28979858fd17485a0a4f2b0c73d637f51d585088820cedad3528cce8202d70da7f1b633334fe25709c12c45381fb2f68948f242fcd2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\419AEB3B1D9EC3BCED73A27B7AD9DE194B9C602B

Filesize
1KB

MD5
7615f3f0456fc241841cc6e7b32e43d2

SHA1
7399eed8667aa86248dfdc940da378be246acd36

SHA256
0565440d370be4806aab7b0fe0982d1f81386556bdf5956b2f609f8b3c1c0469

SHA512
e18db8aa2159710e48f6b28979858fd17485a0a4f2b0c73d637f51d585088820cedad3528cce8202d70da7f1b633334fe25709c12c45381fb2f68948f242fcd2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\91A85AFEAD308FB59ED236DE0333BD0F949085CD

Filesize
1KB

MD5
7a06090a309abdc3936f22645443ad18

SHA1
b86b94cfd59154bf51758b5c9a68e596ec5afe20

SHA256
b8bf887470a83e7d2283460eb216f2fe65afa63a3654e1e7f5d7fd49a8ad91d4

SHA512
e846c812019b54d518f2653c3fad15ee4d0a94b48517fbafe95ce796848f64e2cd9be47be9c9ce4830f047e9365c15ea848a4a5a3da7bb1e6cbfe38c71f2fcce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\91A85AFEAD308FB59ED236DE0333BD0F949085CD

Filesize
1KB

MD5
7a06090a309abdc3936f22645443ad18

SHA1
b86b94cfd59154bf51758b5c9a68e596ec5afe20

SHA256
b8bf887470a83e7d2283460eb216f2fe65afa63a3654e1e7f5d7fd49a8ad91d4

SHA512
e846c812019b54d518f2653c3fad15ee4d0a94b48517fbafe95ce796848f64e2cd9be47be9c9ce4830f047e9365c15ea848a4a5a3da7bb1e6cbfe38c71f2fcce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\9392FFDFD2DB2052D3A8D7C1E18F8FB1BF7B0E50

Filesize
1KB

MD5
658e138ba257b6108c1f802ecd898d66

SHA1
7aa1ec4997c59de4159912e8b0cd93acd7db08ec

SHA256
e002ada5e25c8c73c17df7cfa487e948622ce54e63898d530fba22dd1fc97035

SHA512
974c62cb6518bd462b4cb91403c8d62dbde898ab2a3ee9ce0da517c7370a7a1698205a49b93b4705475647de38aacce67cfe69d8a53633d5ce4dc1102475fcf2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\AB7F373499248545197BE4A5008D0894DBDE4780

Filesize
1KB

MD5
806642006ddebbd6d5105e8dd4188aea

SHA1
a14cf6f86813c305e30d361be989d21f05819677

SHA256
1e78a53614b9ac3ab3c765d74b80d61d48a0ebd65abc6bd9d79400012753355f

SHA512
684f899ad47b78bf8eb08985864001010e2c1e1e1908e817266cd9f06ac60eaec4409055d335fac9fad36f49fa14429088c138fcddc0310158e04ddeb52eda81

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\AB7F373499248545197BE4A5008D0894DBDE4780

Filesize
1KB

MD5
806642006ddebbd6d5105e8dd4188aea

SHA1
a14cf6f86813c305e30d361be989d21f05819677

SHA256
1e78a53614b9ac3ab3c765d74b80d61d48a0ebd65abc6bd9d79400012753355f

SHA512
684f899ad47b78bf8eb08985864001010e2c1e1e1908e817266cd9f06ac60eaec4409055d335fac9fad36f49fa14429088c138fcddc0310158e04ddeb52eda81

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\BA4CCA8F6F176B7F2AEC5FDE19AFAA982BA086C3

Filesize
1KB

MD5
6a43611db2bd447a692605810cae35d2

SHA1
6896fd29ea090bde349c241047468e9cd1b04464

SHA256
a0a2bfafb45ef83a1354c5c1e331c16b1141aaf14203f330bc77a5ec091d81d8

SHA512
8530f8030d4f0946872eb30b59dfb47b70d5a58b12c227df4dd529867f0fe029cdbb11a6e3d5f4c24edea32fec5a4bb581ede9dda521bc8cb9cebd5506024bc5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\BA4CCA8F6F176B7F2AEC5FDE19AFAA982BA086C3

