dde20cb2c472fc375408b09de62fc3c681e6ce271cb8c7e06802d2b525b192b7

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2023, 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Built (1).exe
Size

8.4MB
MD5

c2e6383d0a02c82f7f4aa56a6b4e3c1a
SHA1

65076d67c939bcf1104fe43c5b1ff1852251ea1e
SHA256

dde20cb2c472fc375408b09de62fc3c681e6ce271cb8c7e06802d2b525b192b7
SHA512

2ba1458b8b08165182b203134e3dd17d74b3249c86e747e84d7bc4a8ca1e32dcdfcfcd86aeb78fef8a22221d64fc511c889e34f189db3b8720ca15f4b0f10980
SSDEEP

196608:LLafMj7e16B6yPnlPzf+JiT4n3XWKCQMvkP17CM0PE58nWgF:/afcBRPnlPSF3VC7vKb028nWgF

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 18 IoCs

pid	Process
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe
2764	Built (1).exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0006000000023229-159.dat	upx
behavioral2/files/0x0006000000023229-160.dat	upx
behavioral2/files/0x000600000002322d-164.dat	upx
behavioral2/files/0x000600000002322d-165.dat	upx
behavioral2/files/0x000600000002321e-166.dat	upx
behavioral2/files/0x000600000002321e-167.dat	upx
behavioral2/files/0x0006000000023227-168.dat	upx
behavioral2/files/0x0006000000023227-169.dat	upx
behavioral2/files/0x0006000000023221-170.dat	upx
behavioral2/files/0x0006000000023221-171.dat	upx
behavioral2/files/0x000600000002321d-172.dat	upx
behavioral2/files/0x000600000002321d-173.dat	upx
behavioral2/memory/2764-175-0x00007FFABDB50000-0x00007FFABE13A000-memory.dmp	upx
behavioral2/memory/2764-176-0x00007FFAD4DC0000-0x00007FFAD4DD0000-memory.dmp	upx
behavioral2/memory/2764-177-0x00007FFAD1B90000-0x00007FFAD1BB3000-memory.dmp	upx
behavioral2/memory/2764-178-0x00007FFAD2690000-0x00007FFAD269F000-memory.dmp	upx
behavioral2/files/0x0006000000023224-174.dat	upx
behavioral2/files/0x0006000000023224-179.dat	upx
behavioral2/files/0x000600000002322c-180.dat	upx
behavioral2/memory/2764-182-0x00007FFAD1B60000-0x00007FFAD1B8D000-memory.dmp	upx
behavioral2/memory/2764-183-0x00007FFAD24B0000-0x00007FFAD24C9000-memory.dmp	upx
behavioral2/files/0x000600000002322c-181.dat	upx
behavioral2/memory/2764-184-0x00007FFACD560000-0x00007FFACD6CF000-memory.dmp	upx
behavioral2/files/0x0006000000023223-185.dat	upx
behavioral2/files/0x0006000000023223-186.dat	upx
behavioral2/files/0x000600000002322b-187.dat	upx
behavioral2/files/0x000600000002322b-188.dat	upx
behavioral2/files/0x0006000000023225-189.dat	upx
behavioral2/files/0x0006000000023228-192.dat	upx
behavioral2/files/0x0006000000023226-191.dat	upx
behavioral2/files/0x0006000000023225-190.dat	upx
behavioral2/files/0x0006000000023228-193.dat	upx
behavioral2/files/0x0006000000023226-194.dat	upx
behavioral2/files/0x0006000000023226-195.dat	upx
behavioral2/files/0x0006000000023220-196.dat	upx
behavioral2/files/0x0006000000023220-197.dat	upx
behavioral2/files/0x0006000000023222-198.dat	upx
behavioral2/files/0x0006000000023222-199.dat	upx
behavioral2/files/0x0007000000023218-200.dat	upx
behavioral2/memory/2764-201-0x00007FFAD1B30000-0x00007FFAD1B53000-memory.dmp	upx
behavioral2/memory/2764-202-0x00007FFAD1B10000-0x00007FFAD1B29000-memory.dmp	upx
behavioral2/memory/2764-203-0x00007FFAD1B00000-0x00007FFAD1B0D000-memory.dmp	upx
behavioral2/memory/2764-204-0x00007FFAD1AA0000-0x00007FFAD1ACE000-memory.dmp	upx
behavioral2/memory/2764-205-0x00007FFACE060000-0x00007FFACE118000-memory.dmp	upx
behavioral2/files/0x0007000000023218-206.dat	upx
behavioral2/memory/2764-208-0x00007FFABD7D0000-0x00007FFABDB45000-memory.dmp	upx
behavioral2/memory/2764-209-0x00007FFACE040000-0x00007FFACE054000-memory.dmp	upx
behavioral2/memory/2764-210-0x00007FFACE030000-0x00007FFACE03D000-memory.dmp	upx
behavioral2/memory/2764-232-0x00007FFAD4DC0000-0x00007FFAD4DD0000-memory.dmp	upx
behavioral2/memory/2764-233-0x00007FFAD1B90000-0x00007FFAD1BB3000-memory.dmp	upx
behavioral2/memory/2764-230-0x00007FFABDB50000-0x00007FFABE13A000-memory.dmp	upx
behavioral2/memory/2764-235-0x00007FFAD1B60000-0x00007FFAD1B8D000-memory.dmp	upx
behavioral2/memory/2764-236-0x00007FFAD24B0000-0x00007FFAD24C9000-memory.dmp	upx
behavioral2/memory/2764-237-0x00007FFAD1B30000-0x00007FFAD1B53000-memory.dmp	upx
behavioral2/memory/2764-234-0x00007FFAD2690000-0x00007FFAD269F000-memory.dmp	upx
behavioral2/memory/2764-238-0x00007FFACD560000-0x00007FFACD6CF000-memory.dmp	upx
behavioral2/memory/2764-241-0x00007FFAD1B00000-0x00007FFAD1B0D000-memory.dmp	upx
behavioral2/memory/4920-242-0x00000243FD020000-0x00000243FD030000-memory.dmp	upx
behavioral2/memory/2764-240-0x00007FFACD300000-0x00007FFACD552000-memory.dmp	upx
behavioral2/memory/2764-239-0x00007FFAD1B10000-0x00007FFAD1B29000-memory.dmp	upx
behavioral2/memory/2764-244-0x00007FFAD1AA0000-0x00007FFAD1ACE000-memory.dmp	upx
behavioral2/memory/2764-247-0x00007FFABD7D0000-0x00007FFABDB45000-memory.dmp	upx
behavioral2/memory/2764-246-0x00007FFACE060000-0x00007FFACE118000-memory.dmp	upx
behavioral2/memory/2764-249-0x00007FFACE040000-0x00007FFACE054000-memory.dmp	upx

