systembc | c9c5581052462560bfe4587156b906c309ab10b19c5fe005a064384593609901

Analysis

max time kernel
100s
max time network
108s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
21-07-2023 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AppInstaIIer.exe
Size

34.7MB
MD5

79e7fd3f75d702060da1bce9fffc1db2
SHA1

308a13aa1d631fdf862c28184f5c4892a50427e4
SHA256

c9c5581052462560bfe4587156b906c309ab10b19c5fe005a064384593609901
SHA512

b6cda84590cf6ad44bb6e5a7750a886cc6a48395eb834f47144c6ee7b076b891154b68f5fea7d3c6b8cfb9521fcb494eddb2c6ca676f985be407c49f9857f32b
SSDEEP

786432:G7dVMxn9bYyICJVmqPt0+nNICoie+MqNOym5v:GQnGBentbnd0/v

Score

10^/10

systembc vidar https://t.me/jsvbdyufwibascq persistence spyware stealer trojan

Malware Config

Extracted

Family

vidar

Version

4.8

Botnet

https://t.me/jsvbdyufwibascq

https://t.me/sundayevent

https://steamcommunity.com/profiles/76561198982268531

Attributes

profile_id_v2
https://t.me/jsvbdyufwibascq
user_agent
Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Extracted

Family

systembc

91.103.252.89:4317

91.103.252.57:4317

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

93430193069540135771.exe

pid process

4380 93430193069540135771.exe
Loads dropped DLL 2 IoCs

Processes:

AddInProcess32.exe

pid process

3756 AddInProcess32.exe
3756 AddInProcess32.exe
Accesses 2FA software files, possible credential harvesting 2 TTPs
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
4380	93430193069540135771.exe

pid	process
3756	AddInProcess32.exe
3756	AddInProcess32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

AppInstaIIer.exe

description ioc process

File opened (read-only) \??\F: AppInstaIIer.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

AppInstaIIer.exe

description pid process target process

PID 788 set thread context of 3756 788 AppInstaIIer.exe AddInProcess32.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened (read-only)	\??\F:	AppInstaIIer.exe

description	pid	process	target process
PID 788 set thread context of 3756	788	AppInstaIIer.exe	AddInProcess32.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exeAddInProcess32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AddInProcess32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AddInProcess32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133344030449578026"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

AppInstaIIer.exepowershell.exepowershell.exechrome.exeAddInProcess32.exechrome.exechrome.exe

pid	process
788	AppInstaIIer.exe
788	AppInstaIIer.exe
788	AppInstaIIer.exe
788	AppInstaIIer.exe
788	AppInstaIIer.exe
788	AppInstaIIer.exe
788	AppInstaIIer.exe
788	AppInstaIIer.exe
788	AppInstaIIer.exe
788	AppInstaIIer.exe
788	AppInstaIIer.exe
788	AppInstaIIer.exe
2424	powershell.exe
2424	powershell.exe
2424	powershell.exe
4836	powershell.exe
4836	powershell.exe
4836	powershell.exe
3300	chrome.exe
3300	chrome.exe
3756	AddInProcess32.exe
3756	AddInProcess32.exe
3756	AddInProcess32.exe
3756	AddInProcess32.exe
4120	chrome.exe
4120	chrome.exe
5876	chrome.exe
5876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid	process
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exepowershell.exechrome.exechrome.exefirefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2424	powershell.exe
Token: SeDebugPrivilege	4836	powershell.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeDebugPrivilege	4180	firefox.exe
Token: SeDebugPrivilege	4180	firefox.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	5876	chrome.exe
Token: SeCreatePagefilePrivilege	5876	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exechrome.exefirefox.exe

pid	process
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exechrome.exefirefox.exechrome.exe

pid	process
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4180	firefox.exe
4180	firefox.exe
4180	firefox.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe
5876	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4180 firefox.exe

pid	process
4180	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AppInstaIIer.exechrome.exe

