bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522

Analysis

max time kernel
1800s
max time network
1796s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NordVPNSetup.exe
Size

1.7MB
MD5

59cb69a08fdd9cb4b0539e3356df1d4d
SHA1

0c773a0a76f821780c002d527bee387b98904569
SHA256

bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522
SHA512

51d4f3d396d183bc5dcaaa0a26cf024fade9b5e5c0e73e1d2ee7663ba26bc55e799beb488d5bab8d8252147b33df6ea1209ebd730124a919940e899758842ec2
SSDEEP

24576:u7FUDowAyrTVE3U5Fg23TD2D+Fz3ifFUwo433RfFcdnOtksSm:uBuZrEUWq0t9D7l

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

NordVPNSetup.tmp

pid process

1708 NordVPNSetup.tmp
Loads dropped DLL 3 IoCs

Processes:

NordVPNSetup.tmp

pid process

1708 NordVPNSetup.tmp
1708 NordVPNSetup.tmp
1708 NordVPNSetup.tmp
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

pid	process
1708	NordVPNSetup.tmp

pid	process
1708	NordVPNSetup.tmp
1708	NordVPNSetup.tmp
1708	NordVPNSetup.tmp

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133358881929348668"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1043950675-1972537973-2972532878-1000\{2DB2E4A0-B500-4A0D-AFCA-9883539E19C2}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2096 chrome.exe
2096 chrome.exe
4732 chrome.exe
4732 chrome.exe
Suspicious behavior: LoadsDriver 4 IoCs

Processes:

pid process

656
656
656
656

pid	process
656
656
656
656

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

NordVPNSetup.tmpchrome.exe

description	pid	process
Token: SeDebugPrivilege	1708	NordVPNSetup.tmp
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

NordVPNSetup.exechrome.exe

description	pid	process	target process
PID 4404 wrote to memory of 1708	4404	NordVPNSetup.exe	NordVPNSetup.tmp
PID 4404 wrote to memory of 1708	4404	NordVPNSetup.exe	NordVPNSetup.tmp
PID 4404 wrote to memory of 1708	4404	NordVPNSetup.exe	NordVPNSetup.tmp
PID 2096 wrote to memory of 3824	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 3824	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2636	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2796	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2796	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe
PID 2096 wrote to memory of 2664	2096	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\NordVPNSetup.exe
"C:\Users\Admin\AppData\Local\Temp\NordVPNSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4404

C:\Users\Admin\AppData\Local\Temp\is-6KS0S.tmp\NordVPNSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6KS0S.tmp\NordVPNSetup.tmp" /SL5="$9018A,890440,866304,C:\Users\Admin\AppData\Local\Temp\NordVPNSetup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff9c2389758,0x7ff9c2389768,0x7ff9c2389778
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:2
2⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:2664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5104 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5480 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3196 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2976 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
- Modifies registry class
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4712 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:3276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5300 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5372 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4744 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:8
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3184 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6012 --field-trial-handle=1880,i,4270845236953627180,7238138024671031118,131072 /prefetch:1
2⤵
PID:2308

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2628

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x4f8
1⤵
PID:1628

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x4f8
1⤵
PID:3112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
39KB

MD5
500ecdda9ad3e919a1f41c1588266a1b

SHA1
d5ddf92dc08284a48701a4d3555590bda05f77e0

SHA256
caad3feace9086d27e006d538d2daf4dd50e2b33307232a7db6d5f8c48f73b37

SHA512
5e47a0d0721ec0f9adb5a439ffc98c1b4da780e74270332313f8350f228bdb919d32c4812c6ede84ebae3ead1342c2eaf4c73f4dfca5a87e8887e1b5913c0d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
322KB

MD5
5237a31d4492c89e62910bf9cf2ce259

SHA1
5dc83508c56d2d6d9d9e187617cfac7eb58e1370

SHA256
33c9b584410ebc55343dce79b6cc12edea2f76c32b75bcde2d21a1fc525d3ec7

SHA512
79e261ac4d287026e186f6ce0de0fa6e2d630fa762e9be08f14749bda03eff1e38801cd55cdfa88679eff11ecc54643d2b3585b449521cfdaeb0db0935c5fac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
85KB