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
4436	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1043950675-1972537973-2972532878-1000\{00E50DF7-4E54-4D1B-86BA-7ACBEC6D50E7}	chrome.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4920	powershell.exe
4920	powershell.exe
2036	powershell.exe
2036	powershell.exe
4228	chrome.exe
4228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	5056	WMIC.exe
Token: SeSecurityPrivilege	5056	WMIC.exe
Token: SeTakeOwnershipPrivilege	5056	WMIC.exe
Token: SeLoadDriverPrivilege	5056	WMIC.exe
Token: SeSystemProfilePrivilege	5056	WMIC.exe
Token: SeSystemtimePrivilege	5056	WMIC.exe
Token: SeProfSingleProcessPrivilege	5056	WMIC.exe
Token: SeIncBasePriorityPrivilege	5056	WMIC.exe
Token: SeCreatePagefilePrivilege	5056	WMIC.exe
Token: SeBackupPrivilege	5056	WMIC.exe
Token: SeRestorePrivilege	5056	WMIC.exe
Token: SeShutdownPrivilege	5056	WMIC.exe
Token: SeDebugPrivilege	5056	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5056	WMIC.exe
Token: SeRemoteShutdownPrivilege	5056	WMIC.exe
Token: SeUndockPrivilege	5056	WMIC.exe
Token: SeManageVolumePrivilege	5056	WMIC.exe
Token: 33	5056	WMIC.exe
Token: 34	5056	WMIC.exe
Token: 35	5056	WMIC.exe
Token: 36	5056	WMIC.exe
Token: SeDebugPrivilege	4436	tasklist.exe
Token: SeDebugPrivilege	4920	powershell.exe
Token: SeIncreaseQuotaPrivilege	5056	WMIC.exe
Token: SeSecurityPrivilege	5056	WMIC.exe
Token: SeTakeOwnershipPrivilege	5056	WMIC.exe
Token: SeLoadDriverPrivilege	5056	WMIC.exe
Token: SeSystemProfilePrivilege	5056	WMIC.exe
Token: SeSystemtimePrivilege	5056	WMIC.exe
Token: SeProfSingleProcessPrivilege	5056	WMIC.exe
Token: SeIncBasePriorityPrivilege	5056	WMIC.exe
Token: SeCreatePagefilePrivilege	5056	WMIC.exe
Token: SeBackupPrivilege	5056	WMIC.exe
Token: SeRestorePrivilege	5056	WMIC.exe
Token: SeShutdownPrivilege	5056	WMIC.exe
Token: SeDebugPrivilege	5056	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5056	WMIC.exe
Token: SeRemoteShutdownPrivilege	5056	WMIC.exe
Token: SeUndockPrivilege	5056	WMIC.exe
Token: SeManageVolumePrivilege	5056	WMIC.exe
Token: 33	5056	WMIC.exe
Token: 34	5056	WMIC.exe
Token: 35	5056	WMIC.exe
Token: 36	5056	WMIC.exe
Token: SeDebugPrivilege	2036	powershell.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 2764	4140	Built (1).exe	78
PID 4140 wrote to memory of 2764	4140	Built (1).exe	78
PID 2764 wrote to memory of 548	2764	Built (1).exe	79
PID 2764 wrote to memory of 548	2764	Built (1).exe	79
PID 548 wrote to memory of 3592	548	cmd.exe	81
PID 548 wrote to memory of 3592	548	cmd.exe	81
PID 3592 wrote to memory of 464	3592	net.exe	82
PID 3592 wrote to memory of 464	3592	net.exe	82
PID 2764 wrote to memory of 4800	2764	Built (1).exe	83
PID 2764 wrote to memory of 4800	2764	Built (1).exe	83
PID 2764 wrote to memory of 4952	2764	Built (1).exe	84
PID 2764 wrote to memory of 4952	2764	Built (1).exe	84
PID 2764 wrote to memory of 2268	2764	Built (1).exe	86
PID 2764 wrote to memory of 2268	2764	Built (1).exe	86
PID 2764 wrote to memory of 1980	2764	Built (1).exe	85
PID 2764 wrote to memory of 1980	2764	Built (1).exe	85
PID 2268 wrote to memory of 5056	2268	cmd.exe	91
PID 2268 wrote to memory of 5056	2268	cmd.exe	91
PID 1980 wrote to memory of 4436	1980	cmd.exe	92
PID 1980 wrote to memory of 4436	1980	cmd.exe	92
PID 4800 wrote to memory of 2036	4800	cmd.exe	93
PID 4800 wrote to memory of 2036	4800	cmd.exe	93
PID 4952 wrote to memory of 4920	4952	cmd.exe	94
PID 4952 wrote to memory of 4920	4952	cmd.exe	94
PID 4228 wrote to memory of 4176	4228	chrome.exe	99
PID 4228 wrote to memory of 4176	4228	chrome.exe	99
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101
PID 4228 wrote to memory of 1912	4228	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\Built (1).exe
"C:\Users\Admin\AppData\Local\Temp\Built (1).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Users\Admin\AppData\Local\Temp\Built (1).exe
  "C:\Users\Admin\AppData\Local\Temp\Built (1).exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "net session"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:548
  - - C:\Windows\system32\net.exe
      net session
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3592
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        5⤵
        