description	pid	process	target process
PID 788 wrote to memory of 2424	788	AppInstaIIer.exe	powershell.exe
PID 788 wrote to memory of 2424	788	AppInstaIIer.exe	powershell.exe
PID 788 wrote to memory of 3756	788	AppInstaIIer.exe	AddInProcess32.exe
PID 788 wrote to memory of 3756	788	AppInstaIIer.exe	AddInProcess32.exe
PID 788 wrote to memory of 3756	788	AppInstaIIer.exe	AddInProcess32.exe
PID 788 wrote to memory of 4836	788	AppInstaIIer.exe	powershell.exe
PID 788 wrote to memory of 4836	788	AppInstaIIer.exe	powershell.exe
PID 3300 wrote to memory of 3372	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3372	3300	chrome.exe	chrome.exe
PID 788 wrote to memory of 3756	788	AppInstaIIer.exe	AddInProcess32.exe
PID 788 wrote to memory of 3756	788	AppInstaIIer.exe	AddInProcess32.exe
PID 788 wrote to memory of 3756	788	AppInstaIIer.exe	AddInProcess32.exe
PID 788 wrote to memory of 3756	788	AppInstaIIer.exe	AddInProcess32.exe
PID 788 wrote to memory of 3756	788	AppInstaIIer.exe	AddInProcess32.exe
PID 788 wrote to memory of 3756	788	AppInstaIIer.exe	AddInProcess32.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 2716	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1860	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1860	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3908	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3908	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3908	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3908	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3908	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3908	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3908	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3908	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3908	3300	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AppInstaIIer.exe
"C:\Users\Admin\AppData\Local\Temp\AppInstaIIer.exe"
1⤵
- Enumerates connected drives
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:788

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMwA=
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
2⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:3756

C:\ProgramData\93430193069540135771.exe
"C:\ProgramData\93430193069540135771.exe"
3⤵
- Executes dropped EXE
PID:4380

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAANAA=
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe1dd49758,0x7ffe1dd49768,0x7ffe1dd49778
2⤵
PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1828 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:8
2⤵
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:8
2⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:2
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:1
2⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:1
2⤵
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:1
2⤵
PID:712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:8
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:8
2⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:8
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3640 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:8
2⤵
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=2076,i,5048311308243369186,1859369364157180990,131072 /prefetch:8
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe33209758,0x7ffe33209768,0x7ffe33209778
2⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:2
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:8
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:8
2⤵
PID:508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:1
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:1
2⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:1
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:8
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:8
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:8
2⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:8
2⤵
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:8
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5204 --field-trial-handle=1744,i,591424926983528725,13962763258311871271,131072 /prefetch:1
2⤵
PID:1792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4180.0.135185641\16683109" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1720 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cba6aa6d-a9d5-49ee-8bfb-0467d8a89164} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" 1820 1fd911e5358 gpu
3⤵
PID:3392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4180.1.412818540\221686658" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd213835-e73d-4f95-94f8-0b34fb62e571} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" 2184 1fd90fe3258 socket
3⤵
- Checks processor information in registry
PID:3992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4180.2.1959215013\21484154" -childID 1 -isForBrowser -prefsHandle 2624 -prefMapHandle 2716 -prefsLen 21055 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4ca54ea-9268-410a-b281-1889d2a5b76e} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" 2924 1fd951e2858 tab
3⤵
PID:3676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4180.3.268538955\1334217729" -childID 2 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fcea45e-81e7-4c70-b538-b5c1d02335e1} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" 3384 1fd93bd9558 tab
3⤵
PID:5016

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4180.4.245004836\1672598676" -childID 3 -isForBrowser -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f202830c-bef9-4063-a6ac-9efadc02519b} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" 3952 1fd964aa458 tab
3⤵
PID:1520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4180.7.2096970265\1120813506" -childID 6 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73424b0b-3959-4d9e-998d-68320cc370e4} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" 5112 1fd9779d158 tab
3⤵
PID:5424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4180.6.231711555\1944190985" -childID 5 -isForBrowser -prefsHandle 4936 -prefMapHandle 4940 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebb07926-d485-4996-880d-e8d920174563} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" 4928 1fd9779cb58 tab
3⤵
PID:5416