MD5
19b5dd2dbf18fb9c2360eba1aebcfa55

SHA1
99b8b603abf57599b36a1cce06d29c518c9e5fb4

SHA256
4e6fa064ae74a19e587389929467407f92746e124b7ad373add13a46a6ce947b

SHA512
5b5241e84d6933fd1bbd1566afb37dc49ad492fa6ec4ade3eb090ec376e3f90e9d4a2fad9c353ed9535ab142e553de0ddf0d945c782e9421d6c76b6c3ec07a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
70KB

MD5
ee6d2175eebfe377461a2b7360c4e534

SHA1
90af93e3a805a4cec4ec30aa72c08ca72304ebd4

SHA256
a539614a5ea7aa4dcfe5f892e94903d8f4b2bb8112fb7ed1039b1f02a816b038

SHA512
bbac1b67327c9ec8148a5e963e89a7d5cab536f8e265d5c92f96facb8cefb59ac84b674dea03474c5add713ed7d1e9c7def2437e18cbd80f1556be9d862f93cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b9740e6aae0714c991255ff4b4fcd4d6

SHA1
9a61519207df60abb7e84bf276af92e0f0b3902c

SHA256
353959b0315e104dcb4c7391bc8094fa5e609b421d2baf926d13d8d18ac9f2f7

SHA512
97e9109a5744be357987dd4d21779cce90fa1ab9f70bfea8467bd23f7809cddc999fff1c5bcff7d306aee953a3aedd2756c7208c2e54efac128e75d9a2f1f583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fef6feca60d5f52a8da47e146f865da7

SHA1
1ed031852f03a6816ca5b373bcbfd5584ec20c04

SHA256
dc26014fa1cb8122e6c29cacd9a42409d921dc3cec7d1b2b69b61a16ba5ea803

SHA512
83bca19e7710c9e02dedcf3d42b1929af38fd3fe8eebb592f5866c3aac4c96121a5271d370d6afe5e3a33889bfc81b07efa78d83bd722e1d5b5b7df7e7bd3ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
21a5a068141ea9f1ef26c9ab81469fe4

SHA1
d835badcbe5c0dbf7c8dfd88d4e9232a22d389bc

SHA256
876944f4b0c170b2e362a0e482343d8f3a46ceeaeeb52a0ee0284014a1c2db81

SHA512
25b2a0c60557d1775a1a180c15bc63b829ae1cfe7febb45b5735e9fc0e102eb08854798372ca4fea97f373c77dd1f62d4c7335ac9aaa5fca83753db02ab9ab57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1bada5b46ed09f6bf4826c493e3ee687

SHA1
9d1f36804c2ee928fdb6ebcd7de961fea9b02420

SHA256
62cd22ecc79a890a7956661b70aa4625155df569f382e7a608e9941840d31c5f

SHA512
8212b7b957c71aadabc0d1dbb1067d2076fc0e40b614918909d0411f4b5ce2b96ee0ccbe517d344f44a0abdbc0d229a6badceeddd0416c6ad99f82fcd1218fcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1d02c2425751d4e1aad7a91880c1fb7d

SHA1
581310dbb3ab1ac883a233c8bb61733114f808a1

SHA256
53d508fa266cb581a5778fd96f1f6c51dd66c66b3eaaefaae537f902acfd645a

SHA512
d1d245d3b06a560efcceeb4a534ad030560ebb9465b0d89be735e073c2050782e825208b88292aaacb3c76a8f43a9b056086fc9a826c091873e1dd0e368b9a47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cb50efe6eacd558d80febd16d7e07f96