        PID:464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built (1).exe'"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4800
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built (1).exe'
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4952
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1980
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:4436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2268
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffacdb19758,0x7ffacdb19768,0x7ffacdb19778
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:2
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1744 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5144 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4952 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3212 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3284 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5548 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2956 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4736 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4748 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4660 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6616 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6600 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6584 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6568 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6552 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6164 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6416 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6396 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7612 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7436 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8480 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8708 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8684 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8668 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8652 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8612 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8348 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8080 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8224 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=3140 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9576 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9632 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9696 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9144 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5496 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5664 --field-trial-handle=1896,i,17835901870686382626,8144480344769395505,131072 /prefetch:2
  2⤵
  PID:5432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1376

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x320
1⤵
PID:5768

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6108abd13e6950248a3ddab1c0f75a26

SHA1
585fa188057c36d6b69a2938ea7f4d002b2af89c

SHA256
c02cb2691239121d3c50f1f94fc03dfe8e615ef8753dc65a89984a8541a72d2f

SHA512
4422d727e81cc6906c26d006d9e4cae20f57dd8a03aa799061ef7f507a3513c1fdbc21fc83574d00ae03f9016cdb5fb2dc2444731bb4e3c70e1ba3223dabc56a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2b4a980fbc969ec594e5c16ffcaedbd9

SHA1
f0eacd517f7df380c202f2aaffeca3fc604d1081

SHA256
1b0ea419deb9b362d9b986c616f36dc70f18b0e3d5db192061c2ac5d1240aefd

SHA512
83b2f6c3eef9dd880b7e3641cf4fb6f7eebf65f9e2610020765b1804b94ba51a26362ea5ea861e4dfbc6601f617d9320b116b6256f20910b02f442e84460874c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5b1e951269ab10a4b7a695f9432ba661

SHA1
9fccd67370f02dad24a6a3bb82fa7f5c6ab2ec0f

SHA256
a6f6d30c4ed2a638e65a62876cfda7144829affbb7f911fafd8b07d8b3213c2c

SHA512
dd509e32385742361a994114030f5ef77fa4c6309362d6702f901c30946bb6124dab30f7de8b682a880cd102d956bfe86bf6859f5cd8689250fda67631ff4c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d259016a6bdb46b4eb19dc108e71ed4

SHA1
d86b6ea0b93b313395d0be39a376040f5b985035

SHA256
55d11df7abcfda12a92d682be52e109bd599ce37d06c501514db6e491781ee03

SHA512
aaec3a70a2a216ac4cd62cf329c66ec0f50910a2425d5f63ed2cf2038579c4239215f392d98337e462cf94d81203deba16d80169b59c15cb69b651ef38c05a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
668605116459a472047a0864cf571707

SHA1
2b21415df06409ee014efa86563c17e5d666b974

SHA256
77eb3e7681eaaf0f0b4e2debf5b372fde122cff822a1ae972cfe4af18080ade5

SHA512
9d3aa33838f0492a206850aea8036145824860346f029b85b8f57c96c4620c080cecad89c2c0c9f35d81fe2881e0221dc7a4eed193b25428d25275937ed1d59e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a4f3962f351e22ed86d8721277e1f968