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4180.5.118910542\456039885" -childID 4 -isForBrowser -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b2e3e4b-1609-4fb4-a9da-5c9762e18ca3} 4180 "\\.\pipe\gecko-crash-server-pipe.4180" 4800 1fd9779e058 tab
3⤵
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe33209758,0x7ffe33209768,0x7ffe33209778
2⤵
PID:5884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1736,i,2307893995045575223,10261040190830103542,131072 /prefetch:2
2⤵
PID:6056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1736,i,2307893995045575223,10261040190830103542,131072 /prefetch:8
2⤵
PID:6080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,2307893995045575223,10261040190830103542,131072 /prefetch:8
2⤵
PID:5984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1736,i,2307893995045575223,10261040190830103542,131072 /prefetch:1
2⤵
PID:6124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1736,i,2307893995045575223,10261040190830103542,131072 /prefetch:1
2⤵
PID:6116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1736,i,2307893995045575223,10261040190830103542,131072 /prefetch:1
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1736,i,2307893995045575223,10261040190830103542,131072 /prefetch:8
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1736,i,2307893995045575223,10261040190830103542,131072 /prefetch:8
2⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1736,i,2307893995045575223,10261040190830103542,131072 /prefetch:8
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1736,i,2307893995045575223,10261040190830103542,131072 /prefetch:8
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5260

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\93430193069540135771.exe
Filesize
4.8MB

MD5
3497f4d522aa714d95677007cf9eeeaf

SHA1
0bfb2cad75fbbf6eef637d079c8f8404ddc64084

SHA256
2a3e6e16851d27ef74da7efe5de3eada4042f647d40664d55cc0d56c7bad45fb

SHA512
4d8320edf9df5a5ebdc5c3704d6febab8b1a7a49f942ef2cd3750b2501d9c46a40e623a247893e17b935def9d1508a3b0d11ba017f12425c1bdaf81add1e75e7

Download Submit
C:\ProgramData\93430193069540135771.exe
Filesize
4.8MB

MD5
3497f4d522aa714d95677007cf9eeeaf

SHA1
0bfb2cad75fbbf6eef637d079c8f8404ddc64084

SHA256
2a3e6e16851d27ef74da7efe5de3eada4042f647d40664d55cc0d56c7bad45fb

SHA512
4d8320edf9df5a5ebdc5c3704d6febab8b1a7a49f942ef2cd3750b2501d9c46a40e623a247893e17b935def9d1508a3b0d11ba017f12425c1bdaf81add1e75e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8df6a976-38ac-499b-bef5-7e1000d44785.tmp
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
0febf2289bb540cfd1d8b8c39d8bf27d

SHA1
16b762c914d5722499779c03afa9d67cd12ad685

SHA256
c3e4eb301f44b0f1b85535ae5c696a9ba1a5e2e9e4428f0a32f7cabea29928d7

SHA512
22177d4845c3eeb21ac92008cdf27731269b47ad27958eb1b883461c05b40f02f63c9404781b923aca3f2acae0fc7a32c099c15286f785b0c529402a5154e873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
0febf2289bb540cfd1d8b8c39d8bf27d

SHA1
16b762c914d5722499779c03afa9d67cd12ad685

SHA256
c3e4eb301f44b0f1b85535ae5c696a9ba1a5e2e9e4428f0a32f7cabea29928d7

SHA512
22177d4845c3eeb21ac92008cdf27731269b47ad27958eb1b883461c05b40f02f63c9404781b923aca3f2acae0fc7a32c099c15286f785b0c529402a5154e873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
0febf2289bb540cfd1d8b8c39d8bf27d

SHA1
16b762c914d5722499779c03afa9d67cd12ad685

SHA256
c3e4eb301f44b0f1b85535ae5c696a9ba1a5e2e9e4428f0a32f7cabea29928d7

SHA512
22177d4845c3eeb21ac92008cdf27731269b47ad27958eb1b883461c05b40f02f63c9404781b923aca3f2acae0fc7a32c099c15286f785b0c529402a5154e873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8ae766bf-2bb1-41ff-b85a-c6df40238c4f.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
d0cee9ed169b7095c32aeb89061ee24f

SHA1
8035ced7d2623526c63be50f35c44f612dac710d

SHA256
66af552922d3fe4c651c151fb84c2d3b5c2c68c33ffb503402560f28660b4c06

SHA512
d64e73556081705842bb083a98db808c9d6e3dcada0b3ab3eac8106e1c4b91606c6ad6b6661da1a63f62969bd4606d492df3c1c9155fae0ccf7d7af7ee7dbaca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
663ee7a8ed692d4810f196d1b6d96b1f

SHA1
2faa53959c55c8cc6b3f42a19fd2bda381b151f1

SHA256
22b41a14fea7b251ff80749ce0f861561dcbdd582da028a6caee2ba46ed40231

SHA512
46c2025f89f194c149ed5b46c7c84f0d66284d67308bf2b3a16d227e4aa85a89f92701fc7b71514e2a7d41bc47bf63755ae0e6ce3d7c6eb7b921858282727a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
4d98af3388e6266147409777905b57c8