SHA1
a5943be56b711a8436cc02ed96fd93da29e51105

SHA256
8fe4b168010177804138a13e0f6f81d6c9437a033b3e5d685305817caed4276d

SHA512
b5d47d018e9589cb93e471d2880e38902978260e3a00e298b313fffbae8dcad7135692cd676d5dc1439fa8d427be3a57b0d904e52596ca24264773c81f59e349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7c0b1502b071d865430bbcc5438638e2

SHA1
518821b4cf4b1774a44e1856ad9ffe451f718eb3

SHA256
19d87572932cee5e29776b5ce9f540cacd9f2985ac4dc69fb091b432b2acf1c2

SHA512
6e926217ec9cc95618297f16c53f1f9a170d969e5c9e057827b0732702140f597d5f923fda35ea011a36c44823b95e43a42b9074a0d9539ddb3b284235f2c5de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
9106b8db002160368bd76e73b43a1f98

SHA1
5b75f8e9cbfc8619713349a9621576cae21d60ec

SHA256
26e56270ffcb98aabc83351d5d703966d88564f3621b36c33a7d43a3412f760d

SHA512
b1ee0cb66a03a002c2caaa5107a0180700db530d2bdd4d64c47162887d7c8fd7ded8d390ad41632b4724556c506be4c26050baf49d6536d4642065ac24f09bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7733aa5959236e8bbf910932fe0b6b69

SHA1
5c7728ebac3388d9a1c01710f5590d9029f79ba7

SHA256
10b06473b6af4e2d67f8ed5409689b4deff904da9a4b8d930c0a50369d1fbcb2

SHA512
02929ffbf69903f16d0dc97074c29a55fa5b31e3ba5c91bd60e7b549acb9172d279f3531fecc11240d4e0e8a2a7242b7248f96d79451353e8214514e06bd6bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7ea13452ebf470644910b37607deb64a

SHA1
8c5847fb024de4fd82b39582fc8d4a1060d07671

SHA256
523a20f99d0450dba9401747191f3a71d80997bddbc1c0f898de3d0846152a2d

SHA512
a875bd7116553e961ea2557a30038a1e0f7029236f64d080907400671a2c6cd43ee2246746815c07aba3a134defa40401c6007661af2f1ee46cfbddbd644581c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17a6ce7c21682b1982c78c32c38f9719

SHA1
bc194e2c5ff457442180f3718cd4500a070535b8

SHA256
9e88d3c6ea37862eda436849985203978e8a099e1d0b053edf23d87179a0b877

SHA512
e7c7cbeeed364fa678fe8411f9ecd57ec86b081aa7a6c32be35069fbacd658e4c5d6b431dd29d637fc255db22a4ab471187a40c4f44e25aa4bee28bc9a9175de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
275f30b7d459950b1b647aa33d67da39

SHA1
e7dd805cad5678601d719be119236d4176bb8452

SHA256
f0a2114f2bbf6f233801a0213aa643148c659e5e664f2174228c9f4130871b35

SHA512
38992a8bd4bdcb95dbc4bf003894311552d18662b880db64e014b5d36274e0599f51d34eb49d745b056d39c163f2f098c489291b25898577174f78fc4f60215f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb4ff286ae46ada63857a6664145bac2

SHA1
e322b7e38f6841f415c3277794ea4f308a2829a0

SHA256
49a5bdae2c1e47d04ad72f34c376a837df17bfe799a55c271a49aed8e6f41e19

SHA512
9004993fa679a280d81139a40cff3e5a738da76be23621887cab929b63e34bec8596c43e4bffa0b35180c0de3c1c9c8d1e5c10cdf805b80fe62f5535a4f13938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
070a68b8918a7f4a8639c3fdbb8bb3d1

SHA1
1706c55d6ab9d79aa4664c57d85f9a829bd315b8

SHA256
00c3c1e8efee94b4d09371ea86773cc68a63204d772329f76896f736a84855f9

SHA512
4fa311ee74e76bc4aba45ef2f17790110d1c3726e83445acc1c11d7c36dbaba8fbac2d4dd43f22e91ac9f004b0b0feb9e3b3d9da1c9114bfa0a71251b83bfccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
984d95e2f50cd66062800656b5ef45b4