SHA1
d1c205a605364a6fe54e252fed5429d5a2f278eb

SHA256
4688f7f3bbac130f00f306a82b0db4584a678641b7c534b0d36002d1b9e78b22

SHA512
c96bbe9486c79d64afdc55d62f5e4fa2e6b06346f2264c54836c9c2399d09079bef7ff9eb0a97ce8022429783803e02c157fa70e193d8f1bb982349df2ba83d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57cec9.TMP

Filesize
120B

MD5
7e2d7d3c408e2b41e44b4dfd105f9ced

SHA1
329b5e9c7a397303060be1229b38f2e9d9ac7017

SHA256
a9c407cd0fefdb1aafee6b11a8c28d7de0ee6f3181607e200eab4eb0ccf6ba62

SHA512
46d0fa349798fa01433fd68c79167a0c4dadf2a5d56f64ab808a0c4c091be0a455b56f362d14c039c010027a7d90b784f127638afadd7ef9000e750a8eb04188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
01db37dfcbb18413bbf8cf466b30b886

SHA1
5c5d32eee7ddc78220465d29a5d3bf008cf77af5

SHA256
a235e02014c2e969f793b9bb5c9a4de2f970448a9b43a2337b7ae25ea776e28b

SHA512
c94678a67593624d824104e9fdcf3a0df80492cf658d1abeab549a4008156c3d48e20e524324be0c6ddd6668f58a18fcf6bd447f95d35a968f77a76be925eb0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
1c10ba3529be136edc71cb9079a9c30a

SHA1
968c14a3a4f717878baf15c0720912f9a3969e12

SHA256
5015d2d575429ddbd1c2db033fc8fdb78801f009f8a525cfeba953db438b5a88

SHA512
2f6982d99bb6049d2107097a5a2084512d800f99769bb6a3384e646aa81b7a25025024d52b0156ebb086c45925ae74f2eff1fb04184dd373a7f2aeaf8b0d3f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
359d1e37a264703c99ebd01eed362de5

SHA1
a1122c8bf9848b3371cd191ba540864204d1d845

SHA256
5781f3046b0d978469415a059cf5ceae0e532869e69ab1dffb8ed878bd299b07

SHA512
ce3caa1d2205be8167b7cd48ebf538a9ce8c148643c26a20377894aa15cf00f90b2b5e2ebf35d40a0273c088abc11fe6f010e34691d7fbc4bef8d7e482f5087d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\PIL\_imaging.cp311-win_amd64.pyd

Filesize
732KB

MD5
e382184096e78544c3d9eb9df61d6200

SHA1
e928c6f4bfd58f743c903289c09166dfa1b3207f

SHA256
f89c546766e5e309b8b16240bd139b47956951507cf9b5382f7baee00606961e

SHA512
a96c7f6553cde4789c5209e6790880fa89069a466e155f121d1ed67d28c3ce7846e3efabcc089d512c8c24f3f3e0dee2fb9b9ae4d6883176b53e19e85f8bfa0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\PIL\_imaging.cp311-win_amd64.pyd

Filesize
732KB

MD5
e382184096e78544c3d9eb9df61d6200

SHA1
e928c6f4bfd58f743c903289c09166dfa1b3207f

SHA256
f89c546766e5e309b8b16240bd139b47956951507cf9b5382f7baee00606961e

SHA512
a96c7f6553cde4789c5209e6790880fa89069a466e155f121d1ed67d28c3ce7846e3efabcc089d512c8c24f3f3e0dee2fb9b9ae4d6883176b53e19e85f8bfa0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_bz2.pyd

Filesize
48KB

MD5
b227a77a065cbdf53d89072b91ad5d36

SHA1
ca2b8fd5b8f84298fd147b3d8f850cd9d3b7678f

SHA256
fafee9f3f6a8f9dc1859f482a401c1301bc64632c5164db460f6dcfe010cf69d

SHA512
91f44f35360859fcc5f77a33fa9606c67ea353f97bac907078966afe7224d9197444ef3a79845ff3610cba9ba8703f39d83006a6795176f9a7d154a7ff7ae037

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_bz2.pyd

Filesize
48KB

MD5
b227a77a065cbdf53d89072b91ad5d36

SHA1
ca2b8fd5b8f84298fd147b3d8f850cd9d3b7678f

SHA256
fafee9f3f6a8f9dc1859f482a401c1301bc64632c5164db460f6dcfe010cf69d

SHA512
91f44f35360859fcc5f77a33fa9606c67ea353f97bac907078966afe7224d9197444ef3a79845ff3610cba9ba8703f39d83006a6795176f9a7d154a7ff7ae037

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_ctypes.pyd

Filesize
58KB

MD5
8bc1c4b20231b171ded3cba344b23d11

SHA1
a1610e87b3d37d898115bbe89127715f7fa5f1f5

SHA256
ba96086707c00ac6ad11a678ec87ae139a94d953665486cba79e5da18fccc5f9

SHA512
aa683ad0881b697aade8a5d19ffdc26e8aef1457db532a1c966e2dbe148fabf948d22f22181a16ea9280f682a2a24f438fbd27d2b370ce4208010a84bf4af748