Filesize
1KB

MD5
6a43611db2bd447a692605810cae35d2

SHA1
6896fd29ea090bde349c241047468e9cd1b04464

SHA256
a0a2bfafb45ef83a1354c5c1e331c16b1141aaf14203f330bc77a5ec091d81d8

SHA512
8530f8030d4f0946872eb30b59dfb47b70d5a58b12c227df4dd529867f0fe029cdbb11a6e3d5f4c24edea32fec5a4bb581ede9dda521bc8cb9cebd5506024bc5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\BA7638B005F1414073659301356D6C1C54F2F192

Filesize
1KB

MD5
71c53a5225315bcfcc4b01f682666e6e

SHA1
f98a3852bf0e24b8dc25fcbecbec69348ca5a9f6

SHA256
88c8499a30fda5c7025cc909c46d793a5e102afc32082c1ea7abfa58d6f5a96f

SHA512
9ab426d4b3dacebb5b167b2c5a8105dc2b4353f13005e29e2337e9e76077b7328ef1341a61466fbfcdd90b89a30ded13f4e7af09578cd7896c7de0c5b9682d88

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\CADC10FC9F55983193A7A8BE937E4EA5DA822D86

Filesize
1KB

MD5
4eb0bf70b833aa18357ddbf9a1d21db7

SHA1
6002c68ec28a3892d2b1f91df8a2e9bea1250935

SHA256
f714c288f299997573ddbde491eba9539b74edcf3470da0900dabff9da584768

SHA512
4db687dec11d899d889ac063053eec8d9daedfc396402c2f9ea92c5e57fac3d6c98931e010ea862657f04669edf9780794ebb60c7ed755f6ab2dc97133a05e4c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\CADC10FC9F55983193A7A8BE937E4EA5DA822D86

Filesize
1KB

MD5
4eb0bf70b833aa18357ddbf9a1d21db7

SHA1
6002c68ec28a3892d2b1f91df8a2e9bea1250935

SHA256
f714c288f299997573ddbde491eba9539b74edcf3470da0900dabff9da584768

SHA512
4db687dec11d899d889ac063053eec8d9daedfc396402c2f9ea92c5e57fac3d6c98931e010ea862657f04669edf9780794ebb60c7ed755f6ab2dc97133a05e4c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\DBF94133B2785D52C6C5C11BAE573E4F8A14A257

Filesize
1KB

MD5
adae0363af6175b3b1abd2f009d4c39e

SHA1
23acd765bab8dabd2c57d28f4d507d47c3d67a03

SHA256
f46ea4f891231f1e51ca77deed335b48cb7bb0f71ef07be369ae190ee367ce86

SHA512
59e2ed03e114cd46fe4f4b5b52584e3236fa677c38ffeb6659fea5b230efd7c223737e1c629b13aee3b0f1ec82a3b76358989f852e09cd7a5a6220487377c35b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\DBF94133B2785D52C6C5C11BAE573E4F8A14A257

Filesize
1KB

MD5
adae0363af6175b3b1abd2f009d4c39e

SHA1
23acd765bab8dabd2c57d28f4d507d47c3d67a03

SHA256
f46ea4f891231f1e51ca77deed335b48cb7bb0f71ef07be369ae190ee367ce86

SHA512
59e2ed03e114cd46fe4f4b5b52584e3236fa677c38ffeb6659fea5b230efd7c223737e1c629b13aee3b0f1ec82a3b76358989f852e09cd7a5a6220487377c35b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\847EAD87AD6BBF7184AB840C8C533D109A446023

Filesize
312B

MD5
afa6beaecf0bdd39348b642295ef1343

SHA1
6f4acd330d3079fcf048ed47d838590f1212c925

SHA256
be35b30f1fb1c8057b5b6e611ede0a956f6464cb918610399d03f02e0b089338

SHA512
c0069466cd794de07fe1b9c1d05b46e9b2973576eafca61292a1b4bdfdfb0c42a747ab42a9f244102f19f42c306f1ae47c3936310e17e4286d310da74e506619

Download Submit
memory/5092-133-0x000001CF00160000-0x000001CF001D8000-memory.dmp

Filesize
480KB

Download
memory/5092-168-0x000001CF1A6B0000-0x000001CF1A6C0000-memory.dmp

Filesize
64KB

Download
memory/5092-529-0x000001CF1BE30000-0x000001CF1BF32000-memory.dmp

Filesize
1.0MB

Download
memory/5092-1007-0x000001CF1BD60000-0x000001CF1BDA0000-memory.dmp

Filesize
256KB

Download
memory/5092-134-0x000001CF1A6B0000-0x000001CF1A6C0000-memory.dmp

Filesize
64KB

Download