SHA1
9ed0b80f49a666930bed6b24133187a5f7237e39

SHA256
e0bfd88530c877841b85ffece9109296daa9ad8f9f584920c1b790529b54dc4e

SHA512
ae227d6f87bd2bca89cb627fdaa726969d6cb516f6821e23750d260a34917c6da45d4f073e6847e5eae0ae930f5907a2a60dff2e25a3bb4612ee443e5b804bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1b22ee874c362cdca19a176cd6e07334

SHA1
e6936c080ea601a64365fb025b635f5a8471a4a4

SHA256
1123d4c90bc2ce515f8c6a6ac2ab5cfa8743cd41effd779655e5c6aec8b6107f

SHA512
d19a1b0d2ceb59d9bdd00008dae875dc2ec36afbe451d76ee2c703bead6c66509b2bb81dc9cad854bc8268e9a19a636e3adcfc61d4a1376a0ea865bad1d5c0ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cb655feb4403ea76f6fd40a208e5439c

SHA1
fe689c973bc2a7f77f27de2729c0c704761281ff

SHA256
5e472ca7afc02fa99abfaf70b55323c1b59c5537a0854672a69311be842d96c0

SHA512
c3e8d940f81c74cf06569d33f61b38bd5645897f9afa9f2689bafd988bc11361d916f1798c03b8d215210aafa1e4f8fe56ffec847798c8062ed6443b671ac15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c42d8c97deebaa11ea7d51e9e5e2212d

SHA1
ded605ce9dc4d357dc4b72b2e7780fe3d9532795

SHA256
b6e224cd524067fb66feecf9c75414f2ccbc6f678810fd423cd5a2262a4493bd

SHA512
1b1dc294b1aa9e1468b4b382c6bb3e668ff51defef1d8ea566ceb12177bfe7075b17da48de2cd54bdfd0ce3913b596d6aa01c3c49794bb7b5cf64f24b4c76bbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2a4512585b9e8b1e104d64e9fbbc0205

SHA1
a5b68b71b5c10b2c083e85d38572a56ea450b1f1

SHA256
a25c6d5b2308fc1d20904ab374bd67be475fca6cac89a7a02f8a6f8f8cc34831

SHA512
77cec6fe5ccf2ee11df4c89f158a46ba000de21e46831bf974bac98ab47e8deddd742afb31c1140e9a713ef63db04d304552c0bb097b0cdc22e5b45a00e5d7fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b3217f9ed6f8726580a69fe75d5b6ca9

SHA1
2fbc0c83fac617f2eae26074c082c50e077ebe3c

SHA256
c7a1882a2896dd59199ec863c0a3b7d056fd9791f25f882d3c266bedf7d82b93

SHA512
0d92822fb255e5daf354235c626e70a1d2685c747038d6e20e9f93ab343100dbdd62e23b8881d25b3e56620fb638c3e9a1d0261f1e77e6f283c374e13a983d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
05aac0e963a081eaae8f8f10bd9929af

SHA1
f6cfee98e4454923a887f3a5eaaff4ef2b79d1ef

SHA256
3255fa98c2c4a701ad0b98d31bba775c34fa09c6805c8c9fa02674f555d726a6

SHA512
96892db500063b12a9990c89b476464c9d915bc0d564a651b5fee762f683f50a9c1313d6cd53ba1a66ca9533a3f4874e32f9276674ee9adc6867e3c70f515fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
41d617b79999c65aed606e119965fe01

SHA1
16cdac0ec1f2384cbfb80d54cc03c1c83ed2f8c1

SHA256
c9896106992651d5b3d8d6a056179685b20a1f1361175ef5fda2ae90b776d07b

SHA512
b908bb4e8bcc511cc3eebb23a7a9561fd780ecd60dbba8a38e706d2d265d8e1cd387b81c52d9de232430b2ce24a624b50b38cbf0a6f6b7ff31e20e8d62ae43b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d23258ac7610c7eef1ed588805553115