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_ctypes.pyd

Filesize
58KB

MD5
8bc1c4b20231b171ded3cba344b23d11

SHA1
a1610e87b3d37d898115bbe89127715f7fa5f1f5

SHA256
ba96086707c00ac6ad11a678ec87ae139a94d953665486cba79e5da18fccc5f9

SHA512
aa683ad0881b697aade8a5d19ffdc26e8aef1457db532a1c966e2dbe148fabf948d22f22181a16ea9280f682a2a24f438fbd27d2b370ce4208010a84bf4af748

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_hashlib.pyd

Filesize
35KB

MD5
d6ede55082df871c677d0da68a49684f

SHA1
61b73740621d7ac9f677cdee1b776d14a7e9c2ff

SHA256
1aba7710685d8d86e182c5faeab604e71fcb3fff1b6ac905152cb4f1331f36fd

SHA512
337e880ae4859f72e86223785c628f40b84848ed6fa2a016031d16151fe655e1cd7008b4935cf5ad2c10decd25352eed04a0b9574289b0fd5ff3bc29b7550864

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_hashlib.pyd

Filesize
35KB

MD5
d6ede55082df871c677d0da68a49684f

SHA1
61b73740621d7ac9f677cdee1b776d14a7e9c2ff

SHA256
1aba7710685d8d86e182c5faeab604e71fcb3fff1b6ac905152cb4f1331f36fd

SHA512
337e880ae4859f72e86223785c628f40b84848ed6fa2a016031d16151fe655e1cd7008b4935cf5ad2c10decd25352eed04a0b9574289b0fd5ff3bc29b7550864

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_lzma.pyd

Filesize
85KB

MD5
b44fd0cc6537cf62cd93f26f0225b73f

SHA1
b851300f9436ca003b7738d511bd0d0a99f7bdfc

SHA256
134ead1985e01aa08fc0cf9429a3bdd2e8bd0ccd012a708bdb207452b81ee6ed

SHA512
8f3e79411790303dc0283846548ff33c541489dc6878902756b147d644afb6369e2721bc2ae913c6eb742346fcb0a7545df46ed6da8a13b15339e51e15117ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_lzma.pyd

Filesize
85KB

MD5
b44fd0cc6537cf62cd93f26f0225b73f

SHA1
b851300f9436ca003b7738d511bd0d0a99f7bdfc

SHA256
134ead1985e01aa08fc0cf9429a3bdd2e8bd0ccd012a708bdb207452b81ee6ed

SHA512
8f3e79411790303dc0283846548ff33c541489dc6878902756b147d644afb6369e2721bc2ae913c6eb742346fcb0a7545df46ed6da8a13b15339e51e15117ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_queue.pyd

Filesize
25KB

MD5
5a68de9bfe3b02de63dbb20656b16b53

SHA1
7eb26047fdd3307a82b406ea177b22ddbf1a14bc

SHA256
0f6f50993bdff1247a7cadf20934f214265dfb3712340326a2240767fe5e0fb7

SHA512
d6ed9a4208587c3482fe8652420773964ee9a2ae7e8de2aa0efba2b57eefd60a3bf7ddb6ab3de00797e963dc6c1a67ae426387cb14719900ccfb7cb0e8808215

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_queue.pyd

Filesize
25KB

MD5
5a68de9bfe3b02de63dbb20656b16b53

SHA1
7eb26047fdd3307a82b406ea177b22ddbf1a14bc

SHA256
0f6f50993bdff1247a7cadf20934f214265dfb3712340326a2240767fe5e0fb7

SHA512
d6ed9a4208587c3482fe8652420773964ee9a2ae7e8de2aa0efba2b57eefd60a3bf7ddb6ab3de00797e963dc6c1a67ae426387cb14719900ccfb7cb0e8808215

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_socket.pyd

Filesize
43KB

MD5
5fadaa05ce39e7bd808049556f6b95a5

SHA1
32b27e7c54bebbe8012126d3c0dd20f98689af88

SHA256
8cfe616dd8710ea5f2742f1306f64922826673c9a60e0b7b6f2552ac31088f9e

SHA512
1784faae9e641937afd73d7a7699ad1313b93353fb20a67965722ccc7a37aee34e3f053e6df35508c9e0a7ba6db48516ac475c3d1fac4dfe043beba3c0e6b59f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_socket.pyd

Filesize
43KB

MD5
5fadaa05ce39e7bd808049556f6b95a5

SHA1
32b27e7c54bebbe8012126d3c0dd20f98689af88

SHA256
8cfe616dd8710ea5f2742f1306f64922826673c9a60e0b7b6f2552ac31088f9e

SHA512
1784faae9e641937afd73d7a7699ad1313b93353fb20a67965722ccc7a37aee34e3f053e6df35508c9e0a7ba6db48516ac475c3d1fac4dfe043beba3c0e6b59f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_sqlite3.pyd