SHA1
7c71c2387ebee4bfed0d77ff8c53726b1215d75e

SHA256
cc2e523e6c47c67ee15cb39ed223b421425465e0174eccbf40797a28d1df4a5a

SHA512
b68c63ed61751961330b32abd5fb913b78947a4335836f626870bc2521098326455338c31a75cf168d5818fdf9ff0402f6b86b7a8a93cb00310d01e4a37413f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
37KB

MD5
09c56df5b7f7246436351862ed233ffb

SHA1
4f47a7eb79e76286b6535c8d2a83810dad7a27c2

SHA256
ca7761f375d18ac8af7fe0880e1b9556d5c6919c1a669b04a12dceacc9ddc5c3

SHA512
d67a3b4d0fca216ac441e11e73e4e3a1e5df47ba6fc31b2cc4400e82069c35cb5dccf56390954889f982052ed88b191cb370388176730ecc04e41e123215190b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
55KB

MD5
853f43c24983c06a439d38e6f83b35a8

SHA1
c87815c5e051c1998830f798a14b3b5c706e11a3

SHA256
be23f27f9c8c3e0f89f8e4e2c6b6598835e44300e51138680e34ab1dffd2025a

SHA512
11ecdacf08da0c8b0b4a4592b62cc3f6612014186805ac511ea019b950a6bebbce1dfe49b1f8b03b5868958c7c09801aba63299eefd9b1ecaf2e4f5a1c65ac11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
085b547de8362572845dbdf3d046ac85

SHA1
843fcd4a9c8d29a5d32a5a2b6fd7d707ec5e6e4c

SHA256
3ac0e4ea808b8cdaa9fd7e7cb8c3ae4b025f0ae1b9a705ece55bc6387d2b7d1d

SHA512
06f8f0fb3abcf751aa5ddd92bb6b5c405e6df655836e4ef8e6e018be19e492af3350ab9701aac5a7a3cdf8eccc2f9f8d69c5c93924c878bdf556bf33fc6638e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
Filesize
320B

MD5
e08433b866160eddb7c7effee0749aad

SHA1
a29340c8e9a80fb3ebbd6c0284e4d676bdea3ee6

SHA256
c4605f0e615c4088d78f082a61a019f3083b932676ba8051d6c544f6dfb6d830

SHA512
75576f44e82b492009c21776f321ac166837d8057d047bce06780260f98ac6a8e88cc2489abf114acff9c29a923be4dda6d8469134b7354aabf709714e779282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
Filesize
327B

MD5
ce5a787b5b6d23128dad6e396e36236c

SHA1
078c0e2c4328b28b71807b6e60b6d0ff6d5b3506

SHA256
a7dab1bae975bb2f62de82473070d061f925c3c3aa76589af83abeceeefb086a

SHA512
5cc59c5804e6ea2e0bf7c1e49148fe6951d67e809d995d67a1b53f7e9147d6c10069ecdadc083687fc52f10c4b97de75b0b9535c0d4c6e73b88cbb36b4dc1301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Filesize
332B

MD5
1de6c76c8766d9298ae835c78af26c88

SHA1
ca60d8d02d457ce75c4d582997ff52d6fe7e42e6

SHA256
8bc33e97eb3a383525c2a30ee4c5971082d2bb59ea958bd85a704366b1618b28

SHA512
11127ad9f7226da450fca5c5ea9d441ddafcb1483400efb6720524d53f57c1c0a96561b957fd5c7b107b0ef601086dd9ac1d729ab560fe3cc65feef7048f3cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
3d8ae1f05a291f7006d93ef70569ca5b

SHA1
6ebcbb586f220c6ab502236b470ac3c83066e0d8

SHA256
5f94038ad809c4e74aac0cf39ede43e96969d6bcd00084bb60aa1590d9b12675

SHA512
ae2a177ec909af89079a034737284ef2ccb9fc21b02c07110ac0d13e3b1fa1d089fafa382b4d27f58c34b39da8f96b899c40501f83c9f9596f3de22212647561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
537B