SHA1
185609db3e446b16618a007ba44a0c616da7b1eb

SHA256
422ba5bd18f3f9323d7405f946ea8dc9b07a78db75b6ebd8ca5a866378e91b51

SHA512
4755e8fb9535f79b8e3d016a1d0aa318a149dc2f912410e8da85ebfd0876b07993f10839dd246c259dc69199ce501204bd74351155d99383f6d552a63331019d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a1f28fd24317451035837f2b153c5974

SHA1
0e76438239fc6dfa1a45899846f88c78abeb7fa3

SHA256
8620ba32fcae55b2a33b64c76120991c6e75ef0f81d2616f4ae329e1e696bff8

SHA512
dc445fbc7aeca3552c5b364eac3445d79c540f4d26b8610921f7c3bf27eed5d2aea8861c8fb691494e278a9e20f86f41c4cba0ef3675dc3a3d342fa05199b772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
310bf69d5847452de8c1df8c683e5bc8

SHA1
23edb40096c02589ac5453ca275d6596c538f4b4

SHA256
de5184b31eae3374ba822799899b3fd1f0c2c1b87d69e5c08ee8d81fe1c0dd28

SHA512
31fe728bece98c7bda80ae4613a7e30662106d4a04fd483d90d299ecc5d32a3e5447252846d3d5dc4fae9a0ce325cf94b8a936314feff0a6477a514e5737de25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bf000820080d47d6868d5739a27b7d48

SHA1
b71d3e266c4c17de97603fabfe3afbff8708a407

SHA256
83f052d8b5b1b4ce27500513607afab599620916fcd5bac298d1ca2d8bd61659

SHA512
3347647ef50c2547cd058c542055f7b2f320e14cf6399d516086c2270826d89d0900689ca28660a9da48cd0261a249f85da3dc0112ff44eb67ef1c18718b6078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d3dad4690b6324f99bfe7f8bb5de3ef6

SHA1
3bc04dbc3a0fef0074306c0c3f4393f1646df806

SHA256
b6925302b7d4df80eace0d32444f23f76067907534adecadbd6cdc428e39271a

SHA512
1b5838fa1ca6e37b609dd5c81d1cde5e9259f125ccab92104365080f13ef2e7468830c8bbcbeb481ef290bd3197cfaab44b2bff36e3f152766f0d20612ad31a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
332762cfc5ba3e06d0db9656d3015d2d

SHA1
e9f5bf78f7eeeea7fd180f9fb1b5c41a0bdc8fe6

SHA256
12cd89cf481e8a2f3d68d16e420535b1e13a22df6caea115a60e0ff6561d5bbd

SHA512
36fb89a1dfc6a013f00efd937ce46a87ea47dcd3036a86391f922786303c7f906e05199d788bb7a7ec2e1f50f79b7bca9d4eb635bba2b5306d10b2e61721975f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d70310ca91b0929ae4afb6e8a60f898

SHA1
7cbbd9f96d8273a0c59667dbce0625ad85b716bb

SHA256
721e4b5dcd616cbe278ec21350fb6d5479f7650905fd94755edb116cb5441e2d

SHA512
eb30bb80419d0ca07fac88dd1143064a536324c721f20e23d3468c264d9073e6d22cf320258533c123dcb68e5ea6b60d3885ea40b605f6020070efbc323dd7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2ad7e8a1b70852f376dc0ec40b85021d

SHA1
7ce330cb3ae56d7c776f66cc83a47fe645db19e2

SHA256
0810933120db7cfb7604b5cbfde0c313baf4fac1d54ed6b945c784ac59a98e03

SHA512
c7a28efc8d63925ef17e21125e1bfaa153b133a4bb99db19d76c96014d0555462cd4b6331a8bc451c4dec3e72ff195ec46acd01f2e2f302fa521bd8e3b47ddff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d331e8af-164b-4179-a9cf-64bc7455b225.tmp