Filesize
56KB

MD5
bbe2a08a0e997eacc34735fc2c9df601

SHA1
0d0fcdb43a038ab9ef2dd46e00187a41e96c1489

SHA256
28add6e21b62ff80168e83efc537454f56ed55b8c758f4342cd36d51c89ae5df

SHA512
e799cefaca9b1908d78f61b0ba2a829c10318d0c1d9b031c73a71e3ed86c24c73f9bfa2a22e997f91b53c0e8aef972de5cc4698f26e1247530cd191bd57f4e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_sqlite3.pyd

Filesize
56KB

MD5
bbe2a08a0e997eacc34735fc2c9df601

SHA1
0d0fcdb43a038ab9ef2dd46e00187a41e96c1489

SHA256
28add6e21b62ff80168e83efc537454f56ed55b8c758f4342cd36d51c89ae5df

SHA512
e799cefaca9b1908d78f61b0ba2a829c10318d0c1d9b031c73a71e3ed86c24c73f9bfa2a22e997f91b53c0e8aef972de5cc4698f26e1247530cd191bd57f4e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_ssl.pyd

Filesize
62KB

MD5
6eab88efb66abaa42a3f6ec2f0ada718

SHA1
10f21dd91c309df77a5c1399fb059c8e70749fb4

SHA256
03d67916ef72469257a1e4f7c891a63769f1289d0104eb4f19508704f0200317

SHA512
14259bb728a75eae6ea93e2591f9e9aaa8677fe00f349210803db0e9fb42cfdb53e1d257bd9295905629b87c5741cd8409cb45a08129dd5838510670e13bbb53

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\_ssl.pyd

Filesize
62KB

MD5
6eab88efb66abaa42a3f6ec2f0ada718

SHA1
10f21dd91c309df77a5c1399fb059c8e70749fb4

SHA256
03d67916ef72469257a1e4f7c891a63769f1289d0104eb4f19508704f0200317

SHA512
14259bb728a75eae6ea93e2591f9e9aaa8677fe00f349210803db0e9fb42cfdb53e1d257bd9295905629b87c5741cd8409cb45a08129dd5838510670e13bbb53

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\base_library.zip

Filesize
1.7MB

MD5
948430bbba768d83a37fc725d7d31fbb

SHA1
e00d912fe85156f61fd8cd109d840d2d69b9629b

SHA256
65ebc074b147d65841a467a49f30a5f2f54659a0cc5dc31411467263a37c02df

SHA512
aad73403964228ed690ce3c5383e672b76690f776d4ff38792544c67e6d7b54eb56dd6653f4a89f7954752dae78ca35f738e000ffff07fdfb8ef2af708643186

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\libcrypto-1_1.dll

Filesize
1.1MB

MD5
14c89f5cf35732f5eae8c381935b53d8

SHA1
be143c04a004e86b439f495a01dbf4661566187e

SHA256
67a7ceab9a00047b3986855a438acf51faff86b6f13980fd282e5b312ae9e54e

SHA512
9a631dec362730273ddb4ed39dbe8adcc1bf87b53932dcb81e07fe4d5197fe56fa20c98a261cc950f4e4766ccfa8a9db93d6a975d10afbe1a0758b19ee879252

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\libcrypto-1_1.dll

Filesize
1.1MB

MD5
14c89f5cf35732f5eae8c381935b53d8

SHA1
be143c04a004e86b439f495a01dbf4661566187e

SHA256
67a7ceab9a00047b3986855a438acf51faff86b6f13980fd282e5b312ae9e54e

SHA512
9a631dec362730273ddb4ed39dbe8adcc1bf87b53932dcb81e07fe4d5197fe56fa20c98a261cc950f4e4766ccfa8a9db93d6a975d10afbe1a0758b19ee879252

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\libcrypto-1_1.dll

Filesize
1.1MB

MD5
14c89f5cf35732f5eae8c381935b53d8

SHA1
be143c04a004e86b439f495a01dbf4661566187e

SHA256
67a7ceab9a00047b3986855a438acf51faff86b6f13980fd282e5b312ae9e54e

SHA512
9a631dec362730273ddb4ed39dbe8adcc1bf87b53932dcb81e07fe4d5197fe56fa20c98a261cc950f4e4766ccfa8a9db93d6a975d10afbe1a0758b19ee879252

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\libffi-8.dll

Filesize
27KB

MD5
85eb80a41bc7dac7795e3194831883d6

SHA1
94d8f9607b8cc0893ab0798aeb02ae740e3f445e

SHA256
19f877901640af18a27d340002744a2a1709e106b3972b9ca5336ece43a91522

SHA512
42205da7e5af87c5e7f9198db5d198173142876b541dc8abe0ea9e0a23041366e7e85b545efe97447aac6774feb1a40069580051928d3541cec0ff5e99cca8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\libffi-8.dll

Filesize
27KB

MD5
85eb80a41bc7dac7795e3194831883d6

SHA1
94d8f9607b8cc0893ab0798aeb02ae740e3f445e

SHA256
19f877901640af18a27d340002744a2a1709e106b3972b9ca5336ece43a91522

SHA512
42205da7e5af87c5e7f9198db5d198173142876b541dc8abe0ea9e0a23041366e7e85b545efe97447aac6774feb1a40069580051928d3541cec0ff5e99cca8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\libssl-1_1.dll