MD5
896a746cd4c29fcb8f47216411b3b82e

SHA1
4f9f8f86eef79b6a8b3514dbdda03f185a7ba4e9

SHA256
427b7dabe589992809b3a7fbb2688434b13ed4196847b052d1ec36a1d30a783c

SHA512
f7fc0c0f4851a5718b2627e6aef8f92b4eff4123d0aef7210e33590b7440786a04a7bc3831a074fb4b6a7e0c546c55be6a6f7826ff0bc71411d7ba076f880d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
537B

MD5
88fef77b35b4116490377fe8f2a925c7

SHA1
ba17d11f1f87aab29d8fed44de2ff25daa677388

SHA256
f9731dbf6e0f595600d619616b22d9dba378bf995387fed78e9fb4be673722dc

SHA512
4c96c2b1ef4ec7242e419241aec1dc82f9cb5c01c53d453cce473d8d3685e8c3cb56a6a79e64008c51631c820e2154162333fda6e9b82ebe9fee0e36824f9487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
98037bc5073aff62d78a383eb7ed2b0a

SHA1
679eb869fffce792e6dca8fa5a83868df8eb8d24

SHA256
a15ccc6d6e326fe583b848a77af9476adad6d3d78144a712a1d0b2b95ba62b26

SHA512
99c85d8c994a1416d98b08ff5187187dcdfb47ac1bdcc44a700f55f917cec43baf1fe12ebe330776ce2c152a3502f0995133b668dfab3ee5949bdb1a67c8beff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
606ee315aa042fd48f4724b390b1488c

SHA1
01f83a45274878ae0a7299af2644c1571a499b6b

SHA256
eccc464eb6e74c29ff13d901f85e5ef8b5d4b304251b4f8d02e713bf0424661d

SHA512
de8452eafe99124e9497fdcde49d4ad28d1fd20f13ea48a2ee741f7870a01c4ad4e949136d4e9d64b154ac52ac884fc84df5355d3ceb3c91a63a75d934875ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
9aee9a9b9c82e3bd2bb4b59afab5bcc8

SHA1
0964fe9cff59a0a3ce75c7a1406928b2ccde46d9

SHA256
3eb77e6cf2bd90c83784a47ccab0d8654bef9e2d07582073be00915aeba83400

SHA512
27f21e3194f0a36558852bfc0351dcf0a9c786e91694a26d21b2d746f763001730a7d94cdd91bd25abdce22f2b18fcdbf47c04f8fa918c3c7c2a5519fc51bd96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
4f9bb2a64889cc3abfd4632566f3612e

SHA1
59c08e3d8f6a86d780dfcf84b02ce3a649aa0813

SHA256
bcf1b179a0d866fcbc7a622157a4d3249c1d6f79db24818136218557bfecc765

SHA512
1efaf6cef06488c12e8df587e27a543a03419567be4bcd5893e68fcea8f3e98dbf1643b42e617a4fffd97b43f440ec416bbf1ecf67d6b7f6014e85cdab4ce0fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
08a8e6408dad1acab1dbf4dccb800882

SHA1
63ba1954035d9a62930a3efae09beb2463d4c73e

SHA256
edff1fbd2ff88f613ae6b8881ab4b318d61370359967e10cf2d18ed450f771d1

SHA512
1eb2641daf2218c743b737bd72708eccdbc40e57ef21cfb5e1f9c81f67a9ddb335e23f99fcd70535654b5580d37cff78f282027c25b9806369ea63fa03024e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
Filesize
194B

MD5
d7d9437445aa960dcea52ffe772822dc

SHA1
c2bbf4ac0732d905d998c4f645fd60f95a675d02

SHA256
4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1

SHA512
335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
Filesize
320B

MD5
d6ac9d3e4ebc57bb99b1bb8292141cbd

SHA1
d55420cd8319be78aeae264210fee543c8f62116

SHA256
40d2e224a7423890a6253d67c0d5f0f18970844d42aaa6db8dd729aae373041c

SHA512
b4d2d17549ee0ec09d125721d1c98517139956a1d7b4a61c2420b6333aea37d2b14564717f04bf397de62de2259871c403c152f5de3885838640789b19e01979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13334403042848795
Filesize
2KB