Filesize
6KB

MD5
0d699f612d42b58d98db9497c4321ade

SHA1
1ff90086f6a1c1bc0ddbcb6f20e46180142a0cdb

SHA256
ae8c56f91f87674d384d5a334aafa8aae590dbd20a9f4ebadd525c09b0e0042e

SHA512
b082bdd367afd15bb2262ba7ab013758b6736133b1857d85dd636f26511dc80edc474e2b243fb841ece9979ce321c0c85c11e852bc717a00cad437787edb5cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
3790bd3502a249910b590a5a3d992861

SHA1
585397af934b6ea5c2a90512e3012c6cb603e4f5

SHA256
d9f51fcf8501ca73a0ffb8b36d51a2c5707f0698071833eed4fa275278656574

SHA512
34e4ce4c34991448b2cb86b9be035feb7da7565dfb522b0a59f642344b5d4be80325f5d4526590fc5ef61a1ff854f83c5847a796e24b97a9a93b1a3753dcbfc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
b99a0a8eb2852abd2294d2e999f039b0

SHA1
9d9d62854620a17e56b8b57ff16c370baf50561a

SHA256
bd01c3cd9edc4c64049de09634f66bee99985f3a2b9ae9c87f4c668022460f88

SHA512
5c6480a71008a202bc64e2cdf266e0debce42fb59ea64e76cce765fcd69950e48681f43eb73256dc4393b11d129a2665a41816d70aed0ca2750b14904dbd24f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
20a3bb2482f4706c559e9665e05eac3a

SHA1
c8503124d646cff9344a058a14dece539201f8ea

SHA256
1f5caba201dd773c1def774f094b167401e8bb5a619e33be823b6a38be67f834

SHA512
900ecb8ff2c9b3e703e4c3201a8b471111ab4f3bea4c1e6894392539d3164146a2f8401de16ebdf35da91c82d3b86be73a30fe4c40f1d2db29e1724976da3cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
48f8fd2cbffb7636a3e422ec6dd2aeaf

SHA1
fce4bb6b1801020c90d1081e8e95ac8ef2658b4c

SHA256
2962fddf748f4e39af7a5ecce939ffb2576e804bc47ea9df02d8118fc4308bcf

SHA512
401acff9f0a3c0be24419193b8e3c93d6cadb765f7d8626fe8a3adcb59ff66919defd9badc0d25f6e2d4357f53ba896ff5332d7b90b448134516116c88555579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
029230f9e75f3b6444439635931e811f

SHA1
e0a358852acf0c98f5f03139f50acd03cacef2b7

SHA256
5ba2386d81618365859630e6c18d0ff8af4fbe007dadc4a1fc40269d35d3ed72

SHA512
aa41f2b89d0ad7992588cd18cd15d632d5ff86ef8b7a16bc23efad5a0b91ac58f9733c2c8f08f3d072d0afe1afe89ec9b826d027bab0e59b49c3b15042b985fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
1f1d34ea2fce98513e4e9b75f577811b

SHA1
d6e29bc95e2fdceb3898956cf7b347980ceacf45

SHA256
be37b86cd73a5975da221a144a764f376ac91561585570aec466c54fb1e34980

SHA512
f7a50339c0a1fda867536797d7a87a4aabcae23c1b5348c8972ca8b8fbf6d26b440218a2de54295be872e9fff5bc00ec53c274593562317aa265ff248afae5c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57eeb5.TMP

Filesize
97KB

MD5
3bea998806f4ed42be67fcb5b1d3b3e5

SHA1
2b1e424b45641efbf40e84d9510baae89cd2ab5a

SHA256
684ae7b80c14089769efbd1411507d5cf26a3d3f28df04a73be36cee6ee76d0b

SHA512
0ce75abaad73cf99845cf916e836f8b5ff4b2e05fd268be46e976958443fb3f46a11fc7d276de142ab476317002f5aae992a814e5f7b322882137576160c18ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6KS0S.tmp\NordVPNSetup.tmp