Filesize
203KB

MD5
12ce2e61d0b52bec18225c1a7542d5a4

SHA1
9b34515971021d678ffc6087cc968c93a16895dc

SHA256
17096a9f8be7cb4bc65318c2b64643949720965fadaf7d128895ccdd7215c896

SHA512
e28eeeb8f51f82b596cb8dca5cc0d538b647487cce7304a32ed7730fff6b3968ffd6c6a00f57607c2ac12766286251004e8a8452ea299dca86336b5ed725be41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\libssl-1_1.dll

Filesize
203KB

MD5
12ce2e61d0b52bec18225c1a7542d5a4

SHA1
9b34515971021d678ffc6087cc968c93a16895dc

SHA256
17096a9f8be7cb4bc65318c2b64643949720965fadaf7d128895ccdd7215c896

SHA512
e28eeeb8f51f82b596cb8dca5cc0d538b647487cce7304a32ed7730fff6b3968ffd6c6a00f57607c2ac12766286251004e8a8452ea299dca86336b5ed725be41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\python311.dll

Filesize
1.6MB

MD5
53b1a9474ddc3a31adf72011dc8da780

SHA1
36f476d318acca6a12d3625b02cb14ab19534db7

SHA256
357e545f47b605682328566a8df692dc22e4ea2ab37686788c3416b3813addc7

SHA512
290c070eaf324476bfda676fc547ee42479a239b11192b654604862d53de1f1752a2f1b212dc15b3a22787a6469d6ec22ced98b7bb7d5f7c618602bbd12b7881

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\python311.dll

Filesize
1.6MB

MD5
53b1a9474ddc3a31adf72011dc8da780

SHA1
36f476d318acca6a12d3625b02cb14ab19534db7

SHA256
357e545f47b605682328566a8df692dc22e4ea2ab37686788c3416b3813addc7

SHA512
290c070eaf324476bfda676fc547ee42479a239b11192b654604862d53de1f1752a2f1b212dc15b3a22787a6469d6ec22ced98b7bb7d5f7c618602bbd12b7881

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\select.pyd

Filesize
25KB

MD5
4fb899c990d705b5d2f96947c1cdbc17

SHA1
0cfbf51732a5e55422d5a70b446e0208c6c852a6

SHA256
3fcd54d75627f5cdbe2398bb6bd7008d5b1041cc84aa9a40424f1caa290638a5

SHA512
718a832577447b93262ea2269a6fbeddea3daf17e0134e56fb72a71c4de42014c9cbcd46a54521b92c8ba161fcbe7a92ab4132b37d7dd804a70f3fb4814065ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\select.pyd

Filesize
25KB

MD5
4fb899c990d705b5d2f96947c1cdbc17

SHA1
0cfbf51732a5e55422d5a70b446e0208c6c852a6

SHA256
3fcd54d75627f5cdbe2398bb6bd7008d5b1041cc84aa9a40424f1caa290638a5

SHA512
718a832577447b93262ea2269a6fbeddea3daf17e0134e56fb72a71c4de42014c9cbcd46a54521b92c8ba161fcbe7a92ab4132b37d7dd804a70f3fb4814065ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\sqlite3.dll

Filesize
607KB

MD5
dd904ba8cbc5933ca8dcfd08724a4d23

SHA1
0b1acb031846e8eed30e3f508cdae4c25ee96fc4

SHA256
94ce8d7282fe94377edd09998ed23107b072c3562785116c4e79ce7391b3511e

SHA512
be665d19e4b4afa873689ad391dfb96101a27d513872fc63302d47ae0ee8e8631230f03ba9e01f06d6b6caf1b4243e65ad285e72b956481c88d475958b5ac83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\sqlite3.dll

Filesize
607KB

MD5
dd904ba8cbc5933ca8dcfd08724a4d23

SHA1
0b1acb031846e8eed30e3f508cdae4c25ee96fc4

SHA256
94ce8d7282fe94377edd09998ed23107b072c3562785116c4e79ce7391b3511e

SHA512
be665d19e4b4afa873689ad391dfb96101a27d513872fc63302d47ae0ee8e8631230f03ba9e01f06d6b6caf1b4243e65ad285e72b956481c88d475958b5ac83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\tinyaes.cp311-win_amd64.pyd

Filesize
17KB

MD5
e058c833777e27d6b46a4aa4244f840a

SHA1
f3e144cee4fcaa09f7c0f7a2f1d124b3740f95e9

SHA256
72d221dc53979820e152436b1fff307ba55a9f8fd3b208645b6b52c3676dd64e

SHA512
29680311bd40ecd85db6d1727852005ab44c48475e80cc28a5eb2f7d879d28b6c0b43f11fce67432b4aa34da2c31804fce5dea2f2657854997c43702b67d4a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\tinyaes.cp311-win_amd64.pyd