MD5
1c99859335d686254598cb2a45f87f9f

SHA1
a3a9681b08a344569949addb313afdf2fa94e045

SHA256
a59d12f93999fd269c45bea5f2c7519d901a9ada93e32f87eea6b536d74fca0e

SHA512
b5846608b89cd4c68ae172b591c298a323f1b9e53cd46f4c77aa388a6ba31420eabe09ac16c5334988c4fd5306c9a091f79de89e709ee014adc6a1f4a5f9929a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
ee81597a00620234ec5876552fad23e2

SHA1
96efd1446d936512c075e92f50daf795e1941209

SHA256
48510e354ac96526f178659c5475d86f8b9d0d1d3fbb9eca9767f1529ea9b370

SHA512
7fc94989b468858fcb05ea1717997ff313ef71bd018f309f5d5808f374f94e46443e0673d5248101fc388ce90a26e90b6ca7db7261a0d6ae5238f9189a973be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
Filesize
8KB

MD5
5217139057e3a47c26ed25878d23e0dd

SHA1
ae094404562443b21d47b1c161b2075fb9ace249

SHA256
7bcc5f7c8889a68df251f870f859a956f2b1ddc4d09ae52b4643e20f2fe9b04f

SHA512
ebe5a75211a4fc2b00fd350d371e5280fe44d132f65d36939474f25b49905fbe6972052a1ae90537f714ea75ff410a43866a47fb1d16b88fdfa4fad081464c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
Filesize
324B

MD5
2e9243c71c103169628422aaa2330c6d

SHA1
e2ee8caf4513376719f3b8ab49be485eaa11c1f4

SHA256
108f68239d856cdb591d2fd9bf03dbe1f1addc5898ea3c0b6dffffa1d0e104f4

SHA512
f0443c7fa77c56fdb461992c4dccc15b3d7cf8f0e07c2a9772036be99519c6f69773c7a51f73c1dad9e37126127b2186fa68f490884899ff575211798cc07ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
Filesize
874B

MD5
56fb8963e8f8b4907bd53f02105cce5d

SHA1
9bbe366cfe35a9df06643fbe8f086388434562ae

SHA256
2ec215eacfb66640f03e17aeeffb4fb9b302c0a9ddbc2a402a85b348cf515ce1

SHA512
db1bde79e441b12053579a893deb97707fbc36fdbe43d5cd0b819432d7fef4638cf753020c50f077111689373a34fa33e60667ad1bb0d02bfcc91be6866fa498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
Filesize
320B

MD5
f4da3b17bd570301386fb9084b7ae764

SHA1
66f11a10d5e7d39a1b5c421ba0578d7ae06778c8

SHA256
9dbadbbe83c6d4a86450bd2596d976cf395ee40986c5bc9398ae821d8f49a1c3

SHA512
a5026d26e5ea08504a3ad4f4eaa72c7d1fbbaff1d346b5aeb3ee62a55bf9d1fe9f60f422134fc4eea8cc971a15652a46e6f72eb247db39567f318c19e81f6e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
918B

MD5
f972aeca874644e07a9543bf77fe0da3

SHA1
2bbf7dda2dc6c50e7e56eb74f3b2fd70f1d33d37

SHA256
03e641a1d3f721f8fe1978575a540b604b247e7c85d5ba2c4c960eead2dd6ea4

SHA512
72d0fb472de61a2146d16c11d49ec6cabca6cdad50a06ffd8c71f907603bde1c088e1a5614f68af4d07e937020e01e77a4ca1ad3524a7459d4b941b20f291595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
Filesize
338B

MD5
ae0e5f0ca81e989c8f3d648f20b2b666

SHA1
d75916853d49da458e51642e5756f8594ac3a90d

SHA256
08b08eb688e5a382219393ee7a24ecbb5d28d810e32dc6231d4af67969579fe4

SHA512
91f8dd6c98abd1440aec74ce9d7d038d252024474f8dcc156b574afa35e4fd10e1b60e6e318c50f3ae7f3bdd2dd9de0b5a99f62faa314585120cb02f5a874de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
Filesize
44KB

MD5
31c7ebdf066ae29d8787ddf448d66466

SHA1
eaf7378ff9f5282a3f4bd95875953de15cf434bf

SHA256
7c9f93b3c0fa49c97859688205e95163480af2ccdd985192c3815023f9184a0e

SHA512
2188f265b6b13c2a5a6faa432984f929efa8cfa51f2064181e2b41c37db582a1c0378c1240be703510496c3e0cd4087fcf25196509407aa2b85364c3fc776fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
41095fe9d1069f9468f68d1fb2510eef