Filesize
3.1MB

MD5
29ca787f3a0d83846b7318d02fccb583

SHA1
b3688c01bef0e9f1fe62dc831926df3ca92b3778

SHA256
746b972e21acb59e4086b5b25fe53ef2cddcecfa94dd56ad68c8e5bab9960c3c

SHA512
a6c21bf5590dc91a5d9bc729d9c04c20b54341d3270efd2fb7d2b548d7dc7b23a1a351147a07dfd569e901a608cb44533304de10725cb02fec781cada80b8e3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DKPEK.tmp\Nord.Setup.dll

Filesize
40KB

MD5
b18bd486c5718397bc65d77a16ce2593

SHA1
58fe73e27c5c04e6915c5358f698f7fe8c2b5af8

SHA256
0bbf32b0553ca1292602e8c2c0458e075fdee2c8b6ef8ea81e924a86bc065f3c

SHA512
f4ffa1c8983914c41657fecc11c9324caa5899ad875b9687da8ffcf79ab189f19d6f926e16f09f240de9e6b22e26691fae785ed95657af310de5bf6c58ce8e0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DKPEK.tmp\Nord.Setup.dll

Filesize
40KB

MD5
b18bd486c5718397bc65d77a16ce2593

SHA1
58fe73e27c5c04e6915c5358f698f7fe8c2b5af8

SHA256
0bbf32b0553ca1292602e8c2c0458e075fdee2c8b6ef8ea81e924a86bc065f3c

SHA512
f4ffa1c8983914c41657fecc11c9324caa5899ad875b9687da8ffcf79ab189f19d6f926e16f09f240de9e6b22e26691fae785ed95657af310de5bf6c58ce8e0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DKPEK.tmp\Nord.Setup.dll

Filesize
40KB

MD5
b18bd486c5718397bc65d77a16ce2593

SHA1
58fe73e27c5c04e6915c5358f698f7fe8c2b5af8

SHA256
0bbf32b0553ca1292602e8c2c0458e075fdee2c8b6ef8ea81e924a86bc065f3c

SHA512
f4ffa1c8983914c41657fecc11c9324caa5899ad875b9687da8ffcf79ab189f19d6f926e16f09f240de9e6b22e26691fae785ed95657af310de5bf6c58ce8e0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DKPEK.tmp\Nord.Setup.dll

Filesize
40KB

MD5
b18bd486c5718397bc65d77a16ce2593

SHA1
58fe73e27c5c04e6915c5358f698f7fe8c2b5af8

SHA256
0bbf32b0553ca1292602e8c2c0458e075fdee2c8b6ef8ea81e924a86bc065f3c

SHA512
f4ffa1c8983914c41657fecc11c9324caa5899ad875b9687da8ffcf79ab189f19d6f926e16f09f240de9e6b22e26691fae785ed95657af310de5bf6c58ce8e0e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_2096_XRWGZKMQNAUHMCBT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1708-513-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1708-157-0x0000000074720000-0x0000000074730000-memory.dmp

Filesize
64KB

Download
memory/1708-190-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1708-160-0x0000000006170000-0x000000000669C000-memory.dmp

Filesize
5.2MB

Download
memory/1708-159-0x0000000073E80000-0x0000000074630000-memory.dmp

Filesize
7.7MB

Download
memory/1708-191-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/1708-192-0x0000000003AC0000-0x0000000003AD0000-memory.dmp

Filesize
64KB

Download
memory/1708-476-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1708-153-0x0000000003AC0000-0x0000000003AD0000-memory.dmp

Filesize
64KB

Download
memory/1708-514-0x0000000073E80000-0x0000000074630000-memory.dmp

Filesize
7.7MB

Download
memory/1708-139-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/1708-198-0x0000000073E80000-0x0000000074630000-memory.dmp

Filesize
7.7MB

Download
memory/4404-516-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download
memory/4404-134-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download
memory/4404-188-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download