Filesize
17KB

MD5
e058c833777e27d6b46a4aa4244f840a

SHA1
f3e144cee4fcaa09f7c0f7a2f1d124b3740f95e9

SHA256
72d221dc53979820e152436b1fff307ba55a9f8fd3b208645b6b52c3676dd64e

SHA512
29680311bd40ecd85db6d1727852005ab44c48475e80cc28a5eb2f7d879d28b6c0b43f11fce67432b4aa34da2c31804fce5dea2f2657854997c43702b67d4a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vv1ojpbr.3tk.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/2764-203-0x00007FFAD1B00000-0x00007FFAD1B0D000-memory.dmp

Filesize
52KB

Download
memory/2764-202-0x00007FFAD1B10000-0x00007FFAD1B29000-memory.dmp

Filesize
100KB

Download
memory/2764-232-0x00007FFAD4DC0000-0x00007FFAD4DD0000-memory.dmp

Filesize
64KB

Download
memory/2764-233-0x00007FFAD1B90000-0x00007FFAD1BB3000-memory.dmp

Filesize
140KB

Download
memory/2764-230-0x00007FFABDB50000-0x00007FFABE13A000-memory.dmp

Filesize
5.9MB

Download
memory/2764-235-0x00007FFAD1B60000-0x00007FFAD1B8D000-memory.dmp

Filesize
180KB

Download
memory/2764-236-0x00007FFAD24B0000-0x00007FFAD24C9000-memory.dmp

Filesize
100KB

Download
memory/2764-237-0x00007FFAD1B30000-0x00007FFAD1B53000-memory.dmp

Filesize
140KB

Download
memory/2764-234-0x00007FFAD2690000-0x00007FFAD269F000-memory.dmp

Filesize
60KB

Download
memory/2764-238-0x00007FFACD560000-0x00007FFACD6CF000-memory.dmp

Filesize
1.4MB

Download
memory/2764-241-0x00007FFAD1B00000-0x00007FFAD1B0D000-memory.dmp

Filesize
52KB

Download
memory/2764-175-0x00007FFABDB50000-0x00007FFABE13A000-memory.dmp

Filesize
5.9MB

Download
memory/2764-240-0x00007FFACD300000-0x00007FFACD552000-memory.dmp

Filesize
2.3MB

Download
memory/2764-239-0x00007FFAD1B10000-0x00007FFAD1B29000-memory.dmp

Filesize
100KB

Download
memory/2764-244-0x00007FFAD1AA0000-0x00007FFAD1ACE000-memory.dmp

Filesize
184KB

Download
memory/2764-247-0x00007FFABD7D0000-0x00007FFABDB45000-memory.dmp

Filesize
3.5MB

Download
memory/2764-246-0x00007FFACE060000-0x00007FFACE118000-memory.dmp

Filesize
736KB

Download
memory/2764-249-0x00007FFACE040000-0x00007FFACE054000-memory.dmp

Filesize
80KB

Download
memory/2764-210-0x00007FFACE030000-0x00007FFACE03D000-memory.dmp

Filesize
52KB

Download
memory/2764-176-0x00007FFAD4DC0000-0x00007FFAD4DD0000-memory.dmp

Filesize
64KB

Download
memory/2764-177-0x00007FFAD1B90000-0x00007FFAD1BB3000-memory.dmp

Filesize
140KB

Download
memory/2764-178-0x00007FFAD2690000-0x00007FFAD269F000-memory.dmp

Filesize
60KB

Download
memory/2764-252-0x00007FFACE030000-0x00007FFACE03D000-memory.dmp

Filesize
52KB

Download
memory/2764-209-0x00007FFACE040000-0x00007FFACE054000-memory.dmp

Filesize
80KB

Download
memory/2764-208-0x00007FFABD7D0000-0x00007FFABDB45000-memory.dmp

Filesize
3.5MB

Download
memory/2764-207-0x0000021DE6410000-0x0000021DE6785000-memory.dmp

Filesize
3.5MB

Download
memory/2764-205-0x00007FFACE060000-0x00007FFACE118000-memory.dmp

Filesize
736KB

Download
memory/2764-204-0x00007FFAD1AA0000-0x00007FFAD1ACE000-memory.dmp

Filesize
184KB

Download
memory/2764-182-0x00007FFAD1B60000-0x00007FFAD1B8D000-memory.dmp

Filesize
180KB

Download
memory/2764-201-0x00007FFAD1B30000-0x00007FFAD1B53000-memory.dmp

Filesize
140KB

Download
memory/2764-184-0x00007FFACD560000-0x00007FFACD6CF000-memory.dmp

Filesize
1.4MB

Download
memory/2764-183-0x00007FFAD24B0000-0x00007FFAD24C9000-memory.dmp

Filesize
100KB

Download
memory/4920-220-0x00000243FF1A0000-0x00000243FF1C2000-memory.dmp

Filesize
136KB

Download
memory/4920-243-0x00000243FD020000-0x00000243FD030000-memory.dmp

Filesize
64KB

Download
memory/4920-245-0x00000243FD020000-0x00000243FD030000-memory.dmp

Filesize
64KB

Download
memory/4920-248-0x00000243FD020000-0x00000243FD030000-memory.dmp

Filesize
64KB

Download
memory/4920-242-0x00000243FD020000-0x00000243FD030000-memory.dmp

Filesize
64KB

Download