SHA1
63a3f62edcf7da236cac47b8a9a0ae0e2f2f0b4a

SHA256
9bc9f56264dbfe5eb1b46aff0ac7afd557b4d3a15c8a60c80f2e00fd1d7d5580

SHA512
81f3d600b24c9843cb4c2d1bdd587bbc84e35b3b7f68614f4698bf0e3dd206a5612cfae1d80fc01612f716e008c4ccb0cc762f6c5f852ec8776680865f690a8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
Filesize
4.0MB

MD5
3a8a5b5d6f8a1297a6eda8302e9934b9

SHA1
768ae8f9ca88534fec319eedaf29086c51dd10b4

SHA256
a5215fea756df3bb4e0a25b9a827f12b22b46754163a4391c4ff5cefc7785869

SHA512
373affce494846620b991bb02c6f0688d712486186d3eef9dd31da040caf0dc5833e70c3ad47192fc1e0f4f8589fb7ef88886f75d48b9baf623bc5fbfee7b52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
92KB

MD5
782c89a9c0e8fc6e3d44d8f53094bcda

SHA1
301a65d1572c40b9d0572a87c9a4f8b430ac961d

SHA256
89a64ce021c0d2feaecb420811a9380f96b7336bb607f765599b91ee22b8604d

SHA512
4cc21f4e566abf755d50c286125e4d8ad080cb8960dc55d9fd307e7f55550fa074ff046b1aaf0a6032e22ac3591c3e4723a4c4aae7cd68dd3d5d5223a839222d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
176KB

MD5
a2a4d4414b1753db76b7980ce6bf0a5a

SHA1
abbcb56544cefb47ca425eaa559a1701415db6a4

SHA256
490fccb627ba0e172a8d0bffef3ffd1e6d9a8868bae7d6a6b0926d13fd501bf4

SHA512
8424061ff20f730f31dc75af9a6fd2d91457efbd21385640b602c6812291040b1d5ddb8f98e35eab60ef67dc0ea5c544974eca8470f8db63e1d23b17aa952e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
176KB

MD5
8663974136f79c2cff0b1751f77b269a

SHA1
3825ab224198e159399c26bbbae276901a94391d

SHA256
c68dd11b24d5cd2d3e93e1b8d18b76cf51de1ace5a8ce86c6fb7908773ab8fee

SHA512
f27430e4e2e029391159fea4e1e74ed858b8e7d182e80ae0d671ba396ef88f18ca35df31f20f5185df7ef134c578c94854c004932ba1b39d60b9be55601b2028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
3KB

MD5
42d4b1d78e6e092af15c7aef34e5cf45

SHA1
6cf9d0e674430680f67260194d3185667a2bb77b

SHA256
c4089b4313f7b8b74956faa2c4e15b9ffb1d9e5e29ac7e00a20c48b8f7aef5e0

SHA512
d31f065208766eea61facc91b23babb4c94906fb564dc06d114cbbc4068516f94032c764c188bed492509010c5dbe61f096d3e986e0ae3e70a170a9986458930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
94fc1e8d591b4ff90c976d1bcf7704ae

SHA1
2656669a2597f6bd7a718736f0a0406f25c4b8b7

SHA256
0bd8d92144461c16c58a74701ca3ef0ff1c07db45787afb9c26c794d726abac4

SHA512
f533f969e188a875456e3acecb5ee840935390664c423de5eb5458efbad15bf792dde630aa8e968f16b5af374b28ce1a3d8b85b1e2166b8e943ca0aa8400f7a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\activity-stream.discovery_stream.json.tmp
Filesize
158KB

MD5
cb263b72a0c1ef7f8ad9f05182092f80

SHA1
893d953b88e45f964f61af89185f895afe7caf80

SHA256
07c22ea923c733117453d4d03bf79097a4cac55fac86431a104fa99a64ec4fd6

SHA512
13add295028f2c89fe7cd05cdfb54210e6c262674ccf0cbe6541ffb5995b007ef8e2ef46fcfbfbf26d762a6225e89dbfa12d8714f3669029e04094d020ba92d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gk41akxr.0nz.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs.js
Filesize
6KB

MD5
c4fd155e94bcfb7fd721fb6939e3fc93

SHA1
c6e8e790341a62129b9283556d5a57f135c31971

SHA256
2baf040c0f462d035579beef0974b07306027ef63e6dff4bb0c9874cd08a1d87

SHA512
93e974d42c4f7ec33888b86db91b99194f99aaabbe7ec40baa8e3c886e3cf617b0d383c066a5bb57414a13437dd689b3ec199c7e062aa81b020fb0eed0ba7c28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs.js
Filesize
6KB

MD5
8be2a3932bca9130df0a531cb3896dd7

SHA1
8a27f9b3dbb73c409a5c5b0beaf070bdb6467540

SHA256
4d789d5168fde9469aeb345400672da5e0df24efd49dd096bea0f679266f4483

SHA512
54e1233d3b4cbc4676057b61de93e9c1d317a78c015392ef5849a0f81dcb5a795b8ea5dc41b3178afdc47aeb2ff082f86e03915d6b0af7135705da081f89cb31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore.jsonlz4
Filesize
884B

MD5
e01fe7bc3fa7910f51d097bfd7306a70

SHA1
c75f10eabbafccd130f05ddd98b9a4ec04a1bdf8

SHA256
ecaa6312c44e1d5a1933854aa51ed43d0357c3dae803aef67b2cdb1712d20da1

SHA512
d29eb0aa33e4cd9af3e22144ef6fd7bdfc949fb9ebc132f2475327f525aac01ebe5dc14c31fea7f4445dcdfa2affb98fe9ca2758a95d42e49c94f4f88d71ed94

Download Submit
\??\pipe\crashpad_3300_SOPIHASHSIIAQYHZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4120_OUMRBUVJTBFIWYVI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\ProgramData\mozglue.dll
Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
\ProgramData\nss3.dll
Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
memory/788-117-0x00007FFE40010000-0x00007FFE40012000-memory.dmp

Filesize
8KB

Download
memory/788-119-0x00007FF743A40000-0x00007FF7472FF000-memory.dmp

Filesize
56.7MB

Download
memory/2424-129-0x0000029BC5A30000-0x0000029BC5A52000-memory.dmp

Filesize
136KB

Download
memory/2424-134-0x0000029BC5CF0000-0x0000029BC5D66000-memory.dmp

Filesize
472KB

Download
memory/2424-149-0x0000029BC5A60000-0x0000029BC5A70000-memory.dmp

Filesize
64KB

Download
memory/2424-133-0x0000029BC5A60000-0x0000029BC5A70000-memory.dmp

Filesize
64KB

Download
memory/2424-153-0x00007FFE23E60000-0x00007FFE2484C000-memory.dmp

Filesize
9.9MB

Download
memory/2424-131-0x00007FFE23E60000-0x00007FFE2484C000-memory.dmp

Filesize
9.9MB

Download
memory/3756-184-0x0000000000400000-0x00000000004A9000-memory.dmp

Filesize
676KB

Download
memory/3756-275-0x0000000000400000-0x00000000004A9000-memory.dmp

Filesize
676KB

Download
memory/3756-262-0x0000000000400000-0x00000000004A9000-memory.dmp

Filesize
676KB

Download
memory/3756-217-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/3756-186-0x0000000000400000-0x00000000004A9000-memory.dmp

Filesize
676KB

Download
memory/4380-414-0x0000000000400000-0x00000000008D6000-memory.dmp

Filesize
4.8MB

Download
memory/4380-332-0x0000000000A20000-0x0000000000A21000-memory.dmp

Filesize
4KB

Download
memory/4380-585-0x00000000040D0000-0x0000000004519000-memory.dmp

Filesize
4.3MB

Download
memory/4380-586-0x0000000000400000-0x00000000008D6000-memory.dmp

Filesize
4.8MB

Download
memory/4380-277-0x0000000000A20000-0x0000000000A21000-memory.dmp

Filesize
4KB

Download
memory/4380-333-0x0000000000400000-0x00000000008D6000-memory.dmp

Filesize
4.8MB

Download
memory/4836-183-0x00007FFE23E60000-0x00007FFE2484C000-memory.dmp

Filesize
9.9MB

Download
memory/4836-158-0x00007FFE23E60000-0x00007FFE2484C000-memory.dmp

Filesize
9.9MB

Download
memory/4836-159-0x000002720A560000-0x000002720A570000-memory.dmp

Filesize
64KB

Download
memory/4836-180-0x000002720A560000-0x000002720A570000-memory.dmp

Filesize
64KB

Download